I thought religion talk wasn't allowed?
LOL... I see what you did there
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
I thought religion talk wasn't allowed?
No. See the bottom of Incident Response Team - United States. I see a LOT more than 17 since 2008.So your sole example of BB being insecure is a vulnerability in OpenSSL that affected nearly EVERY device that connects to the Internet including iOS, OS X, Windows, Android, Linux, etc, etc? Uh, yeah. Let's look at the CVE database shall we? BB had 2 vulnerabilities in 2015 and 17 since 2008. iOS had 375 in 2015 and 802 since 2008 (that's for iOS).
Per the website you linked, there were 6 advisories in 2015. 2 are for 3rd party apps, 1 is for the FREAK OpenSSL vulnerability that as I already stated affected everyone, 1 is for their Android phone to fix Android vulnerabilities, 1 is for their Enterprise BES server product, and the last one affects the BB Link software to sync your phone with your PC. So in reality, 0 were for problems with the OS actually running on the phone.No. See the bottom of Incident Response Team - United States. I see a LOT more than 17 since 2008.
Low CVE counts aren't necessarily indicative of high security. Blackberry's tiny remaining market share doesn't make a particularly juicy nor interesting target for hackers, those writing malware, and researchers now. If you are trying to affect the most # of people, the biggest targets would be the ones that have the highest market share and/or a large installed base.
The SSL vulnerability of which I speak was from 2014. It was in iOS itself and so affected the phone and every app on it (save Chrome and Firefox as they do their own SSL processing). The vulnerability was that iOS wasn't checking validity of SSL certificates. This means that was trivial to spoof a website or app destination and the phone will trust it an happily give credentials or whatever else. Here are a few links:Those are two fairly specific accusations against Apple. If they were true, I'd expect to have read about them elsewhere. Care to provide links?
Since you mention BB10, it looks like it was released in 2013.Also, it took Apple many years to give users the ability to nuke a stolen phone which BB10 has had since day 1.
Take a look at About the security content of iOS 9.2 - Apple Support, for example and notice who's been finding these vulnerabilities. Do you think those same researchers and software developers are real interested in finding vulnerabilities in something that has 0.3% share (IDC: Smartphone OS Market Share 2015, 2014, 2013, and 2012) or that they're even writing any software for Blackberry devices and thus stumble across vulnerabilities during their own security testing and review process?Your premise about BB not being a target doesn't hold water. Please recall that effectively the entire US govt (and many other govt's) uses Blackberry. Why is that? And if that isn't a tempting target for attack by both state and non-state actors I don't know what is.
Ah, you're talking about the "goto fail" bug. I did read about that, 2 years ago when it was fixed. You used the present tense ("if you don't mind that your phone ignores SSL certificates") to deliberately make it sound as if iOS devices were still not checking SSL certificates.The SSL vulnerability of which I speak was from 2014.
That's obviously bad, but it's also something Apple fixed. Your statement about "anyone being able to access and download everything off your phone whenever they want" does not seem to be true for current versions of iOS.The second one that I was thinking about was actually a Samsung flaw in their keyboard code that I remembered incorrectly. But there have been other Apple exploits that allow data to be extracted silently like this one:
iOS 9 to fix critical Apple AirDrop vulnerability - Telegraph
Anyone who's seen any James Bond movie could copy the user's fingerprint and access the device.
I mention BB10 because that is when I became a customer and am unfamiliar with their capability prior to then. I used Windows phones back in the 90's/early 00's until I switched to an iPhone 3G. I used iPhones (except a short run w/ a Galaxy S3) until I learned about BB10 and switched to a Z10.Since you mention BB10, it looks like it was released in 2013.
Remote wipe has been available on iOS (before it was called iOS) since iPhone OS 3.0 (Inside IPhone 3.0's Remote Wipe Feature | PCWorld) which came out in June 2009. The first iPhone didn't become available until June 29, 2007.
That said, I'd imagine earlier versions of Blackberry's/RIM's phone software had remote wipe, likely before 2009.
While it's possible that the popularity of iOS and Android is related to weak security (they are easier to use and do more "cool stuff" because security isn't slowing the user down or making them jump through hoops and apps are easier to write because the systems are more open, etc) your presumption that there is a correlation between popularity and vulnerability count is specious. As for targets, did you even read my post? The Pentagon and every other Federal agency uses Blackberry. So while their user count is small, the value of the data on those devices is quite large. You don't think there's value in exploiting those devices? Plenty of people are looking.Take a look at About the security content of iOS 9.2 - Apple Support, for example and notice who's been finding these vulnerabilities. Do you think those same researchers and software developers are real interested in finding vulnerabilities in something that has 0.3% share (IDC: Smartphone OS Market Share 2015, 2014, 2013, and 2012) or that they're even writing any software for Blackberry devices and thus stumble across vulnerabilities during their own security testing and review process?
If you were someone out w/bad intentions out to affect (e.g. make money, do DDoS attacks, etc.) or steal information from the most # of people, which smartphone OS would you target? Ones with over 82% share, and over 13% share or one with 0.3%?
And, 44.7 million tablets were shipped in 2Q 2015 per Worldwide Tablet Market Continues to Decline; Vendor Landscape is Evolving, According to IDC - prUS25811115. Most of the above vulnerabilities would also be found on those tablets. In comparison, Blackberry never got any traction w/the Playbook before killing it.
-SNIP- Again, if you were someone w/malintent, which is/are juicier? Android and iOS or Blackberry?
Well, the gotofail bug was in the code for 1.5 years so who knows what's in there now (though the same could be said for BB). But my point is that BB has a history of spending the time and money it takes to build secure code. Apple does not. I used the GTF bug as an example of a basic flaw (seriously, "check whether SSL certs are validated correctly" should be a part of every single build regression) that Apple didn't have the systems and processes in place to find.Ah, you're talking about the "goto fail" bug. I did read about that, 2 years ago when it was fixed. You used the present tense ("if you don't mind that your phone ignores SSL certificates") to deliberately make it sound as if iOS devices were still not checking SSL certificates.
That's obviously bad, but it's also something Apple fixed. Your statement about "anyone being able to access and download everything off your phone whenever they want" does not seem to be true for current versions of iOS.
Perhaps iOS will someday attain the same level of security you claim Blackberry has, now that they have hired the person who was responsible for the Blackberry OS (Sebastien Marineau-Mes).
I guess you're looking at Blackberry : Products and vulnerabilities . Right or wrong, some of them got lumped under RIM : Products and vulnerabilities .So your sole example of BB being insecure is a vulnerability in OpenSSL that affected nearly EVERY device that connects to the Internet including iOS, OS X, Windows, Android, Linux, etc, etc? Uh, yeah. Let's look at the CVE database shall we? BB had 2 vulnerabilities in 2015 and 17 since 2008. iOS had 375 in 2015 and 802 since 2008 (that's for iOS).
You guys from the US are missing the fact that BB still has significant market share here in the Great White North.
And now back to our regularly scheduled program…I have a Pebble smartwatch. Yes, the cheapster's version of Apple's watch, but it does what I want and costs a proverbial fraction of Apple's. I'm connected to an iPhone but haven't tried any Tesla manoeuvres on the watch yet, mostly because the phone will do that, and it's convenient enough.
Yes, RIM changed their name to Blackberry in 2013. Even if you add in the older BB phone vulnerabilities (not fair to include the BES or other software products as we're focusing on phones here) it's still a tiny fraction of iOS.I guess you're looking at Blackberry : Products and vulnerabilities . Right or wrong, some of them got lumped under RIM : Products and vulnerabilities .
I think you have it exactly backwards. I believe that popularity and vulnerabilities go hand in hand but not for the reason you say. People want products that do a lot of cool stuff and are easy to use. Those two goals are at odds with strong security without a colossal investment in time and money (I hope Apple is ready to make this investment - I applaud hiring Sebastien). Apple products are popular precisely because they deliver what the people want and the people do not demand secure products. I do believe iOS was more secure in the old days because it was much simpler. People want features like Airdrop and every time you add a feature like that it creates a new attack vector. Furthermore, people want everything synced up with iCloud and iTunes and whatever so everything is seamless but that means that if someone does compromise any one piece the whole system comes down. Again, Apple is simply giving the people want they want and they are very successful because of it. But that commercial success is in spite of iOS's vulnerabilities not because of it.Again, I'm not convinced that low CVE counts are an indication of security. I found Apple : Products and vulnerabilities . Does that mean that Apple was doing a great job w/security in 1999 thru 2003 and a crappy job now? The tools to find vulnerabilities have got a lot better (e.g. file fuzzing tools, static analysis tools on code, etc.). People have learned a lot about new types and classes of vulnerabilities that hadn't even been imagined before (beyond just say buffer overflows or bypassing some cross-site security in browsers).
My point stands and the volumes of vulnerabilities in iOS and Android speak for themselves. If you care about security you should use a Blackberry.
U.S. government officials have warned that the expanded use of strong encryption is hindering national security and criminal investigations.
In a similar case last year, Apple told a federal judge in New York that it was “impossible” for the company to unlock its devices that run an operating system of iOS 8 or higher.
Apple and Google both adopted strong default encryption in late 2014, amid growing digital privacy concerns spurred in part by the leaks from former National Security Agency contractor Edward Snowden.
Having strong storage-level encryption with an auto-wipe after too many failed logins is absolutely a good thing. I hope Apple sticks to their principles as introducing a back door would be exploited instantly (who would decide who gets the backdoor key and how could you control it?) and also set a bad precedent for other manufacturers.I'm a bit sorry to resurrect this tangent, but this news story today caught my eye: Apple ordered to aid FBI in unlocking California shooter's phone
If it's good enough to keep the FBI out for months now, it's probably pretty decent, eh?
Hyperbole, exaggeration, and omission of circumstances doesn't help. I'm not an expert by any means, but let's take these one at a time.
1) iPhone ignores SSL certificates
First, iOS has built-in support for SSL, including certificate handling, but it is up to each app to implement how security is handled. If you're using Apple's standard framework to develop your app (eg, NSURLConnection), then the security should be good. About 3 years ago it was reported that some iPhone apps were not properly checking SSL certs for validity. That meant they'd accept any certificate from anybody. I don't believe this was or is a problem with any Apple-provided app. Matter of fact, the problem is probably in apps not written specifically for the iPhone and so they don't take advantage of the native security tools built into iOS.
2) Apple's software QA is atrocious
I can't fight a negative without specifics, so I'll let it stand. There was, after all, this report in 2014. My own experience is that my iPhones and apps are no worse than my close friends' Android phones or the people at Blackberry with whom I work that are required to have Blackberry's if they want to use their phone for work.
3) They don't care one lick about security
Again a negative without specifics. Unlike Google, for instance, they are very careful about what data they collect on their users. In talking with engineers who work for Apple about ideas I had for them, they countered back that Apple would never collect that kind of data on their users. Here's an article on Apple's respect for their users privacy:
4) Also you must not care about 3rd parties being able to grab your location constantly even when the app is closed.
This is something that you can enable or disable either for everything, or on a per app basis. I just bought a new iPhone and part of the setup is asking you if apps can grab your location even when they're closed. So, if you care, get an iPhone for you will have control over this.
Anyway, I don't and haven't worked for Apple, I own a insignificant amount of Apple stock. I like a lot of their products. My experience with those products, and in discussions with Apple engineers is that Apple cares about security, privacy, and quality. The way that Apple checks apps that get listed in their App Store helps protect you from rogue applications that could try to access your data. Yeah, apps will slip by every now and then but it's way better in terms of security than the wild west that is Google Play.