For the most part, unlike Gen Xers.
10 Millennials and 10 Gen Xers in a room. Give it some time, you know whos who.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]
- Thread starter MacRumors
- Start date
- Sort by reaction score
10 Millennials and 10 Gen Xers in a room. Give it some time, you know whos who.
Facebooks app installed a root SSL certificate giving them access to all encrypted network traffic on your device, all of it! Still don't see the problem?
Last edited:
Reward Google and Facebook by deleting their apps from your devices.
Use DuckDuckGo.
Use DuckDuckGo.
Yep. The Gen Xers will be mingling about and engaging in conversation about various topics. The Millenials will be hunched over their smartphones texting their "friends" while ignoring every live person in the room.
Still smells a little funny.
Google: Oh, crap! We've been caught.
Apple: Psst- Just say it was a mistake, so we don't have to be a company of our word.
Google: Awesome! Thanks, guys!
How does one "accidentally" develop an app using the wrong security certificate? As with many things, people are either stupid or lying. Neither option speaks well of them.
Only if you don't read the thing I was responding to.
Could you be more specific?
This combined with deciding that corporations are to be treated as separate entities with human-like rights, and then pretending that this faceless corporate entity is responsible for any bad things that happen, and not the head of the company or the board of directors. When the board of director's primary directive is to make more money, and it's the faceless corporate entity that takes the hit for bad behavior - so no consequences for the actual humans making the decisions, the corporate entity often tends towards rather sociopathic behavior.
Still smells a little funny.
Google: Oh, crap! We've been caught.
Apple: Psst- Just say it was a mistake, so we don't have to be a company of our word.
Google: Awesome! Thanks, guys!
How does one "accidentally" develop an app using the wrong security certificate? As with many things, people are either stupid or lying. Neither one speaks well of them.
At least Google seems to be smart enough not to use their main developer certificate to install their app. Apple killing it won't disable everything else they are working on. Of course that also makes it look like Google knew what it was doing was wrong.
The panelresearch.google.com certificate looks like it was obtained just for this purpose. Apple ought to hit all their certs with the ban hammer for a while.
I don't have a single Google app on my devices because of this nonsense.
The most I use is Google search through Safari and I feel like I should stop that too.
The most I use is Google search through Safari and I feel like I should stop that too.
I have not read the entire thread yet but color me confused.
My iPhone 8+ is a work phone (I own) and linked to work with device management and a link to a nonApple work store where we download specific apps not available in the App Store.
How is this different?
[doublepost=1548888068][/doublepost]
Yet it took Apple 7 years to realize this? Now that is a real confidence builder
My iPhone 8+ is a work phone (I own) and linked to work with device management and a link to a nonApple work store where we download specific apps not available in the App Store.
How is this different?
[doublepost=1548888068][/doublepost]
Yet it took Apple 7 years to realize this? Now that is a real confidence builder
I have not read the entire thread yet but color me confused.
My iPhone 8+ is a work phone (I own) and linked to work with device management and a link to a nonApple work store where we download specific apps not available in the App Store.
How is this different?
[doublepost=1548888068][/doublepost]
Yet it took Apple 7 years to realize this? Now that is a real confidence builder
The Apps you are downloading from your company's App Store are either links to regular App Store apps (that your company has purchased on your behalf and manages through their MDM) or Enterprise Apps that should be signed with your companies Developer account.
Its time for lawmakers to put an end to this. We have to be protected from these data stealing corporations.
I don't really see the issue? People had to voluntarily install this on their phone, knowing what it was for and what it would do. Its not like they were sneaking this into one of their other apps or holding people at gun point forcing them to install it.
They made the software, users decided to install it.
They made the software, users decided to install it.
Consider this analogy:
I ask you if I can install a listening device in your house. You say OK, so there's no privacy violation involved. But instead of mailing it to you, which is a legal way I can deliver it to you, I bypass the post office and put it in your mailbox myself, which we'll assume is a violation of post office regulations. I'm misusing the delivery mechanism, so you and I are square but the post office has a problem with my violation of their rules. As a result, they might revoke my permission to use people's mailboxes. And that means I might not be able to mail anything to myself either!
Oh so the issue is people are doing what they want with the phones they paid for instead of what Apple tells them they can do with their phone.
There would of been Apple employees who would of known about Facebook and Googles behaviour for a long time. Whether they reported it to their line manager, and that manager reported it higher up the chain, and they ignored it, who knows.
Now its public knowledge Google has done the same as Facebook, so Apple must revoke Google's certificate as well.
Now its public knowledge Google has done the same as Facebook, so Apple must revoke Google's certificate as well.
This isn't between Apple and iPhone owners. It's between Apple and Google (and Apple and Facebook) for violating the terms agreed to between the companies.
I may be wrong, but these apps can read other apps, right? Including emails apps, messaging apps etc?
If that’s the case, and you communicated with someone who had side-loaded one of these apps, hasn’t your private communications with that person also been shared?
To quote part of the TechCrunch story about Facebook, users agree to share “data about your activities and content within those apps, as well as how other people interact with you or your content within those apps.”
So I don’t have to run this side-loaded app to have my privacy violated, I just have to communicate with someone who does?
Can these apps read iMessage conversations between the person who installed it and their contacts?
Still smells a little funny.
Google: Oh, crap! We've been caught.
Apple: Psst- Just say it was a mistake, so we don't have to be a company of our word.
Google: Awesome! Thanks, guys!
How does one "accidentally" develop an app using the wrong security certificate? As with many things, people are either stupid or lying. Neither option speaks well of them.
A mistake, yea right. The Google employees who wrote that and those that read it prior to it being released were probably having a good laugh.
If you are looking at it correctly, then this is a bunch of BS. Its unfortunate that our private conversations could have been viewed without our knowledge
[doublepost=1548894047][/doublepost]
Though this is about the abuse of Facebook and Google, it is sad that it took this long for Apple to find it. I get that it is difficult to spot all these potential loopholes, but it makes me wonder if there are more loopholes out there that Apple wont find for many years from now
My guess is that yes that can happen. But it's not clear who violated your privacy. The person you were communicating with gave the data to someone else (a business), who is looking at it with their permission. The person you were talking to could just as well have taken a screenshot and posted it online, or printed your email and taped it to pole in the public square. Is the person or the business guilty?
Regardless, your data is on someone else’s computer. You never know who could be snooping through it.