Comment by anonym29
8 months ago
It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple, enabling Apple to decrypt that specific user's data.
Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
Apple's privacy-protecting image is nothing more than marketing.
Apple is actually far worse at protecting your privacy than Google.
On iOS, you cannot install any apps without an Apple Account, and even some preinstalled apps (like Pages, Numbers, Keynote, GarageBand, iMovie) cannot be used before you assign them to an Apple Account.
On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from Google's Play Store without an account as well, so, you can even install all the mainstream apps, all without any accounts.
That's one point of privacy.
Meanwhile, they protect vast amounts of your data with encryption, especially if you opt in to the most protection.
I don't have any wish to promote Apple, but those are not comparable. Even though I have hated Apple's closed App Store policy.
What do you mean by your data being protected by vast amounts of encryption? Can you verify those claims beyond trusting what Apple tells you? Isn’t the commenter above insinuating that a targeted individual can be compromised anyway?
15 replies →
The problem is that you cannot opt-out of the Apple Account.
Which means that targetted attacks are trivial if the attacker possesses the resources.
> On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from golgle's Pay Store without an account as well.
I thought Google recently announced changes to this requiring a developer account to side load.
Yes, Google did announce of the plans, but those changes aren't active yet, and they plan to start enforcing them in only several APAC countries where sideloading is far too popular and gets abused far too much.
Hopefully, they'll see just how ineffective their measures are, and abandon before applying the plans to the rest of the world.
4 replies →
> Apple is actually far worse at protecting your privacy than Google. On iOS, you cannot install any apps without an Apple Account
How did you decide that this one thing alone makes Apple's entire privacy approach far worse than Google's? Everything else doesn't matter anymore?
What else could possibly matter if your entire identity is always exposed on every iOS device?
I can't really think of anything worse as far as privacy is concerned. Can you?
That is indeed one area of privacy but I wouldn’t say that Apple is far worse. There is countless number of examples where this just simply isn’t true.
Also regarding the App Store, you don’t have to enter a credit card, you can make an account with a new email address.
What's worse than the inability to NOT have a permanent standardised real-name identifier on your device at all times and on all devices?
Apple has really questionable security as well. There's lots of people who have reported Apple randomly asking for Apple Account passwords all of a sudden in popups, on both iOS and macOS, the same way as malware would; or forcing password resets every day or every week.
BTW, do you know how many customer accounts did Apple terminate in 2024? It's 128'961'839 — nearly 129 million customer accounts terminated in just one year.
Wouldn't Apple have just done exactly that when they faced public and state pressure to unlock the iPhones of mass shooters, such as the San Bernardino shooter or the Pensacola shooter? That was their golden opportunity, but instead they refused, went to court, and forced the FBI to pay third parties to break into the phones. That's the opposite of your espionage scenario.
If Apple never decrypts a user's data, then this debate will never resolve, because there will always be people who insist that Apple's teetering on the precipice of logging decryption keys and decrypting a user's data – or worse, that they've already done it and we're just waiting for another heroic whistleblower to reveal their corruption.
> Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders. Apple was not installing spyware on people's devices as you seem to be implying.
>PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders.
Cloud data that's supposedly encrypted with encryption keys Apple pinky promises they don't have, right?
>Apple was not installing spyware on people's devices as you seem to be implying. I am very clearly not implying this is currently happening - just that there is nothing theoretically preventing this from happening, and the company already has a history of secretly cooperating with illegal government surveillance programs to provide cleartext user data - user data that they love to present an image of protecting vigorously.
> It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple.
I don't think they even need to do that. They are in control of the encryption process and obviously already process the data to create a persona of the user (after which it is no longer considered "user data")
This is what I’ve always struggled to explain to people, that any software’s security and privacy is only as good as its most recent update.