Skip to main content

Nothing to fear but fear-mongering itself

Some text was put up on the internet this weekend that contends Apple has such centralized control over iOS that, if it were ever to turn evil and become the instruments of surveillance states, there'd be nothing to protect us because Apple actively patches jailbreak exploits and doesn't allow the installation of non-App Store apps.

I'm loathe to link to articles like this, so if you're really curious about it, check out Daring Fireball where John Gruber goes through it point by stupefying point.

From my reads, it's about as rational as saying not to eat at McDonald's because one day they could start dosing all their fries with Paxilon Hydrochlorate, or not to watch YouTube videos because one day they could start spreading brain-blowing blipverts.

Even if we have faith in Apple and Tim Cook today, it asks, how can we have faith in what Apple might become, and who might be leading them tomorrow? Into who's hands, dammit, can we trust our Apple Utopia?

But Apple isn't a utopia. It isn't a benevolent dictatorship. In the story of the police state, Apple isn't the police or the state. Their control ends not at our lives or freedom but at the shiny boxes they sell us. That we could dump those shiny boxes at any time not only shows how fallacious the argument is, but how deeply incentivized Apple truly is to not turn evil.

In order to survive, Apple needs us buying those shiny products and for us to buy them, Apple needs our trust. Lose our trust and they lose our business. Lose our business and Apple loses everything.

Apple knows that, of course, which is why apple.com/privacy (opens in new tab) not only exists, but has top-level status and top level support.

Because of Apple's stance on security, in fact, it's currently only possible to get spyware onto an iPhone by exploiting jailbreaks or using the non-App Store installation method Apple does allow, Enterprise Distribution. And because of Apple's dedication to security, even that is currently only possible if the person in physical possession of the iPhone actively circumvents the protections Apple has put in place.

Open that door, and you create the potential for anyone to come in, including the surveillance states that are ostensibly the concern.

The greater problem here isn't just that the article is dumb, however. It's that it's dangerous.

How do you attack strength? By painting it as weakness. How do you attack security? By painting it as potential tyranny. It's a common tactic of those who depend on a lack of security or who can't compete based on security.

It's also the tactic used in this article, which advises people not to use iOS because of reasons that amount to no more than fear, uncertainty, and doubt.

iOS, which has privacy and security marketed as a front-facing feature. iOS, which receives security patches for all versions going back to 2011, for all customers, all at the same time. iOS, which is putting itself between its customers and those who would do them harm, not in some click-bait mirrorverse but right now, here, today.

It's why people, including security journalists not predisposed towards Apple aren't switching away from the iPhone. They're switching to it.

Rene Ritchie
Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

163 Comments
  • LOL.
    Whilst I agree with the direction you are headed Rene, you’ve taken typical fanboy stance.
    3 things;
    Customers do NOT always buy on trust. I don’t just mean do they trust their money won’t get stolen, but also do they trust a company to provide the level of service promised amongst other things.
    There are lots of instances of companies doing bad, not reacting fast enough or at all yet, people line up to give them more money.
    Apples privacy policy is, (like most other companies), private to them. They litter it with references and don’t explain those references fully to leave themselves with as much wiggle room as possible. For example, “we will not share your data, except with carefully chosen third parties and partners”, great but who the hell are these other people in bed with you?? What it also means is that Apple will gather daat from the kind of companies they purport not to be. Pot, Kettle.
    Your overly pro Apple side is evident in -iOS, which receives security patches for all versions going back to 2011 -
    Are you sure about this, I mean does that mean that iOS 5 still receives security updates? The first iPad touch was released in ’10 but sold through into ‘11 methinks does that still get patches?
    You’ve deliberately painted an overly simplistic picture in favour of Apple.
  • Sure, Rene is pro-Apple (he wouldn't write on this site otherwise), but his argument is completely sound. Many tech journalists seem to be running out of material about what's wrong with Apple in the present, so now you shouldn't buy their stuff based on what they may (and probably won't actually) do in the future. That's scrambling for a story and web-clicks. We can never know for sure, but trusting personal data to a company that makes money on hardware certainly seems safer than trusting a company that makes money from data and advertising.
  • Completely agree with this sentiment!
  • I fully understand he’s pro Apple. What undermines the stance that somebody has is if they appear to be hiding things, or expressing things in such a manner as to favour what they do. For your average person that’s Ok. For a journo it’s not.
    I’ve written "iPad Touch” above, that should read iPad BTW.
  • iMore is a pro-Apple website, so you'd expect the staff to write generally pro-Apple editorials just like the staff of a liberal newspaper would be expected to write generally liberal editorials. In a way I kind of like 9to5 Mac's way of clearly labeling opinion pieces/editorials as such to prevent confusion. I also agree with John Gruber in that if Apple (or any company for that matter) was to turn evil there's nothing to stop people from jumping ship.
  • And you have taken the usual " iHate" Apple for no logical reason. Your post is quite petty, actively looking for a reason to criticise Renee. At least apply some actual intelligence to it ;)
  • I use Apple devices almost exclusively. Probably have more than you do. I like open and honest debate about them.
  • Nope. There was nothing open minded about what you said or intelligent. It was simply an attempt to have a go at the writer, it didn't matter what the topic was as you didn't address the issues he was making in the article. Are you supporting the claim in the article that prompted him to write this one? If yes why? If no, what was the point of your post? And "using more Apple devices than I do", please, is that meant to impress? I do not have to use Apple devices so your post for the inarticulate ad hominem attempt it was
  • Open mind is coming from all angles and giving all info; Rene mentions Apple needing our trust in paragraph 6. I commented on that. Look at ”iOS, which receives security patches for all versions going back to 2011". That is not correct. Being open and honest would be, “-iOS, which receives security patches for most versions going back to 2011 -” where most is PROBABLY more than 50%.
    Thsoe two not address any of the points HE made? To be honest though, I don't care really whether you are impressed with me or not. YOU used the term ‘iHate'. I read that as an Anti Apple and/or pro Android fan. My purchase of many Apple devices over many years might suggest otherwise to some. If iHate means something else, I’d be glad for you to educate.
  • Your comment is mostly true. While some older versions of iOS have received security patches in the past, Apple traditionally only releases patches for the currently shipping OS and maybe one previous if it's not too far past the transition date. Renee's comment was misleading, for sure. That being said, over 80% of iOS users are on the current version, mitigating, but not removing, security concerns regarding patches.
  • He's never said all iOS versions going back to 2011 still get patches - he's said that all iOS *devices* going back to 2011 do. And that's true - the iPhone 4S and iPad 2 are going to get iOS 9 this fall. Sent from the iMore App
  • This one is easy;
    I “QUOTE” from the above article. can’t you read? - iOS, which has privacy and security marketed as a front-facing feature. iOS, which receives security patches for all versions going back to 2011, for all customers, all at the same time. iOS, which is putting itself between its customers and those who would do them harm, not in some click-bait mirrorverse but right now, here, today.
    Nowhere does that say devices, it says iOS.
  • This is the best one. I quote Rene and get downvoted. There are some true died in the wool fanboys here. Downvote if you disagree with me that’s fine but in this instance I’VE QUOTED THE AUTHOR PEOPLE!
  • FYI, you'll never win here lol. I commend you for trying though. Sent from the iMore App
  • "The only way you can legally get in trouble over privacy issues is by violating your privacy policy. So every company is incentivized by law to create privacy policies that are very broad and expansive, making it less likely they'll violate them in the first place. The only time such a broad privacy policy backfires is if the public suddenly has a viral panic about it" Originally stated by Mike Masnick on TechDirt.com
    https://www.techdirt.com/articles/20150821/10412632029/why-everyones-tot...
  • I agree 100% Rene, but there is one theoretical scenario that is problematic: if Apple become so dominant that you have to use one of their shiny devices in order to function in society. Apple become the new military-industrial complex, and buy the CIA...lol Sent from the iMore App
  • Oil companies, financial institutions and military contractors have already bought the governments. It wouldn't be anything drastically different.
  • Ironic....just like the company they preached against in their 1984 ads...oh how they have changed..
  • Whee!
    This kinda reminds me of the explanation of the outrageous conspiracy plot concocted for the classic movie 'The President's Analyst.'
    In that movie, the people you have to worry about are not the FBI, CIA or even the KGB. The real pervasive intelligence threat (of the late 60s) was The Phone Company!
  • So the chief spreader of FUD about Android, Google and Samsung hollers like a basset hound in a bear trap when an independent tech writer who also bashes Google (http://techcrunch.com/2015/02/15/dont-be-google/) DARES to point out that Apple's approach has downsides for some people? That the way that Apple does things doesn't suit everybody? Sure, yeah right. The reality: not everyone needs or wants Apple's levels of protection. Second, Apple's policies aren't all about security. That is the thing to remember. Apple has ALWAYS been this way, long before such things as data snooping or even Internet viruses were a problem. Why? Because it has always been their corporate philosophy and culture. It just so happens that only now is Apple able to market their longtime way of doing business as "keeping you safe" but it is just a marketing slogan. The truth is that even if everything was totally, completely safe, Apple would still be the same. And you know what? That is fine. Apple products are great for the people who love them, and the Apple culture is great for those who buy into it and use it to their advantage in their professional and business lives. Outstanding. But just as was the case in the old Apple versus Wintel era, it is still great that alternatives exists. There is Apple on one hand. There is the wild west of Android on the other. Some of us like the lack of restrictions that Apple offers. What is more, some of us actually NEED it (which is why Android is now the choice of the majority of workers in the tech industry: http://venturebeat.com/2015/08/11/ios-slips-to-62-enterprise-share-in-q2...). And some of us - gasp! - have the technical skills to still "be safe" without the barriers. The people who prefer rock climbing, mountain biking, bungee jumping etc. to playing in the sandbox in Apple's backyard are going to keep doing it and will never go back, so if it wasn't Android that was offering them that choice, flexibility and freedom they would be carrying Ubuntu phones, Firefox phones or something else. And that is precisely why Android users are more loyal than their iOS counterparts, and more people actually switch from Apple to Android (or have BOTH Apple and Android devices) than are Apple exclusivists: http://www.cnet.com/news/android-users-more-loyal-than-ios-owners-study-... The lot of you that simply cannot accept that resort to calling Android fans - nearly all of whom own or have owned Apple devices by the way - "Apple haters." Which, of course, is nothing but more fearmongering, as being accused of hatred, bias or bigotry of some kind is almost the worst charge that you can level at someone these days. But in a free market, even fear itself won't keep people who want an alternative from finding and using one. You Apple guys should be able to appreciate and be glad for that, because the loyal alternative-seekers were most certainly the ones who kept Apple out of the bankruptcy courts during the darkest days of Wintel dominance.
  • You claim Android is now the choice of IT and post a link to a post that says Android was at 30+%? And then to on to claim that Android has more loyalty than iOS? Are we supposed to take your post seriously?
  • Actually, Android does have more loyalty.
  • Nope.
  • Did you read the link that he posted?
  • +1
  • Well said. And for all their supposed security it didn't stop the massive iCloud hack. If that had been Google or Microsoft you'd never hear the end of it, not to mention there'd be a class action lawsuit by the slebs. Not sure how Apple got away with that one.
  • iCloud wasn't hacked. You do know the difference between hacking into a system and obtaining or decipheringvsomeone's log in details through social engineering?
  • Nice try, tell that to the victims of Apple's massive security and privacy breach.
  • Erm, no matter how many times you repeat it, iCloud wasn't hacked
  • "more people actually switch from Apple to Android" Wrong.
  • Have some numbers to prove him wrong? And numbers that do not come from a biased source....say Tim Cook
  • Yeah, his own link. 16% of Android users is a whole lot more people than 20% of iOS users.
  • His own link, disputes his claim. Try reading it
  • Better Apple than Donald Trumph, I say.
  • Sounds like some of the people leaving comments are paid to spread crap, at least I hope they are getting compensated for their time making up rubbish. There are a myriad of solid reasons to attack Apple, call them on some of the things they do and how they do business. Privacy for their users isn't one of them, which is what this article and the article mentioned is all about. Don't use what is good now because the company might switch how it has behaved for decades because they might, at some point in the future change, when there is no evidence of impending change is as stupid as it gets.
  • Which ones please? If me, (I’ll tell you first that - I’m not paid to write here), can you point out what you mean exactly.
    As to privacy, here’s what Apple say to the press and in blogs/keynotes etc in a message that begins - A message from Tim Cook………….., (http://www.apple.com/uk/privacy/);
    We promise not so share your data.
    Then here’s what Apple say later on in their privacy policy;
    We will however pass it to partners or selected third parties………..
  • The phrase "selected third parties" does not appear in Apple's Privacy Policy as published at the link you provided - can you cite where the phrase is published?
  • Is it all thrid parties? No. Then by definition it must be selected thrid parties. They haven’t used the word ‘selected’. I paraphrase, but accurately as explained above. But that aside, the real info is here, (it may differ from country to country);
    https://www.apple.com/legal/privacy/en-ww/#mn_p
  • I am trying to work out if this a poor attempt at trolling or just ignorance. Third parties like developers you know, the App makers and service providers who are not first party like Apple? Did you really not know that?
  • You seem to be having trouble. Only you know why that is.
    I you seriously belive that large corporations don’t write their T’s & C’s to give themselves as much wiggle room as possible, I’ve got a bridge to sell you. You seem to have taken the Apple Sauce hook, line and sinker. Rod, tackle box, waders…….
  • Since you claim to use more of Apple's shiny things than I do, isn't it logical that you are the one taking the Apple sauce hook line and sinker?
  • From Apple's privacy policy: "Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes." So what are you talking about?
  • I had a nice comment detailing Apple's privacy policy point-for-point after going through and actually reading the entire thing (and the one for iAd on iOS), but apparently it was deleted. Awesome. It's not a long read: https://www.apple.com/legal/privacy/en-ww/#mn_p
  • I’ve just seen your comment and cannot understand why it was removed. iMore will you elaborate pls?
    Just seemed to me to be part of the policy. Anyhow, you either share or you don’t there is no in between and I wasn’t speaking about iAds.
    Sharing to improve products and services is an extremely broad umbrella term.
    My company, (won’t say who), says they don’t give gifts in business as they could be deemed as bribes. But they do in countries where it is ‘custom’. I say, well how about those countries recognise that we DON’T do it and respect that instead of us giving them bigger gifts than our competitors did?
  • As far as I understood it, Apple only shares your information in cases where it has to (Carrier contracts), or where you have stated you want them to (contests or message boards). Non-personal data is lumped together in large groups (5k people) and used for targeting iAds. I am not aware of any other sharing that is allowed unless you expressly permit it, like using an app downloaded from the App Store.
  • If you ever go to board meetings, or get accidentally copied on high level mails you’ll see that companies large and small pay a lot of lip service to things.
    When things get tight they’ll even sit and discuss what their contract actually means and whether they can re-interpret something. I understand that they are not going to post who their partners are but I’d love to see their ethics policy, (all American corps have them), and have a laugh at it.
    Apple shares your information 'where it improves products and services', this is an umbrella term that gives them the ability to say 2+2=5 when it suits. This is a busy thread so I think I’ll unsuscribe for a day or two.
  • You mean the third party developers, service providers Apple works with?
  • "Apple has such centralized control over iOS that, if it were ever to turn evil " Now we're going to fear "what ifs?" The market will sort it out. Trust in that. Let's remember, Android has around 80% global share. Microsoft has more than that for the desktop. This article sound, to me, more like a plea to those two to not go the centralized route. Or don't be Apple. No need to worry though, since that won't happen.
  • The difference is while Android is 80%, the OS is completely modular and if you do not want Google spying on you, you can use other apps and services and turn Google off.
  • I suggest you try using Android without Play Services and get back to us.
  • You have never tried AOSP have you?
  • What does the open source project have to do with using Google Play and associated apps? Android without these services is a limited experience.
  • You can still use an AOSP based ROM and turn off Play Services and use third party app stores and services if you do not like Google. Nokia had a Lumia phone or two that did that and used their own MS services and apps. Android is for the most part better with Google, but if you are a tinfoil hat paranoid person, the OS can still be used without Google Play services and apps.
  • AOSP is controlled by Google. They might not be able to monetise it, however if we are in the land of conspiracies( hypothetical) then there is nothing stopping them from having a back door into it. The only way to lock them out of it is to fork it like Amazon did.
  • Reply to the last 3 or 4 posts; 1. You can audit the code in AOSP builds, so (in theory) you could identify any string that you suspect phones home to Google. Thing is, as we've learned a thousand times before - just because you have a hundred pairs of eyes auditing the code doesn't mean those eyes know where to look, or what to look for. I can name you a lot of open source (OpenSSL, for starters) as examples of pwnship due to basic negligence or complacency. 2. Unless you own a phone from a very selected subset of Android devices (Nexus line and a handful of others maybe), AOSP will more often than not gimp your device's functionality. Not all hardware drivers are open sourced. For example, nearly all Samsung and Sony flagships produce very subpar camera image quality with AOSP/AOKP based ROMS. 3. Ditching Play Services for another app store in most cases just trades one bunch of privacy/security concerns for another.
  • I never said it was a great option but it is there if you want it. Forked versions of Android could not exist of they could not block or remove usage of Play Services.
  • you can remove Google Play without forking AOSP as the Chinese vendors are doing. AOSP is from Google, in a theoretical scenario, they could place a back door in AOSP, they don't need Google Play for that
  • Thank you for your *on topic* AND your different take on this articale. Yes, I can kindna see how that could be the underlying motivation behind the orgionally quoted article.
  • Rene is calling someone else a fear monger? Pot meet kettle.
  • Please enlighten us on the fears he has peddling. Feel free to use pictures to illustrate your points as we are all quite slow here, for not having noticed this "fear mongering"
  • Pretty much all of the articles he writes about Microsoft Windows/Android and Google spread misinformation and half truths to scare uneducated readers to buy Apple and Mac. He implied all Windows OEMs put spyware on Windows computers when Lenovo got caught installing Super Fish. Not true at all. You can buy bloat free OEM laptaps through Microsoft Signature program, get an OEM that does not install bloat (like Falcon Northwest) or build your own machine. But he instead used a loaded or misleading article title to spread FUD that all Windows computers come preinstalled with spyware.
  • You have made a very sweeping statement which has no more substance than the initial one you made. Give. Specific example, he has written a lot, that shouldn't be hard, should it?
  • Did you bother to read his article about Lenovo and switch to Mac? I would be glad to link here if you want.
  • why should a Windows user sign up to the signature program, look for a specific vendor or build their own PC if there is no major problem with Windows security? Microsoft and Google choose a monetisation model of making their product indiscriminately available to assorted vendors in order to amplify their reach by commoditising hardware and driving down hardware prices. Security was always going to be an issue and both Microsoft and Google have accepted it as the price of business. And consumers have accepted it as the price of having cheaper more customisable versions of Apple's offerings. The only ones spreading FUD are the Windows and Androud Defenders peddling the idea that Systems that are not locked down and very accessible to an assortment of actors can be secure. There are to many loose ends
  • Because the issue is not Windows itself. Some vendors bundle bloatware or extra software. Maybe this is dificult for you to understand, but outside Apple's world, the OS and the hardware can come from seperate companies which is good in that you have more selection of devices and prices, but of course has drawbacks because OEMs are free to install bloat. If you are worried about bloat and extra installed software, again do as suggested...get an OEM-made PC through the Microsoft Store in their "Signature Series" which has just a clean Windows install without bloat, buy Surface, or buy from an OEM that does not install bloat (like Falcon Northwest as I mentioned). Of course all else considered, you can fresh install yourself or build from scratch. Clearly you have options, but the way he made the article sound is it is like all OEMs install bloat and malware and you should not go Windows because of that which is a total lie.
  • You are the one that fails to grasp things.
    In your reply you essentially make the same point I have made that Microsoft's business of model of making their OS available indiscriminately to multiple partners and the reality of not being able to lock down Windows as a result leads to this security issues. What are you arguing against? It is up to Microsoft the provider of Windows to ensure that its customers can use a Windows in a secure environment, it is not up to the user to figure out which of Microsoft's officially licensed partners gives a hoot about security
  • Speak for yourself, not everyone is as dimwitted as you.
  • I am sure your parents will be proud you managed to spell the d word all by your self) ;)
  • Apple lost my trust whey totally fucked up iTunes earlier this summer and still don't have the balls to apologize. No leadership in Apple. They lost it when Steve past away.
  • But do you still buy their gear?
  • Tim Cook is more likely to apologise than Steve. Steve Jobs wasn't the all and all. He had pancreatic cancer for a long time, Tim Cook has been running things at Apple, much longer than people think.
  • Cool story bro!
  • Rene, I'm surprised you're upset about this article. Especially since you've used the exact same argument against Google in the past. The consensus among security experts is that if a system cannot be publicly, independently, and rigorously audited by third parties, then it should be open to suspicion and not be trusted as secure. The burden of proof is on proprietary vendors to prove that their software does not contain accidental or intentional backdoors. Until then, no one can boldly proclaim that any proprietary system is secure without an independent audit available for public scrutiny. Lets take Android, for example. The last few high-profile vulnerabilities found in Android was as a result of third party experts publicly and independently auditing the Android codebase. Over the years, thousands of security experts from academia, to hobbyists, to private and public entities have regularly pored over the Android and Linux codebase to audit them for security vulnerabilities. Today, Android and Linux are a little more secure, because of their efforts. Today, we know there are no intentional backdoors in Linux and AOSP (Android Open Source Project) because of decades of independent audits both public and private. Unfortunately, we can't say the same for any proprietary OS in use today. In contrast, it's well known that jailbroken iPhones take advantage of security vulnerabilities in iOS. This is an OS Apple seasonally claims is private and secure. And this is an OS that has been seasonally jailbroken over the years. iOS is proprietary so we have no choice but to take Apple at their word, even though past and recent events should give us reason to be suspicious. Who knows what kinds of vulnerabilities are revealed when the source code becomes open for public scrutiny. Rene, I chuckle every time you boldly proclaim iOS is secure. What evidence do you have to back up this claim other than blind faith, exuberant fanaticism, and Apple's PR literature? Most importantly, have you personally conducted an independent audit of the iOS codebase? Because every CVE on iOS I've studied the past couple of years shows that it isn't any more secure than the competition. In fact, many of the stats don't favor iOS at all. Unless, you regard security by obscurity as a valid security strategy. I'm not saying iOS is secure or insecure. Frankly, I don't know. I'm arguing that the debate about security should be based on scientific evidence and best practices (especially public independent audits by third parties, security bounties, public disclosure, etc), as opposed to an appeal to emotion and a regurgitation of Apple's PR literature.
  • That's a well reasoned post.
  • +1
  • What part of Apple Literature has he regurgitated.? You and others here are making emotive arguments not grounded in facts. The kind of problems Renee highlights have to do with the business models of Google and Microsoft's platforms. Hardware vendors in a race to the bottom on very low margins and convoluted associations that make the Lenovo debacle and the security update issues we see on Android a reality. No amount of auditing or the wonderful theories you mentioned will ever compensate for that. And they will get worse due to the slow down in PC sales and decimation of the android high end. Security will be sacrificed in the war for survival amongst PC and Windows vendors. We don't need to take Apple's word or anyone's. Real world experience of billions of users of people who use these platforms is enough evidence. Unfortunately for you, real world evidence has Apple at a serious advantage on security. Closed down systems with restricted access are easier to secure. The most secure systems on Earth( high grade research, weapons, highest clearance govt systems are all restricted and closed). Are you saying that the Lenovo debacle is replicable on the Mac? Even sites like Arstechnica have been very vocal about how Microsoft and Google's modus operandi is putting their customers at risk. Android is more secure than iOS?
  • I don't know if Android is more secure than iOS because iOS is proprietary. I do know that iOS has certainly not been as independently audited by third parties, and as publicly scrutinized as Android/Linux over the years. In this regard, there's a case to be made for Android being more secure, in theory, due to more public scrutiny and exposure. As far as I know, most security research in the mobile field focus exclusively on Android/Linux because the platform is open source and thus easier to publicly audit. We know that Linux and AOSP for example have no backdoors. The same can't be said for iOS. And I've yet to see a comprehensive independent analysis of the security of iOS by third parties. I also know that even though 99% of Malicious software target Android, only 0.1% manage to penetrate Android's defenses. In other words, Android is virtually bullet proof against malicious software, which speaks to the general security of Android. In light of how popular Android is (i.e the most dominant platform in the world), that's a very impressive record. That being said, Android does have it's own unique set of problems. In particular, not all OEMs or even carriers are committed to updating Android in a reliable and timely manner. This lack of urgency to update Android means unpatched devices can be left vulnerable to exploit. This is the singular area I feel iOS has an edge over Android. The homogeneity of iOS means software updates, especially security fixes, can be managed more seamlessly by Apple, even though homogeneity in itself those pose its own set of security problems. However, in practice, due to the heterogeneity and diversity of the Android landscape, in terms of hardware and software, the chances of these unpatched vulnerabilities being exploited are mostly still purely theoretical. The Google Play Services on Android regularly scans devices for potentially malicious software and disables them if they are detected. On the server side, the Google Play Store runs all apps in a simulated environment, scans them for potentially malicious behavior and rejects them if they don't pass security checks. In fact, the only practical way to expose your Android devices to exploits is to install apps outside the Google Play Store and give your device root privileges. So, in practice, exploiting Android devices, even devices that are not up to date, is still very difficult.
  • Once again a lot of theoretical fluff( sorry to say that). There are billions of Android and iOS devices in use by billions of people all over the world. Both have been in operation for at least 5 years. As they say the proof is in the pudding. There is enough data to know which is more secure.
  • We don't have any data on iOS because Apple refuses to release them. The only data we have is on Android based on the security analysis of the Play Store from Google. The conclusion is that 99.9% of attacks on Android fail. I'll leave you to decide whether or not that's secure. If you want more information about Android's security read this article from imore's sister site, Android Central. The article is a Q&A with a security engineer at Google that works on Android. http://www.androidcentral.com/android-security-qa-googles-adrian-ludwig Ludwig also has presentations about Android's security that you can find online which are based on "REAL" data and not marketing fluff or blind zealotry.
  • You keep posting talking points. Both OS's are used by hundreds of millions of people every day and it has been the case for at least five years. Instead of posting irrelevant fluff, simply answer the question. Both devices are out in the wild, real world situation, which OS handles security better. You have a sample of billions of people, who have had a better experience? A theory is only valid if it works in the real world. All you have done is to post theories that have no bearing on reality. I have not quoted Apple once, I do not need to, their device is out there in the hands of millions, how is it faring in the wild and ditto Google. You actually compared Apple's MO to IE? Wow, you are way over your head Seriously you want me to listen to a Q&A with a Google Engineer who works on security? What do you expect him to say. You attacked Renee for regurgitating Apple points but have so far littered the thread with Google and Android fan site points
  • I already showed you which OS is more secure based on available data. The only person who's doing everything but providing data and facts is you. 99.9% of attacks on Android fail. We don't have any numbers for iOS until Apple releases them. Make what you will of that data. You're welcome to provide your own data to refute the claim.
  • What data? You mean like data from Ludwig the engineer from Google? LOL
  • No, the more relevant and useful data you provided. Oh, nevermind.
  • Erm Google malware and security problems and include iOS and Android. News reports. As I said billions of devices used by billions of people. Let's see which OS has had the most problems or complaints about security. Now that is better than a Google or Apple talking point, don't you think?
  • That's not evidence. That's hearsay. Since you're a foremost security expert and data analysts on mobile, let see your data. Where are your facts and figures? Where are your normalized distributions? Where are your statistical significant data? If we can't trust Ludwig, an Android security expert, provide your data to disprove what he's saying.
  • " if we can trust Ludwig an Android security expert" who works for Google to arbitrate which OS is more secure Android or iOS? Keep the golden nuggets coming :)
  • Google and Apple are the only reliable entities that have the analytics and most accurate data to monitor security activity over sustained periods of time. Sheesh, isn't this obvious?
  • Ask yourself why 99% of malicious software attacks is against Android and not iOS. The iOS platform is the far more lucrative with higher value customers, an install base of over 300million people and over a billion devices ( all premium). Why would a person or persons of malicious intent choose to attack Android 9 times out of 10 instead of heading to iOS? You accuse Renee of regurgitating Apple spin yet everything you say can be lifted from a Google presentation. Be scientific and be dispassionate and empirical. To you who is more secure, the average Android user or an iOS user?
  • 99% of malicious software targets Android, because 8 out of 10 smartphones globally run Android. It's basic math. It's the same reason most malicious software target Windows instead of OS X. Way more people use Windows. It doesn't matter how "lucrative" OS X users are. There's always more opportunity to be gained on the more dominant platform.
  • Wow, even though over 80% of Android phones are essentially feature phones? Look at Google's tracking of phones that access the Play Store and the financials of Androif OEM's. The vast majority of Android devices are not premium devices or high value targets. Why do you think Apple makes 90+% of the profits in the industry. Come on, really. So it is logical to you to attack a less lucrative platform because it is has more volume? Here's a room with 12 billionaires and another with 60cleaners. I know I will rob the room with cleaners, you know there are more of them!
  • Android doesn't run on feature phones. 8 out of 10 "SMARTPHONES" run Android. It is by far and undisputably the most dominant mobile platform. If my objective is to be malicious, of course I'm going to target the most dominant platform. Are we even debating this? This is basic common sense. Windows is targeted more than OS X because it has MORE users. Period. If I wanted to install DOS bots on millions of computers around the world, why the fuck would I target OS X?
  • Erm, the question was about Android and iOS. Why would you ignore 600million premium class phones with the heaviest data usage and web access to primarily target the Android crowd, where the majority of devices are practically feature phones( feature as in the way they are used which is why Android has much lower revenue streams and Average Revenue Per User despite its superior numbers) iOS is far harder to crack, android is a disorganised jungle. If you are going to bring up tired talking points from the times Apple used to sell less than 1m devices in a year, at least tweak and update it to reflect a time when they now sell hundreds of millions of devices. You do understand I said " essentially feature phones", I didnt say Android is on feature phones. Seriously you have taken so much out of context and seem to have difficulty comprehending use of language which is what you did with Renee's post and end up making strange arguments.
  • Lord have mercy. You target Android because it has approximately 4X more users, it has a diverse demographic and it's used in more places. In countries where Android attack is very high (e.g India, China, the Middle East) iOS devices barely register on the radar. So tell me why the fuck would I target iOS in these regions, when virtually everyone in those regions use Android? Are you deliberately playing dumb? People who distribute malicious software don't give a shit if your device is premium or not. Or whether the user is "lucrative" or not. Or how much cash Apple hoards away in its bank. They can make money just by installing a trojan on your device and sending SMS messages to a random service that charges you through your carrier.
  • Let's see, the iPhone is an internationally distributed device, outselling even Samsung in China. Actually the vast majority of iPhone sales are outside the U.S. Apple has sold close to 700million iPhones and close to 300million iPads and you are using the obscurity excuse when talking of a billion iOS devices? And you accuse me of being dumb? Lol. :) As I said, update the tired talking points that were used when Apple had sold less than 20million ( to obfuscate the terrible security problems on Windows which funny enough Microsoft fought to solve) devices in total to when they have sold a billion devices.
  • Everybody is outselling Samsung in China. Android is like 75% of the Chinese market. So any malware author with half a brain, by sheer common sense, would target Android instead of iOS. You know... because it has a larger pool of... gasp... users.
  • Does Rene pay you for this level of defense? Sent from the iMore App
  • You really want to go there? ;) Seriously, this is quite amusing. I have never seen a Android fanboy actually try to argue that Android beats iOS on security. As far as I can tell, he is not trolling and actually believes it and is giving it a go. I find it intriguing. Also you seriously believe this is about defending Renee? Is that what you really got from the debate between us? Are you trolling? :)
  • God that "trolling" word needs to die. You people use it religiously. I've simply noticed you are everywhere in these comments defending him from all those who disagree with what he's saying. What the hell is trolling anymore?
  • Be honest, what reaction did expect when you asked if I was paid to defend Renee? Do you honestly believe I am paid to defend him?
    Be real. Anyway you missed the smiley face after the trolling comment
  • The guy has already admitted he isn't terribly bright, he's slightly obsessive compulsive. People like him give Apple a bad name.
  • Ah, O my! Obsessive compulsive, gosh, what big words, surely they don't come from the very minuscule pool of intellect that you usually draw from. Be honest, who taught you those words? Do you even know what they mean? Here's some homework: http://www.sciencedirect.com/science/article/pii/S0140673602096204 And on giving Apple a bad name; are you 6 years old? Are you under the impression that comments that get posted on technology blogs have any effect on multi billion dollar behemoths? Lol Lol
  • It's not always about how many security exploits have been found but how bad those security exploits can be. Android has had a few lately have been really doozies. You claim that because Android code is open and able to be audited security exploits can be found easier yet the couple have that been found in Android lately have all be quite severe in terms of their exploitability and damage that can happen if exploited. Yes, iOS has had security issues and exploits as of late, I'm not denying.
  • Quite the contrary, buffer overflow exploits are par for the course in C/C++/Obj C codebases. The well known publicized iMessage security vulnerability on iOS is the same type of bug as the Android Stagefright bug. The only difference is that one bug was found by an independent audit of the Android open source code by third party security auditors, while the other was found by hackers. So, yeah, the badness of the bug is irrelevant when it comes to security vulnerabilities. They're all bad.
  • Just to clarify, it may be the same type of bug, but on ios, it caused the iphone to crash, could be prevented by turning message previews off and was patched in a couple of weeks. The Android stagefright one allows an attacker to remotely control and steal data from a device and the victim might not even know if they are affected. So, not really the same.
  • Overflow exploits are used to remotely execute code in memory regardless of what OS you're using. Android's memory address space randomization, process sandboxing, and hierarchical permission structure means it's practically impossible to successfully inject and execute remote code in memory. Although it is "theoretically" possible under lucky or rare circumstances. The security auditors who found and reported the Stagefright vulnerability were only able to crash Android via the Stagefright exploit. As far as I know, they were not able to execute code or steal data. So, yes, most modern OS would just crash the offending application when a buffer overflow is detected. It's nothing unique to iOS. I'm pretty sure the Linux kernel and C/C++ libraries are compiled with buffer/stack/heap overflow protection with GCC by default anyway. I remember using -fstack-protector with GCC to compile my Gentoo linux machines more than half a decade ago.
  • No system in invulnerable. A great tenner of security is how the system deals with threats. As the OP says, the issue on iOS was patched, the patch on Android (stage fright) is currently available to less than 5% of it's install base( and that's being charitable). what is the point of patches that won't or can't be Deployed? Your auditors can audit from now to kingdom come, the vulnerabilities they detect will remain as there is no practical way of delivering patches through the system, so it remains vulnerable and in fact people with malicious intent now know where to attack. The software community ( open source) are the only people on Earth that believe you can secure something by having everyone scrutinise and know the ins and out of that system, even though it has not been the case in reality. Every other industry protects things by restricting access/ black boxing
  • Security by obscurity is not an effective security strategy. Ask Microsoft how that worked out for them with Windows and IE. IE is a proprietary browser that supposedly only Microsoft has access to and that is completely "black boxed" from the public. Yet it's earned a reputation for being the most insecure and exploitable browser in the history of browsers. Access restriction and "black boxing" didn't save it. Good security comes from good software engineering practices, not "access restriction or black boxing". Look at Google Chrome and Firefox and even Safari. They're relatively secure browsers because of good software engineering practices, like public security auditing and open peer review. Not because of "access restriction or black boxing". If code cannot be publicly peer reviewed and audited, then it cannot be trusted, period. This is exactly why security experts today overwhelmingly recommend browsers based on open source engines over proprietary browsers like IE. Android has great security mechanisms for patches and software updates. Google immediately patched the Stagefright vulnerability when it was reported, and as far as I know all the hardware devices they officially support (i.e Nexus devices) have received the patches. Google also pushed the patches to OEMs and carriers. Unfortunately, OEMs and carriers have always been the bottleneck in the pipeline when it comes to delivering Android OS software updates and security fixes to users. This is NOT an Android problem. This is an OEM and carrier problem. And the only thing we can do is educate users to avoid OEMs and carriers that don't prioritize software updates and security fixes. However, even for Android devices that don't receive the patches, the Stagefright vulnerability is only exploitable in theory. In practice, the vulnerability is very hard to exploit because of the numerous security mechanisms Android already has in place to prevent this kinds of catastrophe. The worse that can happen is that an attacker that tries to exploit the vulnerability crashes the vulnerable app. Is this ideal? Nope! But it could be much worse. There's a lot of FUD about Android's security by people who have little to no experience on the topic.
  • Really? It is an OEM and Carrier problem? Not Android?not Google the artichect of the project and the one who put the open handset alliance together and is the guardian of the platform? It is everyone's fault apart from Google right? And you accuse
    of being a fan boy? Also there will be rejoicing in Android land that Nexus Devices which are a rounding error, less than 0.5% of the Android installed base has received patches. Please educate us on the carriers and OEM's who are taking security seriously. I am sure Google would love to know as well considering their well publicised failures in that dept. Android is a mess because of Google's business model. They were so eager to get it everywhere, seduced by the amount of data and money they thought they could make, that they set up a jungle and ignored all the problems Windows had and have lost control of the platform. It is only going to get worse.
  • There you go again with the silly and completely irrelevant business model argument. Tell me again how Google's business model prevented them from fixing the vulnerability found in Android? Oh, that's right. Google actually fixed the vulnerability found in Android and their business model had nothing to do with the fix.
  • So in your own words, Google has patched the vulnerability and all users of Anroid are now secure because the vulnerability has been patched? In your own words only the Nexus line, a rounding error, in the Android system have received it. So if less than 95% of devices ( again being very charitable) have received the patch, how can you claim Google has sorted it. Yes, so that silly business model means that can't even deploy their own patch through out their ecosystem. Are you so blinded by fanboyism that you don't comprehend their is no point in a solution you can hardly deploy?
  • Therein lies the problem, you're completely clueless as to how the Android distribution model works. Google does not distribute Android to all users of Android. Google distributes Android only to Nexus users. Each OEM and carrier is responsible for distributing their modified versions of Android to their users, not Google. If you don't understand the basics of Android's distribution model, then I'm afraid I'm wasting my time in this discussion.
  • You are so clueless it hurts. I and everyone one understands Google's failure of a distribution system on Android. Even Google does, which is why they keep announcing and making attempts to sort it out. Notice the change of tack with Android Wear and Chromebook OEMs? The only one celebrating this failure of a system is you in some extremely misguided and quite frankly amazing strain of fanboyism. You are wasting your time trying to make the case that Android is a more secure OS/ Platform than iOS. Or defending Androids incredibly broken security system. For goodness even Android fanboys on Arstechnica have had it and are up in arms. Jeez
  • Wait a minute! Are you telling me that Google's evil "business model" makes exception for promptly updating Android Wear and Chrome OS? Hmmm... so, based on this revelation, is the problem with updates Google's fault, or OEMs and carriers? I wonder... ◔_◔
  • Come on enough with this persecution complex;) who did evil business model. Think critically, they are the same OEM's! Over the same networks!
    If you have the same actors in different scenarios with different outcomes. What changed? Is it that the controller of tha platform acted differently, or the OEM's and carriers acted differently. You tell me. Fingers crossed that it will be a light bulb moment:)
  • Indeed, the light bulb moment happened. Well, it turns out updating Android has nothing to do with business models. Since, clearly, Google updates Android Wear and Chrome OS without problems. So, what's the case with Android on phones and tablets? Aha! Got it! You see OEMs and carriers are allowed to modify Android on phones and tablets. So when Google updates Android, it is the responsibility of the OEMs and carriers to update their modified versions of Android and distribute the updates to users. Ergo, the reason Android updates don't reach users has nothing to with Google, or business models, or Android's security models, or assorted and ignorant FUD dispersed on this thread. It has everything to do with ...drumroll.... OEMs and Carriers! Thanks for this light bulb moment.
  • Who let the carriers and OEM's modify Android? ;) I prefer rimshot, straight to the point ;)
  • Business mode,and hence your modus operandi , it bites you in the butt when you least expect it. A
  • Android's open source license lets OEM's, carriers and anyone modify Android. Which again, has nothing to do with "business models", but whatever.
  • Pardon me, I dont want to get this wrong. Is it your contention that Google is not responsible for carriers being able to modify Android, A product they bought and own? So it is the OHA and not Google, the very OHA that Google brought together as a means to deploy Android? Ok. Once again I am happy to jump of here and let you have the last word. I don't need to say a thing, you undermine yourself quite effectively. The acrobats and twisting you do to absolve Google of all blame regarding its own product Android, is quite frankly.......... Painful.
  • I'd love to entertain your questions, but I'd be wasting my time given how clueless you are about the rights open source licenses give contributors.
  • Lol
  • Here is Google's take on our discussion: Pay particular attention to this: Why did we open the Android source code? Google started the Android project in response to our own experiences launching mobile apps. We wanted to make sure there would always be an open platform available for carriers, OEMs, and developers to use to make their innovative ideas a reality. We also wanted to make sure there was no central point of failure, so no single industry player could restrict or control the innovations of any other. The single most important goal of the Android Open Source Project (AOSP) is to make sure that the open source Android software is implemented as widely and compatibly as possible, to everyone's benefit. https://source.android.com/source/faqs.html So I ask again: Who let the carriers and OEM's modify Android?
  • Here's an excerpt from the Chinese Ministry of Commerce's decision to approve Google's acquisition of Motorola. Notice this paragraph: Upon review, the Ministry of Commerce believes that the acquisition of Motorola Mobility by Google has competition-eliminating or restricting effects. According to Google’s commitments to the Ministry of Commerce, the Ministry of Commerce decides to approve the concentration with additional restrictive conditions. Google shall fulfil the following obligations: (I) Google will continue its current commercial practice of providing a free and open Android platform. (II) Google shall treat all original equipment manufacturers non-discriminatorily in terms of the Android platform. This obligation only applies to the original equipment manufacturers who have agreed not to differentiate or derive from the Android platform. This obligation does not apply to Google providing, licensing or distributing of any products or services relating to the Android platform (including but not limited to applications running on the Android platform). http://english.mofcom.gov.cn/article/policyrelease/domesticpolicy/201206... Ask yourself why China held Google to the commitment of keeping Android open sourced for 5 years if Google is not the Master? See their reasoning, it is in black and white, their request was to ensure google didn't limit Android to Motorola and hence stop the other OEM's from licensing android, in order words making it a closed system limited to Motorola. So who is the clueless one? I look forward to how you will dig yourself out of this one. There are lots of quotes and business model (yes that word you hate) discussions of Google's strategy for samsung from Google itself, lots of after earnings conference calls with Google top brass etc. Drops mic ;)
  • Meant to say Google's strategy for Android ;) Still drops mic :)
  • You are quite entertaining. Once you open source a project under an open source license, you are yielding control of the project to the public. In the case of Android, Google yielded control of the project to the Open Handset Alliance. This means Google has NO control over what people choose to do with Android. I have dozens of projects on GitHub under open source licenses. Even though I have ownership and maintainership rights over my open source projects, I have NO control over what people choose to do with my projects when they fork and distribute it. This fundamental ignorance of open source is why you think Google can control what people do with Android. They can't! Android is OPEN SOURCE. The only power Google wields over Android is completely political and meritorious. It's political because they got a bunch of powerful vendors in the industry, via the Open Handset Alliance, to agree to what it means to be Android compatible. It's meritorious because they are the maintainer and largest contributor to the Android open source repository. Also the agreements in the Open Handset Alliance only applies to handsets, that is mostly smartphones (tablets, as far as Android is concerned, are just smartphones with larger screens). They don't apply to wearables or other form factors Android runs on. Android Wear, Android TV, Android Auto and Android IoT do not adhere to the agreements in the Open Handset Alliance. This is why Google can enforce stricter distribution controls over Android Wear/TV/Auto/IoT. That and the fact that over the years Android vendors have realized the hard way that Google is just better at managing, updating and distributing Android than any them. In addition, many of the vendors want to ship their Android devices with Google Mobile Services. So it pays to be respectful of Google's wishes when it comes to Android. In summary, outside trademark and maintainership rights, Google doesn't own Android anymore. So, no, they can't just do what Apple is doing with iOS. And, no, they can't just do what Microsoft is doing with Windows. Neither iOS nor Windows is open source. The distribution rules of open source projects are different. As far as handsets is concerned, Google can't tell members of the OHA what they can or can't do with Android. In fact, the only thing OHA members agreed not to do is make an incompatible fork of Android. Non-OHA members can do whatever the hell they want to do with Android. Google, in the past, has tried to use Google Mobile Services to stirr OEMs in the direction they want to go with Android. For example, to distribute GMS with Android, I believe Google insists OEMs have to ship the latest version of Android. But then some ignorant people argue that Android is no longer free and open because of Google's strict stipulations for shipping GMS. The same people who want Android to be free and open, are the same people who want Google to force all Android vendors to keep their forks updated and patched at all times. Google has no such power. And even if Google tried to do that, through GMS, I'm pretty sure European lawmakers would have a field day. So what is Google's responsibility? Google's primary responsibility is maintaining and updating the Android repository. They have no distribution responsibilities. Let me repeat that. They have no distribution responsibilities. This means Google has NO responsibility to update some random Android device. Why? Because Android is open source and the vendor selling that device might have made modifications to the Android version they ship. Okay, I lied. There's one case where Google has distribution responsibilities. And that is for the devices they make and control, in particular Nexus devices. This is why you hear a lot of Android nerds saying, if you care about Android updates and security fixes, just buy Nexus devices. If Samsung decides not to update the Galaxy S3 to the latest version of Android, IT IS NOT Google's fault. They blame lays squarely at Samsung's feet, because it is Samsung's responsibility to distribute updates to their devices, NOT Google. Ditto for carriers. Now, some people say Google should not have open sourced Android. And those people are stupid. The reason Android is the most dominant computing platform on the planet today is because it's open source. No other platform enjoys the kind of diversity, chaos, madness, energy, innovation and community that Android endears. All the closed source operating systems, especially on mobile, are dying, will eventually die or have died. iOS is the remainder successful relevant closed source OS. There are rumors that even Microsoft is considering open sourcing Windows. So when people say, "Google has lost control of Android", I just chuckle. Duh! That was the whole point. Google didn't want what happened on the desktop with Windows to happen on any other computing platform in the future.
  • Another very informative post, however I think it's completely lost on the other kid.
  • More informative that Google's own documentation and their own SEC and Global filing when they bought Motorolla. Hmmmm. Lol
  • Picks up mic: Did you just compare you tin pot project at Github to a multibillion dollar business? Really? I made sure this thread is in such a sequence that anyone can see what the discussion was about and asked particular questions to commit you fully to certain positions so you can't change the goalpost and twist the argument which is particular ploy of yours. Atlas none of us can edit the previous statements and I will post the full reply from you below, so it's on the record. It is clear what we were debating. I have supplied actual documentation from your overlords (Google, or the holding company Alphabet if you prefer) about their Android strategy in line with what we were debating, and you reply with your great wisdom from a project at term, what's it called again,.............ah yes, github. Lol. and then went off trying to change the topic and debate so you can wriggle yourself out, or so you thought ;) I will let the readers decide, our discussion will be here for all to see. However, I find you intriguing. You are so profoundly confident in your ignorance. You are obviously not a troll like the little halfwit ACADM that keeps cowardly making snide remarks about me to others. ACDAM take me on directly, come on, you know you want to ;). I thought it was a lack of reading comprehension, even wanted to ask if english was your first language. But no, I think it is a serious overestimation of intellect coupled with delusions of grandeur. Well I shall get my popcorn out and read the next reply from you. You never disappoint in shooting yourself in the foot and litter theses pages with profound ignorance. Please don't disappoint I am looking to be entertained. However I won't debate you any further, as it is not a debate. I say something you shoot yourself in the foot, the cycle repeats over and over, but I see you just like shooting yourself in the foot, so I will save myself typing time and watch you spread ignorance with fantastic gusto. Please don't disappoint. I want to be entertained! Atleas you say I have entertained you, so its only fair you repay the favour don't you think?;) Drops mic, and picks up popcorn: "this is going to be good!" ;)
  • The story at Ars about a new Android vulnerability out today may shed some light on the subject.
  • That's very similar to iOS Masque attack vulnerability that was discovered a few weeks ago. I'll have to look into it more.
  • So I read the research paper here. https://www.blackhat.com/docs/us-15/materials/us-15-Bobrov-Certifi-Gate-... This vulnerability is much ado about nothing. Some OEMs ship admin apps which do not properly verify and authenticate their certificates. This oversight can lead a malicious actor to gain administrative privileges. The actor has to find a way to install malware on the compromised device. Then he has to figure out the OEMs IPC interface for elevating privileges. Then he has to figure out the certificate's serial number through brute force. The solution is to remove or disable the OEM fuckery of an app.
  • Apparently, Rene doesn't read the articles on his own site: http://www.imore.com/google-photos-may-be-free-what-personal-cost "And therein comes the potential dark side of Google's data usage, where the company pays its debts by leveraging its biggest asset: you. " ": I doubt the company is making this feature available out of the kindness of its heart. Google has yet to put up its terms and conditions for Google Photos, so we don't quite know what it might do with this metadata — how the company's advertisers might be able to use or not use it — and whether you'll be able to opt-out and still use the free service." "Down the line, however, targeted ads may well fit into that life. It's just a matter of what data you want to share (and potentially give) to companies for their usage." All completely unfounded FUD.
  • Have you been through Google's financial report. Google it and then compare it with Apple's. Google's finances is a black box and for a reason. Google is very open, except when it comes to how they make money. They are a data mining company, they make money of data. They have been fined for deliberately breaching people's privacy ( street view wifi breaches debacle and turning off the do not track setting in Safari amongst others) I love how Google fans jump to the defence of a company they have no clue about ( how it really makes money). Who is Google's biggest client or their major clients ( hint: the people who pay for their services)? What is their most Lucrative product? Why are the Google fan boys not up in arms about Google acquiescence get to share data with the carriers as part of its deal to buy SoftCard of them? Or the fact no major actor supported Google wallet because Google inserts itself in the final transaction do they are privy to the transaction details unlike Apple Pay which is between the Merchant's bank and the Customer's bank? You claim it is FUD to suggest that a data mining company that makes 90+% of it's income of data, might not be collecting more data for altruistic reasons? Really?
  • Akuko Ifo - Perfect responses. +1
  • Your repsonse shows poor knowledge of how Google uses your data. They do not "mine for data" and then sell it as you make it out to be. Using their services, they collect meta data and then an aglorithm uses that meta data to place ads on sites where you use their services based on your meta data. It pairs ads in ad space on their pages with a database of ads they have from customers that buys ad space and using meta data (some guy is not sitting in a room reading info about you), you get an ad targeted to you. If someone clicks said ad Google gets paid further. But Google does not read through everyone's data and sells it to third parties like the tin foil hat crowd wants to perpetuate. An algorithm uses meta data which is more than likely encrypted.
  • Guess you haven't been paying attention to the ongoing legal battle Google has been fighting concerning the data mining Gmail accounts you claim they aren't doing. They tried to get it thrown out, but that didn't work. They only thing they were able to do was not get it certified as a class action. But if you say they aren't mining, then I guess they aren't. Better call the judge with this late breaking news in the case.
  • Aha the usual regurgitated Google fan boy talking points. You have just written a lot of fluff that works on inarticulate Android fan boy sites. Name the Google service that brought in the most money last quarter, name the most lucrative region worldwide, name their biggest business partners. Name the ASP of their offerings. Give a detailed description of a usual transaction, including details of what ad, analytics Google provided. Go on I dare you to show that wonderful knowledge of Google's business ;)
  • Apple collects and mines your data too. These are excerpts from Apple's own privacy policy. "We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising..." Here's the data Apple collects about you. Again according to their privacy policy. "We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising." More data collection from Apple, as per their privacy policy. "We may collect information regarding customer activities on our website, iCloud services, and iTunes Store and from our other products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non‑personal information for the purposes of this Privacy Policy." Data mining by Apple. "We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services..." So, enough with the hypocrisy. Google makes money by hosting third party ads on their platform, and using their machine learning algorithms to show you ads that are relevant to you based on your behavior. This is public knowledge.
  • What hypocrisy. So Apple makes money of it's users data? Google makes 90+% of its money of the back of it's data. Their businesses arm is a black box. I dare you to name a client( and I mean a client as in the companies that Google makes it's money from)of Google as a case study and go through a normal transaction with Google or what Google service they used, what amount was made, what data was made available, what ad? Apple, Samsung, Microsoft are all transparent in how the make money. Google is not, they just get their fanboys and PR to regurgitate the same tired points over and over again. Regarding data Apple gets: you know fully well that every hardware device collects data, your merely tapping in a phone number or entering a contact is data being collected. Nice try, in trying to obfuscate context. However Apple makes its money of an integrated solution of hardware and Software and is very open how it makes its money, who its partners are, how much it gets. Google on the other hand...............you fill in the blanks Machine learning? Hacking into people's wifi networks( while taking pictures for street view and getting fined all around the world)turning of the default do not track in Safari( Also got fined), offering to share users data with the American Carriers and who knows who else as a condition to get their support to launch Android Pay is machine learning? Who is being emotional?
  • Here is Google's mission statement: http://www.google.co.uk/about/company/ Feel free to find whichever definition of Data Mining you prefer and come back and say with s straight face that Google is not a Data Mining company.
  • Apple is a data mining company too. Their privacy policy clearly states that they collect, mine, track and share your data. In this regard, Apple is no different than Google. The fact that they don't make as much money as Google from mining your data doesn't mean that they're not a data mining company too. The hypocrisy is that you choose to turn a blind eye to this data collection, tracking and mining when it comes to Apple, but then act like you give a damn about privacy when Google does exactly the same thing. The reality is that your Mac, iPad and iPhone are all data aggregation utilities for Apple and third parties. If you really cared about privacy, you wouldn't use any of these products from Apple. But this is not about privacy. This is just a fundamental delusion about how modern Internet services companies work, including Apple. Everybody knows how Google makes money. I don't know where you get the idea that it is an untold secret. Google uses machine learning algorithms to show you relevant ads from advertisers based on your profile. In simple words, advertisers pay Google to host their ads, and show you the ones that may interest you. Is this the mind-bending, earth-shattering secret you think Google is hiding? Oh, by the way, Apple does this too. You might be shocked to know that Apple too owns an ad hosting platform. It's not as robust and profitable as Google's, but I just thought you should know that Apple does the exact same thing. Allow me to blow your mind. This is also how imore.com makes money too. Actually, this is how 99% of web based companies make money. They attempt to show you relevant ads based on your profile. This is the "secret sauce" the Internet runs on, ads. And according to you this is evil only when Google does it. Do you see how stupid this sounds? Finally, Apple too has had its fair share of user privacy violations. In 2013, German courts ruled that Apple violated user privacy laws by sharing their customers data with third parties. Also, lets not forget the UDID kerfuffle of years past. Or the deliberate location tracking of iPhone users, even though those users turned location tracking off. The hypocrisy is that you conveniently choose to ignore the fact that Apple too has violated user privacy in their past, but you're quick to accuse everyone else of violating your privacy. Next time you feel the urge to accuse Google of collecting and mining your data, ask yourself how much of your data do you have sitting on Apple's servers? You're absolutely delusional if you think Apple isn't analyzing all the data they have on their servers. Heck, they once bragged that they had 800 million credit cards on their servers. So much for the "privacy" company. At least, Google gives you absolute and complete access to all your data. https://myaccount.google.com/ And are completely upfront about how they use your data. https://privacy.google.com/ Now, tell me how to locate and delete my Siri voice searches again?
  • Apple is a Data mining company. LOL. Hospitals are data mining companies as they collect you know patients data in order to treat them, how absurd do you want this to go. You honestly want me to believe you don't know the difference between a Company like Google which was set up as its mission statement clearly says to gather data and other companies who have other business models? Or is this " defend my fantasy perception of Google to the Death day". Apple is a data mining company. Wow
  • I'm not the one who's wallowing in the delusion that Apple does not collect, mine, track and share your data. I quoted copious excerpts from Apple's own privacy policy that clearly and emphatically indicate that they mine your data. Yeah, they suck at it. But they still do it. And there are already signs in iOS 9 that they're going to do more of it. Your iPhone is a fantastic data mining device. You can throw it away now since you care so much about "privacy".
  • Do your self a favour and actually Google the definition of a Data mining company. You set up strawmen to argue against. Everybody collects data, everybody including you for one reason or the other. A data mining company is a company whose business is to collect data and manipulate it specifically for financial purposes. You really need to understand what you are arguing about or against. Using your logic a Doctor is a data mining analyst as they collect loads of data as part of their job. Really do you get the difference? Step back, take a deep breadth and rethink a lot of what you have posted
  • Sure, and Apple only collects and manipulates your data for charity.
  • Again, how much did Apple the data mining company, in your words, make from Data mining? There are these things called financial reports which public companies file.............
  • That's a silly question. Businesses make money from selling goods and services not algorithms. For someone who throws around the term "business model" a lot, you should know better. Data mining is merely a means to an end, not the end itself.
  • More irrelevant points. Put your money where your mouth is. How much does Apple the data mining company make of data. Please blow my mind. Also to prove my point that you jump into arguments without comprehending the context or even what the person you are debating has said. Where did I say that Google dealing in ads is evil? Also I wasn't aware that iOS users and Mac users can't access their data stored by Apple you know: contacts, photos, files, media, movies etc. LOl. Once again take a cue from your own words stop being emotional and actually look at facts. The fact that you are debating the fact that Google is on the business of data mining, is mind boggling. Apple a data mining company. Priceless
  • The facts are evident. Does Apple collect, track, analyze and store your data on their private servers? Yes! Does Apple have an advertising platform that uses your data to target ads? Yes! Has Apple historically violated, or being accused of violating, user privacy laws? Yes! It is true that Google and Apple have different business models, but that is completely irrelevant to the conversation. What matters is that both companies provide overlapping and competing services. Both companies provide cloud services that gobble massive amounts of data. Both companies sell hardware. Both companies provide a computing platform for their respective ecosystems. And most importantly both companies mine your data and have virtually the same privacy policies about how they use your data. Finally, Google gives you complete access to all the data they have about you and granular control over your data. Apple doesn't. Let me know where I can download my Siri queries and my location data from Apple Maps.
  • so you still contend Apple is a data mining company? Just checking
  • Yes, it is. As is every other tech company these days.
  • Any chance you will tell us how much they make from data mining, you know being a data mining company? How about percentage of income?
  • I don't know what Apple's income has to do with the fact that they mine your data. Why are you in denial?
  • Apple is not a data mining company, they don't make money of mining data. It is not their mission statement-reason for being- how they make their money unlike Google, whose mission statement- reason for being- and how they make their money is by mining data. As I have said time and time again you set up strawmen to argue about. Someone says one thing and you set up an argument that has nothing to do with it. I have said times without number everyone collects data, even your doctor, your bank, as they can't function without data. However there is a difference between data collected being your reason for being and monetisation focus and gathering data to do a job like everyone else.
  • What kind of caveman logic is this? Both companies mine your data to sell you goods and services they can make money from. Period. Your reasoning that one form of data mining is more ethical than another is completely senseless. Considering that Apple and Google collect, track, use, analyze and store your data in virtually the same manner. This is where the double standard and hypocrisy rears its ugly head. When Apple mines your data, oh, that's okay. When Google does it, Google is evil. Are you seriously telling me Apple mines your data purely for charity? Because that's absurd! They mine your data to provide services that compel you to buy into their ecosystem, and that further compels you to buy their hardware. Asking me how much money Apple makes from data mining is like asking how much money Apple makes from OS X, or iOS. They don't directly make any money from OS X or iOS, but they make money indirectly from those services, because those services are key reasons why people buy their hardware.
  • Cave man logic trumps no logic my friend;) You just compared a company that sells hardware and makes the OS and core services on it to a Company whose mission statement and business model is purely to gather data and monetise it. Rabbit logic is even preferable. And I am quite happy to jump off at this point and let you have the last word. You are far too effective at undermining your own points. ;)
  • So you really believe Apple mines data for charity? Boy, the reality distortion field is real here.
  • Amazing :)
  • While I trust Apple a lot more than Google with my data. I was listening to some testimony on CSPAN where the FBI director was complaining to a sub committee about Apple and its encryption and how it is helping terrorist do bad things in the world. At the end of his rant, he made mention that he had hopes though because the iCloud backups weren't encrypted and they had access to them whenever then needed them. Since that time, I switched back to local iTunes backups.
  • I too prefer offline back ups. It is the safest (IMHO)way to preserve data, less lose ends and the Cloud is still half baked and no where near ready for the tasks it handles
  • Love the max headroom reference Sent from the iMore App
  • Isn't Rene the same guy that writes fear-mongering articles about Samsung and Google?? LOL
    What a complete hypocrite...
  • Lol a broken clock is right twice a day Posted via the iMore App for Android