this post was submitted on 21 Mar 2024
979 points (98.7% liked)
Technology
59322 readers
5334 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's kinda true, but not what I was getting at. Android has restrictive background processing limits and the APIs around it keep getting more restrictive and the OEMs like Samsung keep ignoring the rules of how things should work and break your apps when you do it right anyway.. Ultimately it's incredibly difficult to write an app and guarantee background work.
Apple, is even worse on its restrictions of background work, but Apple owns the OS and and can bypass it all for their watch.
Apple will never get to bypass the fuckery you have to deal with on Android, only the Android OEMs get that.
What do you do though if Apple is telling the truth and allowing 3rd party wallets would degrade the security even for their own wallet?
I would ask them to prove that claim in court for starters.
I would ask them why they feel they’d be liable for users who installed and gave permission to an app that would use NFC readers for payments.
I would ask them why access to the NFC reader by a 3rd party app in any way allows access to Apple Pay’s stored, encrypted data (which it doesn’t need)
I would ask why permission settings and security validations couldn’t be made on API calls with the potential to be harmful. Even for third-party app stores, Apple could still require app reviews and code signing for any apps that want to conduct financial transactions; they just don’t want to because they’ll make less money from Apple Pay.
Apple often handholds user flows and restricts access to features because non-technical folks might be tricked into installing a malicious or insecure service, and Apple stuff is built for non/technical people. But, on the flipside, they often leverage this position to wall you into their garden. This is the problematic practice that needs to be addressed.
Perhaps they aren't lying, but claims about security often involve theoretical weaknesses that aren't practical to exploit in the real world. Apple is very skilled at making sure those claims align with their business interests.
It would not. It's really as simple as that, saying as someone with two degrees in cyber security and 7 years of experience as a security consultant for various companies from small shops to multinational businesses, banks, and insurance companies.
I would love to see their threat modelling to justify what they're saying to brainwash their acolytes... It's a pure strawman to justify their bullshit.