←back to thread

Apple vs the Law

(formularsumo.co.uk)
378 points tempodox | 6 comments | 11 Jul 25 06:49 UTC | HN request time: 1.064s | source | bottom
Show context
grishka ◴[11 Jul 25 07:28 UTC] No.44529279[source]
> "...unfortunately, it's impossible to do all the complex engineering to comply with the Commission's current interpretation of the DMA..."

There's nothing complex and impossible about removing some "if" statements responsible for code signature enforcement.

replies(9): >>44529310 #>>44529322 #>>44529363 #>>44529431 #>>44529446 #>>44529695 #>>44530078 #>>44531016 #>>44531269 #
interpol_p ◴[11 Jul 25 07:40 UTC] No.44529363[source]
It’s extremely complex. I’m not debating whether they should comply - they should. But it’s gonna cost them years of engineering effort, and maintenance far into the future. See, for example, BrowserEngineKit

https://developer.apple.com/documentation/browserenginekit

They needed to engineer, maintain, document and support a whole class of APIs so that third parties can create their own competitive browser engines (that offer JIT, etc) while still maintaining iOS sandbox security. There are going to be hundreds of frameworks, thousands of APIs, that will need to come to ensure compliance with the DMA

replies(2): >>44529396 #>>44529401 #
EMIRELADERO ◴[11 Jul 25 07:48 UTC] No.44529401[source]
Somehow, Android manages to do it. Not only for browsers; all apps have JIT access without any entitlement/review needed.

It doesn't seem like the average Android user is worse-off because of that, security-wise.

replies(3): >>44529515 #>>44529733 #>>44533177 #
1. shuckles ◴[11 Jul 25 08:40 UTC] No.44529733[source]
The average Android user is far worse off security-wise than the average iOS user, and it isn't even close.
replies(2): >>44530033 #>>44532975 #
2. sensanaty ◴[11 Jul 25 09:18 UTC] No.44530033[source]
How so? As of late, Android FCZC exploits pay out more than iOS ones do at the moment[1]. And anecdotally from what I hear from friends involved in security, Android is very well hardened at this point and is equal to iOS despite having a much wider surface area for attacks.

[1] https://opzero.ru/en/prices/

replies(1): >>44532094 #
3. saagarjha ◴[11 Jul 25 13:45 UTC] No.44532094[source]
Average Android users are not targeted by exploits.
replies(1): >>44535862 #
4. lxgr ◴[11 Jul 25 15:05 UTC] No.44532975[source]
Would you say that's primarily due to JIT, or maybe due to the budget for security patches for most Android devices being a tiny fraction of what Apple has?
5. sensanaty ◴[11 Jul 25 19:10 UTC] No.44535862{3}[source]
Sounds like they're better off then, since they're not getting targeted?
replies(1): >>44537038 #
6. shuckles ◴[11 Jul 25 21:41 UTC] No.44537038{4}[source]
No, the threat to most users is losing their device, cloud backups, sensor permissions, and the like. The price of a remote zero click has nothing to do with whether your phone offers end to end encrypted cloud backups (which Android does not) or secure bioauth (remember when Android vendors shipped various insecure versions of face unlock before giving up on replicating Face ID?).