They did go public already. In vivid color. They just didn’t disclose the websites that were exploiting the vulnerabilities.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed
- Thread starter MacRumors
- Start date
- Sort by reaction score
They did go public already. In vivid color. They just didn’t disclose the websites that were exploiting the vulnerabilities.
You make a good point. The only downside to not disclosing the sites is that people don’t know if they were exposed to the vulnerabilities.
Again, please show me where in iOS you're required to log in to a Google account when you pick Google as the default search engine.
Show me documentation of where "Google requests your location and Apple allows it."
Exactly. Apple addressed the issue within days.
Kind of funny though that Google is dredging this up days after Android was trashed in not one, but *two* seperate instances
https://arstechnica.com/information...aiUTcXkbHmpCaRNElAzgVxlDrm-HdEAU09HQIDaPvDD9I
https://arstechnica.com/information...LEpq1Ww7lyn5TceW1T7bkLKoFyr8nZj-yGVSHqLwfFGm4
I'm sure they have a division searching for vulnerabilities in their own software. As to what they have found - possibly a lot of stuff that got fixed by updates, under the moniker of "improving security". I don't think they actively search for vulnerabilities in other companies' software.
The website asks - not Safari itself. That's a difference.
They do? iAd has been shut down effective December 31, 2016.
Ok, time to acknowledge that Apple is just like everyone else now. Privacy issues; spyware issues; hardware quality issues; design issues; etc. The sticky ecosystem is the only thing holding Apple together.
‘Vivid color’ indeed.
The ‘deep dive’ in the link, features a lot of conjecture and speculation by a Google employee about Apple methodology and motivations.
This is an opinion piece sprinkled with bug fix log details, best not to hyperventilate.
Yes. By using Apple News you agree to let Apple track your reading habits. Apple arranges targeted advertisements on behalf of publishers for a 30% cut.
Also see here https://searchads.apple.com/news/
Safari directs you there. Again, there's nothing further to discuss. You make Google the default search engine, you value privacy only to a point.
And timed right before a major iPhone event? It’s almost like a dream PR package for competitors... by a competitor.
Doesn’t this happen... every... single... year... like... clockwork... a... week... or... two... before... Appple’s... fall... event... ???
Humans.
In some cases you mentioned, the balance is between privacy and customer convenience (why the security keys on iCloud are accessible to Apple - people want to be able to get their data back without their original device).
Actually, they often value your privacy more than you do.
As an example, iOS 13’s new approach of “allow once” and “allow only when using app” as being the only location tracking options a developer can offer with a pop-up, requiring you to go to the settings app to set “allow always”.Absolutely true, however, that they have designed their systems to not capture data in the first place means that if these values change, it would only matter going forward, they would not be able to access data they never had. That is why privacy by design matters more than privacy by policy.
Nope. They do not “let Google have unprecedented access to user data”, they let users choose to give access to their data to Google. Users have to log into a Google account and agree to share their data in various places. None of this is a default. In addition, their work on cross site tracking and browser fingerprint preventing is all designed to minimize that data leakage without active measures by the user.
Nope, the give users a default search engine and let users decide to provide location data to it if they choose. As I noted, in iOS 13, they are making it even more difficult for users to provide apps location data even when they are not being used. Again, privacy by design is better than privacy by policy. If Google does not get your data, it cannot later decide to use it in a way your do not want.
Their privacy by design approach shows them to be a champion of privacy. It is more work to solve problems without all the user data, yet that is what they design their systems to do.
As for allowing users to actively take steps (authorization dialogs, downloading apps, logging into accounts), that compromise their privacy, they do as much as they can to ensure that the user understands these choices and that they provide easy options to grant the minimum set of data gathering possible.
Again, as I pointed out earlier, they need to weigh user convenience against user privacy. I think they take money from Google to be the default search engine, because they think that is what most of their customers would want. If another search engine got to even a 25% share, they might not take the money, but as things stand, they are taking money for something that they think their customers want.
I have to agree with those asking about the identity of the known malicious sites, as well as a simple request for the url of a fix. How about publishing the legitimate address where an iPhone user, (perhaps a user that bought one second hand), can log in and ensure that the operating system is clean and up-to-date.
Hi Alan, great post, you've made some really good points.
On this bit I'm not entirely convinced though and this is my main issue with Apple and privacy.
Some estimates have put the fee they take from Google a quarter of Apples services revenue. Not so sure they would be so quick to turn that down.
Now you're being honest. You couldn't answer a question because you didn't have an answer—not that the question was framed as some logic puzzle.
That's not an Android problem. Its about malicious apps which exist on both platforms because neither Apple nor Google have access to the app source code.
Umm Android gets updates without needing a firmware update. And even a Galaxy S7 gets security updates and it's over 3 years old.
Google has reported it to Apple and probably reported the sites to the police. In addition, they probably have removed the sites from indexing in Google Search. I think this is sufficient, the public doesn't need to know exactly which sites.
It’s absolutely an Android problem because of A) how they vet and approve Apps and B) the underlying architecture of Android and things they allow that iOS (Apple) restricts.
That reads like Android 10 needs them before release unlike other versions of Android. We get monthly security updates without needing a new OS version. That's why there is a security patch level and OS version number.
Yes, iOS was insecure for 2 years for those users who like to frequent certain porn sites.
For someone that has nothing but cold contempt for Apple, you sure do own a lot of Apple products.
First. It’s not a “story” but a detailed report of what the researchers found and what they reported to Apple. Then there’s a certain grace period, where no details are shared with the general public. After this period, the researchers are free to publish details about it. Here’s the so called: “pressure” that you were looking for. But no details were shared and thus all is fine. That’s how it works, and should work, with a quick turnaround from Apple.
Next. The lack of Android is simple. These were iOS specific bugs, but some people are always, let’s just say skeptical. Thank you very much.