alt Hacker News> App sandboxing and system file integrity is one of the most beneficial security features of modern computing,
You can have sandboxing and system integrity while still giving the user overrides. But hey this is not Google and Apple's business model because it makes you less dependent on them. And it interferes with their sweet 30% rent-seeking app stores.
Mobile security works this way not because it's best for us but because it's best for making them money.
> You can buy rootable phones.
Eh yeah but the problem is of course being locked out of apps if you actually root it.
I don't want Google or Apple to decide what I can do with my phone. Or the government like in this case. This also opens the door for evil spyware like chatcontrol in europe. Even today they are trying to enforce a backdoor into whatsapp to block "harmful content" which is of course impossible without breaking or circumventing the E2E on-device.
> People overwhelmingly choose iPhones instead.
Maybe in America, not here in Spain. I guess not in Vietnam either.
Replies
> You can have sandboxing and system integrity while still giving the user overrides.
How? What kind of overrides? You mean that Safetynet could still report attestations?
I have no idea how it works, but doesn't it require a chain of trust, starting from a known boot image, then every process that can write to arbitrary memory needs to be a known image? (And even that might not be enough if there are ways to dynamically exploit them.)
> You can have sandboxing and system integrity while still giving the user overrides.
I think this is wishful thinking, and the most experienced organizations in the world in this field agree with me. You can’t square this circle.
We can pretend that these two things can coexist, but they cannot. Where there are overrides, there are youtube tutorials on how to disable the overrides to install malicious botnet vpn surveillance proxy apps to get free robux. (to borrow a turn of phrase from @ptacek iirc)
If you give users an escape hatch, they will get malware in ring 0 and Apple Pay will stop being a thing because people’s cards will start getting remotely skimmed at scale. (Or Amazon will give you 1.5% off all purchases to install a rootkit that uploads your complete realtime cc nfc purchase boop history and email receipts and location track so they can figure out which businesses to clone/dump on next.)
If you say “…but not the SEP” then you’re just admitting that you need a part of the phone the user does not and cannot control. Most users care about the privacy of their nudes and sexts so they’d rather it be the whole damn phone.
Did we forget that even the not-full-scale escape hatch that was enterprise app certs was abused by Meta (then Facebook) to install surveillance VPN backdoors on customer phones at scale? Apple didn’t even know bc they were sideloading them via enterprise certs and when they found out they revoked them across the board, but by then thousands of people had had 100% of their phone’s network traffic surveilled by an ad company without consent.
The irony is that Apple started out by discovering the the hackability of the hardware and software they found in their time. Instead of leaving something like that behind for those who come after them, to pay back what was given to them, they build walled gardens where you’re just not allowed to “bump into the walls too much”.