Comment by doctorpangloss

2 years ago

It could author its format parsers in https://github.com/google/wuffs, and make them BSD-like open source to maximize adoption.

An even bigger change: It could allow users to choose their iMessage client freely. Why not open up the protocol? I’m sure a security focused client would be popular and in the grand scheme of things easy to author.

Perhaps they could open up more of the OS and apps. Perhaps their claims about the security of users and the App Store is kind of BS.

6 comments

doctorpangloss

Reply
madeofpalk  2 years ago

I struggle to believe that a third party iMessage iOS app would be a security improvement, beyond Lockdown Mode https://support.apple.com/en-us/105120.

Either a third party app would still use the same vulnerable frameworks as iMessage, or they would re-implement them potentially with more vulnerabilities, or just not implement the features, which is what Lockdown Mode gives you.

  • sangnoir  2 years ago

    One could argue the same about alternatives to Safari, and yet Chrome has proven to be more secure than Safari (based on Pwn2Own results).

    • madeofpalk  2 years ago

      I would not argue that about web browsers, because there’s plenty others out there. I don’t think Google would make a iMessage client for iOS.

      1 reply →

Ar-Curunir  2 years ago

You do realize that this is an extremely complicated exploit which is not being used on the average user, right?

And being open source hasn’t prevented Android from being much more vulnerable to these kinds of exploits.