Apple has done its best to secure customer privacy not only from bad actors and the government, but even from Apple itself, something that is certainly not true of Google. Apple went to the mat to protect its customers from the FBI. That earns ️<3 from me. Do I think Google would look out for me like that? Hahah, no, I do not think so.
Does this mean these vulnerabilities were not real and serious? Not at all. But Apple took them seriously and reacted quickly. Nobody's perfect, but they deserve a lot of credit for their hard work on security.
> Apple went to the mat to protect its customers from the FBI. That earns ️<3 from me. Do I think Google would look out for me like that? Hahah, no, I do not think so.
Google literally led the charge on pushing back & publishing government data requests and Google is almost entirely why it's legal to disclose ranges of FISA and NSL requests in the first place. They've been doing transparency reports on this for years, far longer than Apple.
There's a lot you can complain about with Google. But this isn't one of them.
No dog in this race really, I'm pretty much against all of big tech on privacy grounds.
That said, I have to say that from my perspective, it seems pretty clear that Apple is light years ahead of Google where privacy and security are concerned.
I try never to even touch Google properties or products, because it's tantamount to making whatever information you provide to that service public. That's kind of how I think about it. Everything I put into google maps, google apps, gmail, whatever, will be open for the entire world to see at some point. Either a leak by google, or google shares with someone who gets hacked, or maybe through a court case where stuff from 10 years ago pops up in court records or whatever. I mean, if that doesn't happen, great. If it does though, no biggie, I behaved as if it would happen from day one.
Of all the dangerous big tech companies out there, Google and Facebook are, to my mind, unquestionably the most dangerous. And by far the biggest threats to the privacy and security of the average person.
> Apple is light years ahead of Google where privacy and security are concerned.
Privacy I'd agree, but security? Apple's security track record is straight up hot garbage. Their cloud security is a complete joke (iCloud has been hacked how many times now?). Google's cloud security meanwhile has a stellar record. Outside of cloud yeah Apple has lots of security buzzwords, but they still are repeatedly hacked. We are, after all, talking about a post where 5 different 0-days were actively exploited on iOS. And just about every release of iOS has had critical escalation vulnerabilities (aka, jailbreaks) - such as the CoreTrust bypass exploit in iOS 12 ( https://gist.github.com/pwn20wndstuff/a57b213a6f8c75cb3b9a8c... )
Android has an update problem, but between all the hardening that's been done there (such as extensive selinux policies) it's pretty fucking solid, and is backing that up with results.
The platform itself has not been hacked, so I'm not sure what you're trying to say here. All the "hacks" against iCloud have been social engineering and/or user exploits. I don't see how users re-using passwords across sites or using weak passwords makes iCloud security a joke. Some of the impetus has to fall on users to be responsible for their own data.
Back when Chrome was based on WebKit, IIRC Chrome team found and fixed oodles and oodles of bugs in WebKit, because WebKit wasn't even using fuzzing, or not enough fuzzing. Even as late as 2017, fuzzing was still finding significantly more security issues in Safari than other browsers: https://www.securityweek.com/fuzzing-reveals-over-30-web-bro...
Also, when discussing iCloud, you need to distinguish between the backend service, and the frontend service. There have been significant CVEs found in the front-end client. Apple doesn't run many front end Web services, so there's less to exploit. They also don't allow you to host executable code like AWS, Azure, and GCP, so the attack surface is much more confined.
That Google has exposed their infrastructure to the unforgiving nature of the Web for 2 decades, with exploits few and far between, is a testament to the quality of the security engineers.
The most secure device on the planet, isn't iOS, it's Chromebooks. Look at the defense-in-depth used on Chromebooks to isolate execution: https://www.youtube.com/watch?v=pRlh8LX4kQI
> All the "hacks" against iCloud have been social engineering
Which would be a strike against Apple...
> I don't see how users re-using passwords across sites or using weak passwords makes iCloud security a joke.
Logins from new locations is the type of thing other cloud services (like Google or Facebook) protect against by requiring a challenge to proceed even if 2-factor is not enabled.
iCloud only working when the user holds it properly is a very Apple-esque thing, but also still bad. Particularly their 2FA is pretty bad and can be easily bypassed. Because, you know, that good UX flow is preferred to actual security.
Oh come on man. Are we really saying that Android has no security issues?
I'm gonna do you a favor and just not talk about how naive and fanboy-like that statement was man.
And google cloud's security, I assume you mean the AWS competitor, is being compared to iCloud social engineering hacks? Uh, yeah, I mean, since iCloud is consumer level, no surprises there. As far as consumer level offerings, hey, Google already has the location or whatever other data, so they can already use it to try to sell you cheap plastic Oklahoma City Thunder dart boards or whatever. Your privacy and security are violated every time it happens.
Maybe I'm just being too fundamentalist in my view? But that's just how I see it. Every time an entity uses my data for something I did not intend, it is a security and privacy violation. Google's entire business model is literally built on violating both, which is why I avoid their products like the Plague.
>Apple went to the mat to protect its customers from the FBI. That earns ️<3 from me. Do I think Google would look out for me like that? Hahah, no, I do not think so.
They implemented countermeasures on their devices to prevent the exact situation where the FBI would compel them to produce a signed, backdoored, firmware like they wanted Apple to do after San Bernadino.
If this works as described and there are no tricks (such as Google changing your account password from their servers to a known password and then logging in), then that is a great step in the right direction.
A very important next step would be to make this a required feature for all handset developers who wish to use Google services such as the Play Store. As long as it's a niche feature only used on the Pixel, it's more of a good gesture than a substantive benefit for users.
I appreciate the good things Google does for me; they are many. But I don't think protecting my privacy, much less securing my data even from themselves, is their priority.
Funnily, I don't think there is any other company that protects users private data better than Google. Not military, not Apple, none of them come closer to it.
Google are good at preventing people hacking their servers, but they also broadcast your private data to thousands of third parties every time you open a webpage. Facebook and Google's approach to data security is lock it down so only they and their partners can access it. It does nothing for your privacy.
> Apple has done its best to secure customer privacy... That earns ️<3 from me. Do I think Google would look out for me like that? Hahah, no, I do not think so.
Both Apple and Google are NSA's PRISM partners, Hahah. It's amazing how short some people's memories are.
> Apple has done its best to secure customer privacy not only from bad actors and the government
Apple's marketing people would like you to believe that. In actual fact, only Apple has handed over the data of its iCloud and iMessage users wholesale to the Chinese government. Not Facebook. Not Google.
> Do I think Google would look out for me like that?
Google has done this repeatedly according to its transparency reports. The only difference is that Apple lied to its customers that it was "not technically feasible" to comply with data requests and then silently removed that claim after the FBI showed that to be false.
If you want more lies that magically disappear, Apple is more than happy to comply. More recently, Tim Cook posted, “We have also never allowed access to our servers.
“And we never will.”
That's gone too after the China collaboration, with "our servers" replaced by "Apple servers." Maybe technically the servers that Apple set up in China are not "Apple servers" and instead Guizhou servers, but that is not a useful distinction to the users whose data is now freely accessible by the CPC, and so Apple deceives its users with a wording change without any announcement of policy change or any apologies.
Apple will and did surrender iCloud data to LE, so would Google.
they denied unlocking the device or implementing backdoor in the future, which I believe is not feature any other vendors have implemented.
And let's not forget that the device apple was so eager to protect belonged to already dead terrorist, as far as average user is concerned that was a PR stunt.
Apple wasn't eager to protect the device of a terrorist. They were eager to protect everyone's devices. Opening up access to "the terrorist's" device would open up that access to every device. I, personally, think they made absolutely the right call.
Does this mean these vulnerabilities were not real and serious? Not at all. But Apple took them seriously and reacted quickly. Nobody's perfect, but they deserve a lot of credit for their hard work on security.