this post was submitted on 21 Mar 2024
979 points (98.7% liked)
Technology
59322 readers
5334 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What do you do though if Apple is telling the truth and allowing 3rd party wallets would degrade the security even for their own wallet?
I would ask them to prove that claim in court for starters.
I would ask them why they feel they’d be liable for users who installed and gave permission to an app that would use NFC readers for payments.
I would ask them why access to the NFC reader by a 3rd party app in any way allows access to Apple Pay’s stored, encrypted data (which it doesn’t need)
I would ask why permission settings and security validations couldn’t be made on API calls with the potential to be harmful. Even for third-party app stores, Apple could still require app reviews and code signing for any apps that want to conduct financial transactions; they just don’t want to because they’ll make less money from Apple Pay.
Apple often handholds user flows and restricts access to features because non-technical folks might be tricked into installing a malicious or insecure service, and Apple stuff is built for non/technical people. But, on the flipside, they often leverage this position to wall you into their garden. This is the problematic practice that needs to be addressed.
Perhaps they aren't lying, but claims about security often involve theoretical weaknesses that aren't practical to exploit in the real world. Apple is very skilled at making sure those claims align with their business interests.
It would not. It's really as simple as that, saying as someone with two degrees in cyber security and 7 years of experience as a security consultant for various companies from small shops to multinational businesses, banks, and insurance companies.
I would love to see their threat modelling to justify what they're saying to brainwash their acolytes... It's a pure strawman to justify their bullshit.