Apple's iPhone Spyware Problem Is Getting Worse(wired.com)
wired.com
Apple's iPhone Spyware Problem Is Getting Worse
https://www.wired.com/story/apple-iphone-spyware-101/
23 comments
It is a terrible anti-pattern.
It doesn't even tell you enough to know which device it is talking about. Much less first class context information, like the fact that it is just an access renewal.
It doesn't let you review the information and disable the access if somehow it was a security problem.
Virtually useless, misleading, and unnecessarily alarming, as you say.
It doesn't even tell you enough to know which device it is talking about. Much less first class context information, like the fact that it is just an access renewal.
It doesn't let you review the information and disable the access if somehow it was a security problem.
Virtually useless, misleading, and unnecessarily alarming, as you say.
These articles scare my mom and she gets convinced she will be hacked. I wish there was a way to write stories like this to make it clear it's a real, important issue, but not directly to you. Mom banking on an iPhone is the safest way to bank yet invented, but she sees articles like this and ends up thinking exactly the opposite.
Also, recommending to normal people that they should use their iPhone in Lockdown Mode (as this article does) is terrible advice. It comes with some significant tradeoffs: https://support.apple.com/en-us/105120
Lockdown mode? I might as well surf the web in a Linux terminal and use a flip phone.
>Mom banking on an iPhone is the safest way to bank yet invented, but she sees articles like this and ends up thinking exactly the opposite.
I do not know why people think this. I make sure nothing Financial Related is on any kind of Cell Phone. With the closed system, you have no idea what Apple or Google is seeing.
I miss the days before Cell Phones, where there were a lot of regulations surrounding Land Lines.
I do not know why people think this. I make sure nothing Financial Related is on any kind of Cell Phone. With the closed system, you have no idea what Apple or Google is seeing.
I miss the days before Cell Phones, where there were a lot of regulations surrounding Land Lines.
With the closed system, you have no idea what Apple or Google is seeing.
I think you have the 'inaccurate bits of conventional wisdom' reversed. People have a pretty good idea of what Apple and Google see and banking on your iPhone is safer than driving to the bank.
I think you have the 'inaccurate bits of conventional wisdom' reversed. People have a pretty good idea of what Apple and Google see and banking on your iPhone is safer than driving to the bank.
> People have a pretty good idea of what Apple and Google see
You say that, until: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
One can really never know what happens with their data server-side. At this point, we barely even control what happens client-side too.
You say that, until: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
One can really never know what happens with their data server-side. At this point, we barely even control what happens client-side too.
[deleted]
You are exactly the audience being misled by these articles. Apple or Google aren’t secretly screen recording you and couldnt care less about your bank account.
All I can say to this is "prove it".
If on Linux or a BSD, people can analyze what is happening by inspecting packets, seeing what is saved and being sent on the system. That cannot be fully done on phones.
If on Linux or a BSD, people can analyze what is happening by inspecting packets, seeing what is saved and being sent on the system. That cannot be fully done on phones.
It can be easily fully done on phones.
Not to the degree that a full-on conspiracy theorist will believe it - like the people who actually think that Apple telling us not to "close" iOS applications is actually some 5th dimensional chess Tim Cook is playing to get people's phones wear down more or something.
But enough to convince the best security experts I know and have heard of. That's enough for me.
Not to the degree that a full-on conspiracy theorist will believe it - like the people who actually think that Apple telling us not to "close" iOS applications is actually some 5th dimensional chess Tim Cook is playing to get people's phones wear down more or something.
But enough to convince the best security experts I know and have heard of. That's enough for me.
Devil's advocate: User data is now more valuable than user consent or user trust, seeing as consumers are locked in to a few brands and AI is the way of the future.
I find it especially difficult to believe that Google has any moral qualms about extracting every bit of data possible.
I'm not saying they are, I'm saying it's based on trust and that trust has been broken.
I find it especially difficult to believe that Google has any moral qualms about extracting every bit of data possible.
I'm not saying they are, I'm saying it's based on trust and that trust has been broken.
Google wants all the data it can get on you that won't get it in serious legal hot water. Which is all quite sketchy.
But, extracting your financial information is so far into the boiling ocean of criminal prosecutions and mass customer abandonment, that they are heavily incentivized as an ad company, and operating system developer, to make sure that neither they nor anyone else can get that information.
That doesn't mean there can't be security gaps that could reveal financial information, but Google is the one looking to prevent them, and plug them when found, not leverage them.
But, extracting your financial information is so far into the boiling ocean of criminal prosecutions and mass customer abandonment, that they are heavily incentivized as an ad company, and operating system developer, to make sure that neither they nor anyone else can get that information.
That doesn't mean there can't be security gaps that could reveal financial information, but Google is the one looking to prevent them, and plug them when found, not leverage them.
https://www.theverge.com/2022/11/22/23471842/facebook-hr-blo...
If Facebook ads has it , don’t other ad systems have to compete ?
If Facebook ads has it , don’t other ad systems have to compete ?
User trust is the most valuable thing, because they won't give you money at some point if they don't trust you.
User data is more like nuclear waste whose identifiable storage must be avoided as much as possible.
User data is more like nuclear waste whose identifiable storage must be avoided as much as possible.
Buy her Android
> Mom banking on an iPhone is the safest way to bank yet invented,
Maybe second safest. Nothing beats Android's mobile record.
Are you unaware of Pegasus/ NSO Group? They are doing laps around Apple with 0 clicks. Android still requires you to manually go to a website, download something, approve installs from browser, etc...
Maybe second safest. Nothing beats Android's mobile record.
Are you unaware of Pegasus/ NSO Group? They are doing laps around Apple with 0 clicks. Android still requires you to manually go to a website, download something, approve installs from browser, etc...
It's not that surprising to see China's PLA create their own Pegasus-style program. The focus on iOS is also not too surprising, given that most high value targets are potential Apple customers. I'm not sure if this speaks to a lack of security capabilities of iOS compared to Android, which seems to be implied by the article.
Also, with China banning iPhones for some government agencies, it becomes an "us vs them" problem, instead of a general iOS security issue.
The problem with tech (especially software) is that spyware is often a core component of the business model. Apple spies on its users in the same way as these 3rd party tools. It’s almost worse because in Apple’s case, the users “consented” to it in the Terms & Conditions popup. At least the “spyware” company can’t throw a contract in your face when you attempt to collect damages.
https://archive.md/XWbwf (unpaywalled)
[deleted]
This problem either causes undue concern on behalf of the account holder, or trains them to dismiss these messages without verifying the potential intrusion. Neither are good outcomes for security of the Apple account.