Why are you bringing up Android?
Dude, check the post chain. I didn't bring it up. Someone else did !
Personally, I think the guy asks some valid questions. Excerpted from ZDNet article:
He deliberately or unintentionally hide other iOS security services. I don't think the questions are valid or even relevant if those layers are considered.
Zdziarski's questions for Apple include:
1. Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
Why not ? It is useful for field diagnosis for the telcos. The presenter lacks operational experiences. The attackers won't be able to launch the sniffer or other tools remotely since iOS is locked down. We haven't seen any advisories that indicate so.
*If* the attacker can launch the sniffer remotely, that means the iOS security has been compromised. He or she can easily download other custom tools himself even if the sniffer is not there.
Apple simply has to decide what gets installed by default since the lowest HDD capacity is only 8GB these days.
If Apple want to do something hanky-panky behind our back, do you think they will separate the daemon into pcapd and name it ostensibly ? Same goes for the mobile.file_relay. That's just so stupid for an alleged covet operation.
The presenter is just looking for an agenda that's not there. It's all his agenda.
2. Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
Again, the presenter is stupid. Google for com.apple.mobile.file_relay, you can find the source code, and its purposes. It's for syncing to iTunes. It has to happen above backup or encryption layer because apps like iTunes need to know what gets sync'ed and when. Here, I want to point out that the presenter sucks big time as a IT personnel.
And as I mentioned, there are other security layers to prevent abuse. e.g., when you connect the device to a PC/Mac, you get the "Trust this device" dialog first.
3. Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
Again, google for it. This was already explained by some sites when iOS7 was introduced. The device key encrypted storage is for speeding up (and lower power use) of mass encryption/decryption. It is useful when you try to switch device, or when you forget your passcode, or lost your device.
There are other encryption facilities such as the Data Protection API for encrypting sensitive data. You don't need to encrypt Angry Bird or Flappy Bird.
4. Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?
The last time I checked, you can go to Bluetooth to see what devices are paired, and unpair them accordingly. You can also forget WiFi access points and unplug USB/Lightning devices. I don't even know what the presenter is talking about.
edit: btw, you can also go to Settings and look for the option "Diagnostics & Usage". If you agree to data submission, Apple will show you what data it collects so that you can change your mind if you want to.
