Apple's Craig Federighi: Mac Not Meeting the Bar for Customer Protection

[arvinsim]

Aside probably being illegal, how would that help? The ability to side-load means apps not signed by apple can be run on my phone. That means i could be browsing a website, and if there’s a bug that is exploited (as has happened numerous times on macos and windows), an app can be silently installed on my phone and run without me even knowing it.

And why do you assume installations would be silent?

 

[bwayne]

Fortnite is malware for children’s brains.

 

[hot-gril]

And why do you assume installations would be silent?

Doesn't matter, it's too late, warranty voided. But it would be silent. The past bugs allowed jailbreaking the device entirely via the web browser, so anything is possible if we're assuming such a vulnerability is found.

 

[hot-gril]

He's telling the court that, if they could've built the Macintosh ecosystem from the ground up again (like they did with iOS in the mid-2000s), they'd have done it the way they did with iOS.

Computers are legacy tech and come with consumer expectations (installing your own software, willingly making your machine more vulnerable to malware, spyware, ransomware, etc.) that are simply outdated for the purposes of modern cybersecurity.

It isn't a "dig" at MacOS -- it's an acknowledgement that it's really hard to build a computer that's secure.

I'm still surprised there's no good sandboxing system in macOS. Most Mac users don't need to hand over the entire userspace permissions to software they install.

 

[hot-gril]

Of course, one crucial difference is that no-one wants to run anti-virus or malware software on their iPhone, but most sensible people do run some kind of anti-virus or malware on their Mac with very little consequence other than reducing the risk of malware even more than by having MacOS alone.

Uh no, anti-malware on Mac is more often malware itself than actually useful, and I don't know anyone using it. Personally never had an incident since getting my first Mac in 2003.

 

[hot-gril]

Outside of behemoths like Epic with Fortnite, who has an app so important that people are actually going to go into their phone's developer options and enable third party app installation to install it? These chicken little arguments are why I have little sympathy for Apple in this case.

After the big ones do it, everyone will be used to it.

 

[brofkand]

Extremely doubtful. If that were true, no major OS vendor would ever need to release security patches ever again. And a secure OS require secure hardware, which also may not be realistic (see Meltdown and Spectre, et.al.)

macOS and Windows 10 are far more secure than their predecessors. All OSes need security patches, even iOS.

 

[jonnysods]

Oh boy, they better not lock down the Mac - they are already colliding a bit too much as it is.

 

[Abazigal]

TL;DR The status quo favors me so sucks to be you.

Why do you think I am an iPhone user in the first place?

 

[tranceking26]

I hope this doesn't mean extra lockdowns on macOS 12... people wouldn't be happy.

 

[thefourthpope]

They say security, but all I hear is App Store revenue.

In this situation, I think the two are part and parcel.

 

[LDN]

Epic Games really want to destroy the iPhone experience for hundreds of millions of people as we've known it for over a decade, because they had a tantrum at paying the same tax they pay on consoles anyway. All of this, for some toddler's game. I hate that company now, never seen something so myopic and stupid. I thought Tim Sweeny was a smart guy.

 

[villagehiker]

Epic Games wants the judge to force Apple to allow multiple app stores on iOS, similar to how it works on Mac, which would allow users to install apps that have not been reviewed by Apple. During questioning, Federighi was asked why app stores on iOS shouldn't work like the Mac, where apps can be installed via the Mac App Store or from third-party sources.

Epic needs to lose this. The world already has the Android for those you want to download security risk software. But that is not real point. Epic wants to play as publisher. It is not. Epic is the author. Apple is the publisher. In the world of book publishing, authors receive more or less 15% royalties. Authors on the App store receive 70% royalties. Yeah, Epic makes cool software, but I can live without it. Epic needs to stop whining or just exit from the Apple ecosystem. We don't need another Android.

 

[TheMacDaddy1]

Of course, one crucial difference is that no-one wants to run anti-virus or malware software on their iPhone, but most sensible people do run some kind of anti-virus or malware on their Mac with very little consequence other than reducing the risk of malware even more than by having MacOS alone.

I have never run anti-virus on any Mac and have never had malware.

Smart computing plus Gatekeeper has been just fine.

 

[nph]

"Epic needs to lose this. The world already has the Android for those you want to download security risk software. But that is not real point. Epic wants to play as publisher. It is not. Epic is the author. Apple is the publisher. In the world of book publishing, authors receive more or or 15% royalties. Authors on the App store receive 70% royalties. Yeah, Epic makes cool software, but I can live without it. Epic needs to stop whining or just exit from the Apple ecosystem. We don't need another Android."

Definitely agree!

 

[1258186]

For decades Apple has been telling us the Mac is a safe platform devoid of security problems which is why we should chose it over Windows. Now Craig is saying the exact opposite and the Mac is not a safe platform. Wow.

 

[mistasopz]

Users ITT:
"Lock the iPhone device down as much as possible, I can't be trusted to make decisions about where I install from and what I install. But don't lock macos down, I can make my own decisions about where I install from and what I install."

 

[JKAussieSkater]

Malware / Spyware on a computer is inconvenient, possibly dangerous financially.

Malware / Spyware on a device you might need to call 911, or that can be used to track you down to the foot with GPS, is possibly deadly.

Huge, huge difference.

You’re grasping at straws.

I shouldn’t have to explain why, but I guess I do. If you notice your phone is unable to make phone calls, you’ll get your phone serviced immediately. The probability of 3 events colliding ( ① Malware developer hijacking 911 calls specifically ② User failing to notice phone calls can’t be made ③ User needing to make a 911 call ) are far slimmer than the probability of dying in a car accident.

 

[1258186]

Craig could be lying (unlikely) or Apple have done this intentionally to justify a move towards a closed system of apps for the Mac. Apple under Tim Cook seem to be mimicking China under Xi by becoming increasingly authoritarian and controlling. As a long standing Mac user I find this a very depressing situation.

 

[JKAussieSkater]

No kidding, I don’t want my computer to be an iPad, that would be awful.

…or an iPad without a touchscreen, for that matter!

 

[1258186]

You’re grasping at straws.

I shouldn’t have to explain why, but I guess I do. If you notice your phone is unable to make phone calls, you’ll get your phone serviced immediately. The probability of 3 events colliding ( ① Malware developer hijacking 911 calls specifically ② User failing to notice phone calls can’t be made ③ User needing to make a 911 call ) are far slimmer than the probability of dying in a car accident.

How many hackers attack the phone part of iPhone? I’ve never heard of that on any platform. You are just as likely to miss malware on your iPhone as you are on your Mac. If anything I’m safer on the Mac because I have virus protection constantly looking for security issues.

 

[JKAussieSkater]

The 9to5Mac article included this helpful quote from Federighi:

Federighi’s analogy is that the Mac is like a car:

The Mac is a car. You can take it off road if you want and you can drive wherever you want. That’s what you wanted to buy. There’s a certain level of responsibility required. With iOS, you wanted to buy something where children can operate an iOS device and feel safe doing so. It’s really a different product.

You’re right, this is a helpful quote! It turns out iOS devices are children’s toys. Well, I don’t appreciate Federighi insisting that I, an adult, need kid-gloves to use my iPhone. I guess I bought the wrong kind of product?

 

[DekkyQLD]

If Apple loses, it will be the end of a secure platform. Various companies, game publishers and banks will begin to force you to install applications from their stores. there will be 100 different stores and a total mess.

I would prefer if they would allow others stores even on IOS but with each apps/store within their own secure enclave (to my undestaning ARMv9/M2 makes it easy to implement)

 

[Tsubame]

I really hope Apple wins this. Not because of some misguided fanboyism or thinking that Apple is interested in anything but money (they "care" about the consumer because it gets them more money from consumers), but because it is a huge reason I use the platform.

I want my curated walled garden, I chose the platform specifically because of that. There's merits to an open system too, but if I wanted that I would be using Android. If Epic wins and I need to install 20 different marketplaces for 20 different apps, I am not sure I would even keep a smartphone anymore.

Honestly, I am not against that being further applied to the Mac either, though that is a less popular stance. There aren't many non-official apps I use on my Mac, except things within Steam (which presumably would be allowed, but I have bootcamp even if not). The fact the mac app store never really caught has probably been the biggest obstacle to that. It's still the first place I look, but it doesn't always have what I am looking for.

 

[LenticularTapir]

The security argument is not valid on this case,

I can subscribe to online services on my Mac and use them on a browser, be it safari, chrome or others.

Services like Spotify, Netflix, Disney+ and many many others, without exposing my mac to risks, and without having to pay 30% of that money to apple.

The whole amount for the subscription, I pay go to the rightful service provider.

I can use the same service when logged in another kind of computer or device running windows, linux, solaris, android or any other, still not having to pay a cut to Microsoft or Oracle etc.

That includes Apps on iOS on my iPad and iPhone, that are validated ( and hence "safe" ) by the AppStore, and I still didn't had to pay anything to apple because I didn't use In-App Purchases to subscribe to the service.

Why can't we have the same freedom for other service or software providers on iOS ?

You can already do this on your iPhone or iPad! You can literally open Safari on your device, browse to the Spotify/Netflix/Disney+ page, sign up and pay for the service, and then download and use the corresponding app from the App Store.