Except nowhere did I mention that Apple hasn't done anything wrong, did I now. You keep on implying I said something or meant something and yet it's not there. My commentary related to what you said was about hyperbole and absolutes, that because security was breached on an instance doesn't mean that security is incompetent and ineffectual in general. It certainly means that it can and should be better, but it doesn't mean that it's just worthless. Again, the real world doesn't work on absolutes, there's far too much in between the absolutes when it comes to reality.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Alert Users Who Installed Apps Compromised by XcodeGhost
- Thread starter MacRumors
- Start date
- Sort by reaction score
No, what you're doing is ignoring my main point, aren't you? You're ignoring it because you have no answer to it: Apple has total control over what you can install on the phone and in the face of this extreme measure it has been revealed it cannot control security on the phone. That's because the control is not about security, it's about greed and just controlling it because they can. Pretty simple.
One breach of security doesn't make security worthless overall. That is the part I have always been responding to. Whatever you might have been using that point to imply wasn't anything that I was responding do. Seems like you had some other pint to make, which is certainly fine, but it wasn't what I was discussing. So seems like you have been ignoring what I've been talking about by focusing on something else entirely.
You're just trying to play down the scope of this security breach (thus the fact that you're apologising for Apple). Apple claimed they are securing the phone by controlling it. That has been proven false. Let's put it another way: this breach has shown that any app submitted to Apple can be malware and Apple cannot detect it. That's not just a minor problem as you're trying to argue.
And no downplaying of anything is happening anywhere. You seems to still be ignoring the one single thing I have been addressing by trying to focus on almost anything else aside from that one particular thing.
Yeah just repeating what I said you were doing inst an intelligent argument. Or maybe you're trying to be funny or clever. Ha. Ha.
How can you tell any host is "illegal" ? You can only know that after someone had done something bad. It's that simple. That's what I said "passive clean-up". You can only add someone to your blacklist AFTER something goes wrong.
It's also not feasible asking developers to submit all target hosts pre-coded in the App for examination, since code 302 is a "legal" HTTP response designed for redirection. If someone is trying bypass the examination, he can temporarily rent a service at a given domain, and disable the service but leave a redirect instruction after his Apps pass.
From what have been studied by the victim developers, the target host of XcodeGhost is "cloud-analyzer.com", a new domain registered by godaddy.com just 6 months ago, just about the time that XcodeGhost is spread. And the transmitted information is :
* OS version, ex: "8.1.2"
* Device type, ex: "iphone5,2"
* Device IDFA (identifier for advertiser)
* App name,
* App bundle ID,
* App language,
* App version,
* Timestamp
So we now have a new App that will collect only the informations Apple allowed, and it will send these "legal" data to some new domain that has no "criminal record". Now please tell me, HOW can Apple identify whether it's legitimate data transmission or not ? Magic crystal ball ? Time warp ? Or Minority Report ?
Last edited: