Comment by fragmede

you'd implement it so that each group is compartmentalized and no one can confirm the whole of the story, and only a single digit number of people know the full truth. one exec, one lawyer, one software engineer. and it'd have to be the software engineer dealing with releases, so they can modify the code last minute before it gets submitted. this presumes the CI system is unable to send apps to -Apple/Google itself, so it still has to be run by hand on your laptop (for some mysterious reason). if the code in the repo isn't able to do real-time monitoring, and if the data that gets sent to the ads team is inteltionally delayed and sufficiently anonymous that they can't tell by looking up past reports that theres real time surveillance happening, then everyone else involved could be vehemently asserting what they know, but which doesn't match the reality after the fix is put in.

I don't actually believe this, mind you, but theorizing on how you'd pull something like this off, the answer is compartmentalization.

All it would take on iOS is an innocent looking bug buried somewhere deep in any number of subsystems that make it so that the red dot for recording doesn't go on as often as it should. just a totally accidental buffer overflow that makes it fall to set the recording active flag when called a certain way. The XZ thing was down to a single character, and that's one of the most watched projects in the world. A latent iOS bug that no one's looking for

Again, not saying I believe this is even happening in the first place, just that it's not technically impossible, just highly improbable.