1. Doesn't matter in what league anything is, sideloading is sideloading and both iOS and macOS are popular platforms used by millions. You try to make us believe this is a factor, however it simply isn't. Marketing and exposure is not impressed by the last install button you press, or if it's a .dmg, .png or .ipa file you download. The file needs to get to the user in the same way, the user does not magically have new contact details just by using macOS or iOS.
2. It does not depend on the platform and you just repeating what you said without providing proof does not change it the same way you can say that the Earth is flat, and believing that repeating it makes it any more true.
3. It's a new avenue of software, not malware. It's the same like on macOS but obviously you don't want to hear that because it debunks all what you want to say. As for supervision, we were also there already and the OS is the supervisor, much more capable than a human who doesn't even have the task to check code.
4. Not sure if I'm the one in denial but feel free to believe that. Any proof btw? No? Thought so.
5. It's not rocket science how it will be implemented, just look at how Apple changed sideloading on macOS which changing defaults and adding additional restrictions to default settings.
6. As I said, you're drawing up scenarios that are unrealistic. I asked you before and I ask you again: Show me a rogue Spotify malware app/clone for macOS that is still signed. Show me. Yes, just show me.
Have you searched for Pegasus by name? Yes, that will definitely lead you to the malware, right?
I don't think you know who Corellium is and what they did, and how their relationship with Apple was. And how serious Apple is about zero-day exploits. Hint: Not very much. Apple left such exploits open in many cases for many months.
The one thing has zero to do with the other, you're drawing ghosts on the wall. You must be naive thinking that the US is the only country having intelligence services, and those service employees still using binoculars.Also interesting, Apple files lawsuits while the EU on the other hand
“The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.”
Pegasus used by at least 5 EU countries, NSO Group tells lawmakers
NSO Group ‘made mistakes,’ its chief lawyer says.www.politico.eu
So yeah, I have a hard time thinking the EU wanting the ability to side load random software onto iOS and circumvent the AppStore is all about “the consumers”
Stop changing the topic away from the issues we discuss here. We can do nothing about government intervention if they choose to spy on us.
Based on what you say it is obviously impacting how people will grade your experience. It is the natural way of things.
I didn't say that, but I am not even saying that the reviewers are Apple employees. You don't have to give people for a simple workflow like the review process corporate benefits. Yet, we see the results and if you can see a tail and a human-esque appearance, then yes of course it's a monkey, and even if it isn't you can't blame anyone thinking that it is.
I also don't know why you bring up JUNIOR devs in particular. However employing a junior dev is a bare minimum to even justify mentioning security in association with the review process. Since we're not on the moon and count to ten, we all know Apple will never pay a dev salary for the review process. And by this, the idea of the app review can kiss the idea of security checks goodbye. This is why I brought up devs, and when you say that you're a dev yourself, you should understand that better than anyone and not ask questions whose answers you should have known 30 years ago.
I am sorry but this is very basic knowledge and no one needs to be a dev to know that so this is extremely hard for me to believe that I am talking with a dev here, let alone a senior dev.
Any reason why there are just two scenarios? The most important scenario is already getting started in the EU and it will be the same in other countries soon thereafter.
Also, and again, Apple will never pay the employees more who do the app review, it's boldly against the shareholders' interest and Apple will follow their voices no matter what. In fact, Apple has been shrinking their QA divisions year after year.
On top of that, scenario 2 does not tackle the fact that not being able to improve is no indicator about someone being at peak performance. It can also mean that they are simply not allowed to, as I pointed out above with the shareholders (which won't allow Apple to invest more in QA or reviewers). Both are departments that do not generate an investment return.
Scenario 1 is irrelevant since security is not in scope of the app review, and it will never screen the code for the reasons stated above. Zero added security is added by a reviewer on top of what the OS itself is already scanning.
You presented yourself as a senior dev with 30 years of experience on your back. When you say things that emit the impression of lacking very substantial knowledge about how code works or what an app review vs a code review is, and how it affects security, then of course you have to expect questions about that. Criticizing you is not uncivilized, especially when you put yourself in the spotlight like that.
You said senior dev with 30 years of experience. If that is not linked to software development, tell me what is.
Also, saying that Apple needs a better review process is an opinion, not a fact. What Apple truly needs is to focus on its Gatekeeper, let it be on iOS or macOS. The review is for curation, not security. I thought we all understood that by now. The security word is the one Tim throws around like many people scream AI whenever an algorithm is paired with a database.
Last edited:
