Uhm. You're comparing OS updates when we are talking about browser updates? Apple may need a system update to ship a browser fix, but that's not how anyone else is doing things. Hell, even Apple deploys Safari updates separately on macOS.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Web Developers Form Advocacy Group to Allow Other Browser Engines on iOS
- Thread starter MacRumors
- Start date
- Sort by reaction score
Uhm. You're comparing OS updates when we are talking about browser updates? Apple may need a system update to ship a browser fix, but that's not how anyone else is doing things. Hell, even Apple deploys Safari updates separately on macOS.
I understand the difference. I’m just point out that it’s not the only factor in browser security.
It appears many people here keep advocating for making iOS more like Android in multiple areas and completely ignore the fact that they could just purchase an Android device in the first instance. Want different browser engines? That’s already available.
Arguing over whether a user can independently update a browser engine completely ignores the fact that >42% of Android devices are running Android version 6 or below….that’s >1Bn devices that have unpatched Android and glaring security holes.
Contrast this to iOS where >93% of users are currently on iOS 14 or 15 and at the latest point release for their respective versions.
Arguing whether Apple patches a public security hole in 3 vs 10 days is hilarious.
Arguing over whether a user can independently update a browser engine completely ignores the fact that >42% of Android devices are running Android version 6 or below….that’s >1Bn devices that have unpatched Android and glaring security holes.
Contrast this to iOS where >93% of users are currently on iOS 14 or 15 and at the latest point release for their respective versions.
Arguing whether Apple patches a public security hole in 3 vs 10 days is hilarious.
Browsers are able to patch security issues even if the OS is still vulnerable. Take Meltdown / Spectre, a vulnerability at the hardware/CPU level. Chromium had site isolation in place and basically only had to tweak it a bit, enable it, ship an update that installed itself without requiring a reboot and was able to protect users from attacks even though the underlying OS was still vulnerable - but those attacks never reached the OS.
The issue there is that the web still needs - wants! - to support those iOS users - and thus, WebKit sets the bar, holding back the web for everyone, not just iOS users. Currently, a lot of projects never see the light of day because it won't work on iOS (up to 50% of western mobile users). Chances are the CEO has an iPhone. He's not going to sign off on a project that doesn't work on his own phone.
Whataboutism. The only reason we talk about OS updates is because Safari/WebKit requires them to ship a single bug fix. You don't need OS updates to have a secure browser (I understand this is new for iOS users). Meltdown / Spectre was patched at the browser level so users could at least safely browse the web.
93% of iOS users running the latest iOS means ~7% of iOS users' is running an outdated OS *and* an outdated browser while everyone on Android 5.0 and higher runs the latest version of Chrome. The advantage of not relying on system updates...
It's 60. 60 days. They fixed it after the public disclosure and then took a few days to roll out the update to users.
Yet another reason browser updates should not be tied to system updates: if you postpone installing a system update because the new version is buggy or whatever the reason, you're automatically running an outdated browser and missing security fixes.
damn it, I was actually contemplating to update few weeks ago and this week :/
I think, I'll read more iOS15 reviews to convince myself.
Agree. This is one of the problem with iOS/Apple. I don't get it. macOS doesn't have this issue. And after more than a decade, it's embarrassing for iOS, the so-called "most advance" mobile OS on the planet (Jobs said this himself), still cannot have Safari decoupled from iOS itself.
This is where Android's fragmentation forced Google to innovate, to compartmentalise Android and have its system webview and browser independently updateable form the Play Store.
The truth is, almost all other browsers are going to use WebKit (or a fork, example: Chrome + Blink) anyways. However, Firefox with an actual alternative web engine is one of the most compelling arguments for this. I want my Firefox.