Apple has paid out about $20 million dollars in their security bounty program, and a good portion of that must be iOS-related, so much so that they offer dedicated iOS devices to researchers.
iPhones have been jailbroken by visiting a webpage, receiving a message, or joining a WiFi network.
Just about every single iOS release is patching a vuln that was reported or found in the wild being exploited.
So, really, is the "furthest iOS malware" concern being 3rd party tracking a genuine statement?
Given it’s much harder to get malware through the App Store than it is to get it through the macOS notarization system (or just telling people to right click open your dmg), you certainly won’t find iOS malware affecting a large amount of users unless those users seek it out (via jailbreaks) or are individuals at risk of extremely targeted attacks, which is what lockdown mode aims to guard against: https://www.apple.com/newsroom/2022/07/apple-expands-commitm...
You should define “malware”. There is wide variety of apps that harm users to different degrees, and I’m not sure we’re sharing the same definitions of what the App Store is supposed to protect their users from.
In particular, an app that signs you up for a $100/month subscription behind your back that's impossible to cancel via some dark UX patterns, will make it through the notarization system just fine, no jailbreak or exploit needed.
> that's impossible to cancel via some dark UX patterns
The scandalous $10 per week kid’s games definitely exist, but in fairness, you made this part up, as all subscriptions are easily accessible on your clearly labeled ‘Subscriptions’ page, and canceled by clicking the big red ‘Cancel subscription’ button.
To note, the “easily accessible” part is for people with an Apple device with iCloud set as the target account.
You don’t have another Apple device to manage your kid’s subscriptions ? it’s simple ! Download iTunes on Windows! No windows or can’t/don’t want to install iTunes? Tough luck.
You’d think icloud.com has feature parity regarding payment managements and critical settings, and no, it doesn’t [0]
BTW having multiple Apple devices still won’t make it that much easier if you happen to use different Apple IDs (if you need access to more than one country’s store for instance, or separate work and personal profiles): logging in and out is a PITA with the Find My Devices lock and 2FA.
> To note, the “easily accessible” part is for people with an Apple device with iCloud set as the target account.
> You don’t have another Apple device to manage your kid’s subscriptions ? it’s simple ! Download iTunes on Windows! No windows or can’t/don’t want to install iTunes? Tough luck.
Wow I’m speechless.
Not having access to your kids’ device, and not having access to a linked Apple device, and not having access to a Windows device, and not being willing to download iTunes is considered a dark pattern??
Sometimes I really wonder about the little anti-Apple bubble some people live in…
You're a linux/android parent and your teenage kid wants an iPhone. Will you take their phone every now and then just to check subscriptions etc. ?
Or, each family member has an iPhone with their own account, and no other Apple device. You'll be switching anytime you want to check. etc.
I'm aware of these limitations because I've hit them so many time, while having 5 Apple devices at hand. I get it might be s 80/20 split with it being really simple for 80%. But IMO that's just not good enough, at least not 15 years after the first device launch.
[edit] I'm kinda surprise how the goalpost is shifted from "hey it's easy" to "go install iTunes if you're on windows". I having a website too much to ask really ?
> I'm kinda surprise how the goalpost is shifted from "hey it's easy" to "go install iTunes if you're on windows". I having a website too much to ask really ?
Dunno where you got the idea that I somehow ‘shifted the goalpost’ from “it’s easy…”?
The poster I was answering said that Apple made it “impossible” to cancel subscriptions by using “dark patterns” and this somehow got transformed into some vanishingly tiny, special HN-case of a person running Linux who doesn’t have another Apple device and ‘cannot’ install iTunes with a teenager who’s phone they can never access to check subscriptions…
Oh well - the anti-Apple fanatics here will downvote absolutely anything, I guess - including anyone responding to utter garbage like this.
iPhones have been jailbroken by visiting a webpage, receiving a message, or joining a WiFi network.
Just about every single iOS release is patching a vuln that was reported or found in the wild being exploited.
So, really, is the "furthest iOS malware" concern being 3rd party tracking a genuine statement?