Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Addresses iOS 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
I was under the impression from the researcher document that if you set a strong password then you can only obtain unencrypted data from open apps. Even then it relies on which security profile the app has selected in their development profile as to what open means.
Even then the user needs to acknowledge trust of the device doing the scan. So needs your password to unlock, or needs access to a computer you trusted in the past.
I haven't seen anything yet to suggest your phone can be compromised unless your security has been compromised generally.
To me we are still sitting at "Alert not Alarmed"
How does this title sound?
Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services
If you mood changes from positive to negative then you know your a Apple fanboy.
What does it say about Andriod fans when they don't know the difference between your and you're.
This disclosure from Apple is highly lacking, and I'm tempted to call it "a bunch of bullcrap". Read Zdziarski's response on his blog
Notice how:
- Apple did not address the kind of data that is aggregated, only claimed "diagnostic purposes". Zdziarski claims a lot of stuff that has no business being sent anywhere is doing that just that.
- Apple did not address Zdziarski's claim regarding the access to ENCRYPTED containers. Why would diagonstics need to routinely access ENCRYPTED data?
- Apple did not address the fact that the "Send diagonstics" switch is not respected by the operating system - data is being aggregated (and possibly sent) regardless of the user's permission and with no warning.
- As mentioned before in this thread, even if the user has opted to encrypt his or her data on the device, the "diagnostic" data that is gathered from encrypted sources is stored unencrypted. Why is this?
If Apple is indeed collecting data for government purposes, they would not be able to admit it. The fact that they have acknowledged having some services that collect data regardless of user permission, begs the question - how many more of these services are there and did not appear in Apple's so called disclosure?
Reading this thread it is obvious that my reply would mostly fall on deaf ears.
Notice how:
- Apple did not address the kind of data that is aggregated, only claimed "diagnostic purposes". Zdziarski claims a lot of stuff that has no business being sent anywhere is doing that just that.
- Apple did not address Zdziarski's claim regarding the access to ENCRYPTED containers. Why would diagonstics need to routinely access ENCRYPTED data?
- Apple did not address the fact that the "Send diagonstics" switch is not respected by the operating system - data is being aggregated (and possibly sent) regardless of the user's permission and with no warning.
- As mentioned before in this thread, even if the user has opted to encrypt his or her data on the device, the "diagnostic" data that is gathered from encrypted sources is stored unencrypted. Why is this?
If Apple is indeed collecting data for government purposes, they would not be able to admit it. The fact that they have acknowledged having some services that collect data regardless of user permission, begs the question - how many more of these services are there and did not appear in Apple's so called disclosure?
Reading this thread it is obvious that my reply would mostly fall on deaf ears.
Forget this is Apple for a moment, anybody that believes any company 100% is most definitely a blind fanboy. Companies hide and re-interpret things all the time, most especially with large ones. They may have lots of procedures in place but ‘engineering’ always reports problems that finance or PR says to ignore or ‘fix’.Call me an Apple fanboy or whatever, But I 100% trust Apple.
I know Steve Jobs cared 100% about this company. The man stopped working only when it was physically impossible for him to go to work. I heard he even was talking about the iPhone 5 a day before he died to Tim Cook.
I know I know I shouldn't compare Steve to Tim. But I also believe Tim cares just as much as Steve did about Apple. They are honest and truly care about its products.
Im lovin there transparency to prove these Apple bashers wrong!
I’d be embarrassed to make a statement like that, if that was how I truly felt.
Even not for profit concerns like charities hide stuff, sheesh. WTF is being smoked around here???
Last edited:
It's a good test, emotionally, but if you're judging in terms of how much you would believe said company when they made the claim, the existing track record of the two companies when it comes to being honest and upfront about how they use user data is not exactly equivalent.How does this title sound?
Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services
If you mood changes from positive to negative then you know your a Apple fanboy.
It doesn't mean I automatically assume Apple is telling the truth--they're still a big company, and I'd never trust anyone that blindly, let alone a giant corporate entity--but to date they have a reasonably good track record when it comes to being upfront about things relating to use of consumer data and privacy. Not perfect, but they were at the front of the line providing and enabling Do Not Track by default, for example.
Google, on the other hand, having a business model entirely predicated on invading my privacy "right up to the creepy line" and a number of past instances of behavior or corporate culture ranging from flagrantly creepy to outright illegal, has set itself a much higher bar when it comes to believing anything they say in terms of user data and privacy. A few years ago, I tended to give them the benefit of the doubt, but they long since burned any goodwill they might have earned by doing things like DRM right.
Indeed. At best, one should apply that Russian proverb popular during the cold war--trust and verify. And that's being generous.
Funny thats what I thought. At the end I dont know whether to decide between;
1. This is the new Apple under cook and thats why we have this kind of, (albeit very carefully worded statement as Id bet my life and everybody elses that theres more to it than they say).
2. Apple are really spooked and rushed out a statement. If they are spooked there must be a reason.
I work for a very large, (a few 10s of billions of dollars), US company that has all of that rubbish they like to do. Ethics training, Anti Corruption training etc etc. Look closely at the wording and boy what a crock!
----------
I kind of think that too but even Fanboys are entitled to an opinion. Sometimes they change our opinions for the better. Thats why we all reply as we like to see others point of view even if we ultimately poo poo it.
How does this title sound?
Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services
If you mood changes from positive to negative then you know your a Apple fanboy.
lol. you have a point there.
"- com.apple.mobile.file_relay: Used on internal devices and can be accessed (with user permission) by AppleCare for diagnostic purposes on the user's device. "
I can vouch for this one..
Any problem with an iOS device Apple sends the user an email which grabs info related to the device, then sends it back...
It's not like Apple can reach in at all...
The user must click on the link in email... Thus, its user controlled,so i believe Apple here.
Besides, any dubious questions are going to target closed source code anyway mostly, so this is understandable.
Some expert decides they wanna stick their nose in, and disrupt a company's "own security" Really ?
A billion+ people use iOS.... there is NO single user out there that that's not security aware ? I doub't that.
I had to do this last week.
I can vouch for this one..
Any problem with an iOS device Apple sends the user an email which grabs info related to the device, then sends it back...
It's not like Apple can reach in at all...
The user must click on the link in email... Thus, its user controlled,so i believe Apple here.
Besides, any dubious questions are going to target closed source code anyway mostly, so this is understandable.
Some expert decides they wanna stick their nose in, and disrupt a company's "own security" Really ?
A billion+ people use iOS.... there is NO single user out there that that's not security aware ? I doub't that.
I had to do this last week.
My first guess when I read about these "backdoors" was that there probably was a legitimate use for all of them and they were there for uses where the full device encryption introduced in iOS4 would become an issue. The obvious clue was that it required a paired machine the user of the iPhone had to confirm before the encryption related keys would be shared. For a data thief or spy this would mean that they would have to trick the target first into pairing their phone with one of their devices before being able to even decrypt any of the data.
However I doubt this will do anything to deter the anti-Apple diehards who will keep on using this as evidence of ether NSA backdoors or Apple's shoddy security.
Complaining about this is like complaining that a door is a security risk because you can leave it unlocked if you want to...
However I doubt this will do anything to deter the anti-Apple diehards who will keep on using this as evidence of ether NSA backdoors or Apple's shoddy security.
Complaining about this is like complaining that a door is a security risk because you can leave it unlocked if you want to...
Personaly I do not care much about android security simply because I use an iPhone.
That is exactly the reason why I do not think it is a valid point when someone states "ah well security on product x is weak....but on product y it is far worse, so x is awesome" (I know you did not make that point but some may take your post and twist it that way
)
I completely agree with you and I don't know why more people aren't being more sceptic and just blindly following apple. That 'support document' simply does not go into enough detail for me or address the concerns Zdziarski's report highlighted.
For starters, he talks about how much of the information on your device remains unencrypted/accessible as soon as you unlock your device from boot and until you restart it. That's not what apple is claiming here.
I honestly have lost my faith in integrity for apple, and now highly doubt how 'safe' osx is also. Before all you whiners tell me to move to another phone or OS, I don't trust apple, but I certainly don't trust google or Microsoft either. NONE of these companies are to be trusted if you value your privacy. Use them as if you would use a work or enterprise device where you know what you do is easily accessible at any time.
I am surprised anyone is defending Apple here.
That said I'm sure the other big tech companies do similar stuff.
That said I'm sure the other big tech companies do similar stuff.
Just a thought:
Apple could be lying about all of this. Just because you say your code does one thing doesn't mean that's actually what it does.
Also, the name of the third service is really weird, I think, for what Apple says it does.
House Arrest -> File Transfers?
The name sounds like something the government does to penalize and control citizens... I don't see how it relates to what Apple says it does.
Apple could be lying about all of this. Just because you say your code does one thing doesn't mean that's actually what it does.
Also, the name of the third service is really weird, I think, for what Apple says it does.
House Arrest -> File Transfers?
The name sounds like something the government does to penalize and control citizens... I don't see how it relates to what Apple says it does.
Diagnostic information is not personal, only shows crash logs and whatnot. It's also freely available to browse in settings. It is also used by Apple if you need your phone serviced, and cannot be retrieved without your personal consent.
Diagnostic information is fine. Unless you're afraid the government might find out you have the Grindr app on your phone.
----------
Diagnostics isn't storing any of that, either. Open your settings and browse through the diagnostics. It doesn't store any personal information.
----------
Just stop using a smartphone, alright? No matter what Apple or many other company claims it will do, you'll never know for sure that your phone is safe. I'm surprised you tin foil hat types even feel comfortable even owning a smart phone.
Why would Android's security questions matter to a person using an iOS device?
What if Android did address their security questions? Would that somehow change the issue for Apple?
You're doing what my kids try to do; blame shifting. One gets in trouble and decides to tell on the other thinking what they did will be magically forgotten.
It doesn't work for my kids and it's not working here.
People on here are aren't very smart. You 100% trust Apple??? Do you also trust the ever interfering governments and their spy agencies around the world too then?
I mean, it's a way of life now that you are constantly spied on, it goes in hand with the technology we all now use. But to 100% trust a giant corporation is wrong! Especially in this day when they ARE hacked and all your non encrypted data is stolen and posted on the internet, or sold to the highest bidder.
It's also funny when you look into it, Apple is a damn site more closed and secret with what it does with your data then Google is.
No need to wear a tin foil hat, but it is worth while being a bit cynical when it comes to your data, or data collected from you and what is done with it.
I mean, it's a way of life now that you are constantly spied on, it goes in hand with the technology we all now use. But to 100% trust a giant corporation is wrong! Especially in this day when they ARE hacked and all your non encrypted data is stolen and posted on the internet, or sold to the highest bidder.
It's also funny when you look into it, Apple is a damn site more closed and secret with what it does with your data then Google is.
No need to wear a tin foil hat, but it is worth while being a bit cynical when it comes to your data, or data collected from you and what is done with it.
Last edited:
Every mobile OS on every smart phone in the United States has been compromised for years. I think even the feature phones are traceable, whether their GPS chips serve the end user or not.
Apple's (or any other company's) disclosure of secret cellular functionality mandated by the government will always be carefully scripted and is just a bunch of bread for Obama's circus.
Are you not entertained?
Apple's (or any other company's) disclosure of secret cellular functionality mandated by the government will always be carefully scripted and is just a bunch of bread for Obama's circus.
Are you not entertained?
You should open Event Viewer and start fuming about the amount of information a PC collects on you..
Your sentence is missing a question mark. You spelled Android incorrectly. What does that say about you?