Linked by Thom Holwerda on Sat 9th Feb 2013 01:01 UTC
Apple "Over the last half a week, Apple has been hit with the largest mass-hacking incident in its history. And the perpetrators were the company's own users. Nearly seven million iPhone, iPad and iPod touch owners have cracked Apple's restrictions on their devices using the jailbreaking tool Evasi0n since the tool was released Monday morning, according to the latest count from Jay Freeman, the administrator of the app store for jailbroken devices known as Cydia. That makes the iOS-hacking app the fastest-adopted jailbreak software of all time, Freeman says." Because, of course, only nerds and geeks jailbreak. There's also a technical analysis of the jailbreak.
Thread beginning with comment 551964
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: I ssee both sides of this
by _txf_ on Sat 9th Feb 2013 02:16 UTC in reply to "I ssee both sides of this"
_txf_
Member since:
2008-03-17

The problem at the moment is that jailbreaking has become simple enough for anyone to do it, and so you do get a lot of people who are jailbreaking and really have no idea how to maintain their systems.


Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

MS learned to do security the "proper way" with windows (not metro/8 which is essentially a devolution).

Reply Parent Score: 3

darknexus Member since:
2008-07-15

Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

Only if one reads them and only, in the case of side-loaded apk files, if the permissions in the package metadata are correct. Most pirated apks, from what I've seen, conveniently leave out a lot of the more suspicious permissions or omit them entirely. That's usually when someone asks me to help with their phone and it's like tech supporting an older Windows pc. Neither Android nor iOS have real security as part of the os.

Reply Parent Score: 1

hackbod Member since:
2006-02-15

Only if one reads them and only, in the case of side-loaded apk files, if the permissions in the package metadata are correct. Most pirated apks, from what I've seen, conveniently leave out a lot of the more suspicious permissions or omit them entirely. That's usually when someone asks me to help with their phone and it's like tech supporting an older Windows pc. Neither Android nor iOS have real security as part of the os.


Thanks for just making stuff up. The actual fact though is that permissions in Android are enforced at the platform level, and it has been this way since day one of the design and implementation.

Your app must request a permission to be able to use it. When the app is installed or updated, all permissions it has requested are shown to the user. That set of permissions is maintained by the platform from that time on and can't change outside of another update of the app. Every time it tries to do an operation associated with a permission, this is checked by the platform against the list of permissions currently granted to it and failed if it doesn't hold the needed permission. Period.

Of course like every other piece of software there can be bugs that in this case result in security holes that allow applications to gain more privileged access. Any such situation on Android that allows an app to bypass permissions that haven't been granted by the user is always considered a high priority security bug and fixed as quickly as possible. That isn't the normal operation of the platform.

Reply Parent Score: 3

WereCatf Member since:
2006-02-15

Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.


As if. I know quite a lot of people with Android - phones and only the nerds understand permissions, not a single non-nerd. The availability of the permissions tab under Android has done fuck all about this. And why? Well, because you need to consciously seek them, you're not at any point asked about the permissions during normal operation, you're not allowed to change the permissions and they're way, WAY too vague to actually tell anything meaningful. You need to already have understanding about the topic to have even the vaguest idea about what each particular item on the permissions tab entails, and even then you're just not given enough details about any of them to really know if it's a good or a bad thing to allow it through.

Reply Parent Score: 4

hackbod Member since:
2006-02-15

As if. I know quite a lot of people with Android - phones and only the nerds understand permissions, not a single non-nerd. The availability of the permissions tab under Android has done fuck all about this. And why? Well, because you need to consciously seek them, you're not at any point asked about the permissions during normal operation, you're not allowed to change the permissions and they're way, WAY too vague to actually tell anything meaningful. You need to already have understanding about the topic to have even the vaguest idea about what each particular item on the permissions tab entails, and even then you're just not given enough details about any of them to really know if it's a good or a bad thing to allow it through.


While I would never claim that Android's permissions are perfect or anything like the end-all be-all that solves all security issues, they have certainly done more than fuck-all.

Two examples:

(1) It is not uncommon for Android applications that request excessive permissions to have people publicly complain about them and get the developer to clean up their act. This was honestly the best that I had hoped for with the permissions system: that they would raise awareness of what applications are doing to the people who care about this stuff and pay attention, who can then provide pressure and publicity to help protect normal users. And this has happened multiple times, and has helped all users of the platform.

(2) When my wife got her Android phone and started installing apps on it, she fairly quickly came across a game that needed permission to access her contacts. She was told this prior to the point of buying/installing the game (which is by design), got scared by the idea of this thing getting her contacts, and decided it wasn't worth it. This is a normal user, not a geek in any way, but it was clear enough to her that the app was going to be able to access her private data that she wasn't comfortable with. This is of course just one example, but we do put a lot of work into making the permissions shown to users as understandable as possible, and have continually done work to improve this, in pretty much every release, including the major update to the side loading permissions UI last year -- http://blogs.computerworld.com/android/21259/android-42-security has some example screen shots. (To be honest, that screen shot is not the best example of what would stop a normal user from installing an app, since that app doesn't actually request permission to any personal data or other things that a normal user would understand or care about. One of our ongoing goals has also been to use other tools to reduce the number of spammy less interesting permissions applications must request to do certain things.)

Reply Parent Score: 3