← Back to context

Comment by Wowfunhappy

5 years ago

And Google Project Zero won't get them.

https://twitter.com/benhawkes/status/1286021329246801921

> It looks like we won't be able to use the Apple "Security Research Device" due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy.

6 comments

Wowfunhappy

Reply
ASalazarMX  5 years ago

Goddammit, 90 day policy and reasonable rewards would strengthen their security and gain the trust of their advanced users.

For some reason this ridiculous restriction reminds me when Apple sued Samsung because their phones had round corners.

  • ethbr0  5 years ago

    Apple sued Samsung because Samsung had aspirations of being Apple.

    Rounded corners are the after-the-strategic-decision legal justification.

    • Wowfunhappy  5 years ago

      Frankly, I think Apple sued Samsung because Steve Jobs was still CEO at the time, and he sometimes acted emotionally instead of rationally.

  • sneak  5 years ago

    Advanced users that want a secure device require devices that can be reinitialized to a known state without external input.

    This is no longer possible on any phone, tablet, or computer Apple sells: all require online activation with device-specific info. There is no way to put the device back into a known state offline or without Apple having an opportunity to tamper with it (or be forced to tamper with it).

    • Wowfunhappy  5 years ago

      > This is no longer possible on any phone, tablet, or computer Apple sells

      It is still possible on all of their computers, just not their phones or tablets. Intel Macs (which are still being sold in large numbers) can always be wiped and restored from USB without an internet connection, and Apple Silicon Macs can do it if you set the boot-loader to "Reduced Security" mode.

      1 reply →