You're being sarcastic, but isn't this all just... correct?
Yes, I do trust the company that developed Secure Enclave more than I trust random BLE firmware in a $49 Alibaba watch.
More importantly -- my great-uncle can trust the same thing, because Apple has spent decades building that trust. Consumers generally should not trust random hardware. Apple is not random hardware.
Google, Samsung, Pebble, Amazon, Microsoft, Sony, etc. have also spent decades building trust and don't build random hardware. But that doesn't matter because Apple locks them all out and insists you remain within their walled garden where it alone profits from you.
If you don't want a future where you have to buy Apple milk to put in your Apple fridge (because the fridge stops refrigerating if you try putting any other brand of milk in it, citing "security issues") -- or worse, you can't get your Amazon fridge in your Apple house because it cites nebulous reasons and refuses to open the door - get out of the reality distortion field and accept that it is in people's interests for one item to work correctly with another, and to call venal vendors on their "oh but it wouldn't work or it wouldn't be secure" bullshit.
That’s not the point, though. Any method by which apple exposes APIs to Samsung, Google, etc:
- requires immense development effort and expansion of security surface area
- STILL offloads trust to Samsung, Google, etc
The hyperbole here is a little hysterical. Apple doesn’t totally lock out third parties. In the smartwatch example, it is a very specific set of features which involved passing data (which users expect to be e2e encrypted!) back to Apple. That’s an extremely hostile security environment! Product tradeoffs would absolutely have to be made in order to support arbitrary third parties! I don’t think it’s fair to just demand that Apple make their product worse without at least exploring the balance.
Anywhere Apple trusts itself is a place where they can trust a third party.
Anywhere Apple wouldn't trust a third party is a place it should not trust itself either.
It doesn't even have to be arbitrary third parties, it can be Apple's chosen third parties. But they'll choose nobody, because they love lock-in too much, and they'll tell the rubes that it can't be done or it's too hard. That's just bullshit, and they know it. They do it to lock out competitors, so they alone can juice their existing users.
The only thing that can open up Apple is regulation -- and as we've seen in with Apple's spiteful attempts at compliance with EU DMA rulings, it makes up arbitrary criteria calculated to maximally lock out and frustrate business rivals. It's like it's trying to come up with a compliance solution that the EU might accept but would result in as few competitors as possible able to actually use it, ideally zero.
> Anywhere Apple trusts itself is a place where they can trust a third party.
This quite literally could not be further from the truth, and to suggest that it is true reflects such a comprehensive misunderstanding of both the fundamental nature of computer security and the practical realities of the world in which we live that it's not really possible to continue the conversation productively
Yes, I do trust the company that developed Secure Enclave more than I trust random BLE firmware in a $49 Alibaba watch.
More importantly -- my great-uncle can trust the same thing, because Apple has spent decades building that trust. Consumers generally should not trust random hardware. Apple is not random hardware.