This is not a flaw that can be detected by Apple's "code review" process. Apps are fully allowed to store content in cloud storage. The flaw here was that the developer failed to have sufficient validation that those requests are valid. Simply relying on a phone number to access Amazon-stored files is a serious breach of software design ethics. This has nothing to do with Apple's review process or principles. The developer is at fault, plain and simple.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Vulnerability in 'Call Recorder' App Exposed User Conversations
- Thread starter MacRumors
- Start date
- Sort by reaction score
This is not a flaw that can be detected by Apple's "code review" process. Apps are fully allowed to store content in cloud storage. The flaw here was that the developer failed to have sufficient validation that those requests are valid. Simply relying on a phone number to access Amazon-stored files is a serious breach of software design ethics. This has nothing to do with Apple's review process or principles. The developer is at fault, plain and simple.
That's not really true. The US is primarily a 1 party consent country. 38 out of 50 states are 1 party. It's probably not built in because Apple realizes consent laws vary widely around the world, and they don't want to be accused of facilitating possible wiretapping violations in any of the countries where their products are sold.
You described legal reasons. Apple is a U.S based company. I wasn't wrong. I just didn't bother going into detail. I am not in the mood to argue over details I didn't intend to state the first time.
How does this have to do with Apple? It's the developer's misconfiguted AWS site.
Samsung has it on theirs. And Apple is capable of restricting iOS features based on regions. Technically it is possible regardless of regulations in certain countries.
I agree. Would be super useful for support calls or phone scammers. Perhaps they could have Siri automatically say something like "this call is now being recorded" when you activate it to avoid potential legal issues.
This is what happens when you hire one person to do everything, instead of hiring different people with a different area of expertise: programmers, database experts, designers, network engineers, security experts, law experts... everyone working in IT knows what I'm talking about.
I'll bet you're the first ******** to protest a "closed" ecosystem where development is stifled due to "draconian" regulation.
You think Google is protecting you. Ha.
Just imagine the data you share with Apple itself. These apps constantly learn from you. Thats how they come up with products such as Fitness +. Their machine learning is basically a spy tool.