1. Doesn't matter in what league anything is, sideloading is sideloading and both iOS and macOS are popular platforms used by millions. You try to make us believe this is a factor, however it simply isn't. Marketing and exposure is not impressed by the last install button you press, or if it's a .dmg, .png or .ipa file you download. The file needs to get to the user in the same way, the user does not magically have new contact details just by using macOS or iOS.1. Not bring up macos because it is not in the same league as 1B iphone users.
2. It does depend on the platform.
3. What I do know is opening up an unsupervised avenue of malware is not good for anyone.
4. This is denial that a problem could exist.
5. Tell me the inner workings of how this will all come together. We would all like to understand how Apple will implement this.
6. Better to focus on the post content, than the poster content. This is my opinion of the direction this will go.
2. It does not depend on the platform and you just repeating what you said without providing proof does not change it the same way you can say that the Earth is flat, and believing that repeating it makes it any more true.
3. It's a new avenue of software, not malware. It's the same like on macOS but obviously you don't want to hear that because it debunks all what you want to say. As for supervision, we were also there already and the OS is the supervisor, much more capable than a human who doesn't even have the task to check code.
4. Not sure if I'm the one in denial but feel free to believe that. Any proof btw? No? Thought so.
5. It's not rocket science how it will be implemented, just look at how Apple changed sideloading on macOS which changing defaults and adding additional restrictions to default settings.
6. As I said, you're drawing up scenarios that are unrealistic. I asked you before and I ask you again: Show me a rogue Spotify malware app/clone for macOS that is still signed. Show me. Yes, just show me.
Have you searched for Pegasus by name? Yes, that will definitely lead you to the malware, right?Lol, no I have not seen a download for pegasus spyware on the AppStore lol
I don't think you know who Corellium is and what they did, and how their relationship with Apple was. And how serious Apple is about zero-day exploits. Hint: Not very much. Apple left such exploits open in many cases for many months.In addition
“Apple Inc in a lawsuit against US-based cybersecurity startup, Corellium, alleged that it sold its virtualization technology to the NSO group and other such "bad actors" and actively encouraged them to find 0-day exploits.”
The one thing has zero to do with the other, you're drawing ghosts on the wall. You must be naive thinking that the US is the only country having intelligence services, and those service employees still using binoculars.Also interesting, Apple files lawsuits while the EU on the other hand
“The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.”
Pegasus used by at least 5 EU countries, NSO Group tells lawmakers
NSO Group ‘made mistakes,’ its chief lawyer says.www.politico.eu
So yeah, I have a hard time thinking the EU wanting the ability to side load random software onto iOS and circumvent the AppStore is all about “the consumers”
Stop changing the topic away from the issues we discuss here. We can do nothing about government intervention if they choose to spy on us.
Based on what you say it is obviously impacting how people will grade your experience. It is the natural way of things.How the hell is what I stated a direct impact on my knowledge or experience as a developer where you all need to start questioning it?
I didn't say that, but I am not even saying that the reviewers are Apple employees. You don't have to give people for a simple workflow like the review process corporate benefits. Yet, we see the results and if you can see a tail and a human-esque appearance, then yes of course it's a monkey, and even if it isn't you can't blame anyone thinking that it is.You all basically are saying Apple employees are just "monkeys pressing approve on apps" and ALL I SAID was Apple needs to have a more thorough app review process. NOWHERE did I mention code reviews, handing over your code to junior devs, etc. There are MANY MANY things Apple can do that DOES NOT require junior devs. So I really don't understand why this was even brought up in the first place.
I also don't know why you bring up JUNIOR devs in particular. However employing a junior dev is a bare minimum to even justify mentioning security in association with the review process. Since we're not on the moon and count to ten, we all know Apple will never pay a dev salary for the review process. And by this, the idea of the app review can kiss the idea of security checks goodbye. This is why I brought up devs, and when you say that you're a dev yourself, you should understand that better than anyone and not ask questions whose answers you should have known 30 years ago.
I am sorry but this is very basic knowledge and no one needs to be a dev to know that so this is extremely hard for me to believe that I am talking with a dev here, let alone a senior dev.
Any reason why there are just two scenarios? The most important scenario is already getting started in the EU and it will be the same in other countries soon thereafter.Bottom line, here are the scenarios.
1) Apple can improve the App Review process
2) Apple cannot improve the App Review process
If you all agree with #2, then you all CANNOT say Apple is just "monkeys pressing approve" since they are doing the most they can do. If you all agree #1 is possible, then we are aligned and you just questioned my knowledge for nothing?
Also, and again, Apple will never pay the employees more who do the app review, it's boldly against the shareholders' interest and Apple will follow their voices no matter what. In fact, Apple has been shrinking their QA divisions year after year.
On top of that, scenario 2 does not tackle the fact that not being able to improve is no indicator about someone being at peak performance. It can also mean that they are simply not allowed to, as I pointed out above with the shareholders (which won't allow Apple to invest more in QA or reviewers). Both are departments that do not generate an investment return.
Scenario 1 is irrelevant since security is not in scope of the app review, and it will never screen the code for the reasons stated above. Zero added security is added by a reviewer on top of what the OS itself is already scanning.
You presented yourself as a senior dev with 30 years of experience on your back. When you say things that emit the impression of lacking very substantial knowledge about how code works or what an app review vs a code review is, and how it affects security, then of course you have to expect questions about that. Criticizing you is not uncivilized, especially when you put yourself in the spotlight like that.None of what I said should have resorted in insults/attacks/questions of my software development knowledge. It is just unnecessary and uncalled for and it is not how you have civil conversations.
You said senior dev with 30 years of experience. If that is not linked to software development, tell me what is.Point me to a statement that directly links IN ANY WAY to software development? ALL I SAID was Apple needs to have a more thorough app review process. And there are hundreds of different ways to handle this that don't even involve the coding of the application.
Also, saying that Apple needs a better review process is an opinion, not a fact. What Apple truly needs is to focus on its Gatekeeper, let it be on iOS or macOS. The review is for curation, not security. I thought we all understood that by now. The security word is the one Tim throws around like many people scream AI whenever an algorithm is paired with a database.
Last edited: