[millstone]

Maybe there's a private API on iOS that leaks the user's email addresses without the proper permissions. Maybe there's one on Android too. Neither OS has a runtime that will prevent malicious apps from exploiting such an API.

> What I wrote was you are not going to be able to call an Android API via private invocation and succeed if the API requires a specific permission and your app hasn't declared it

Just like on iOS, with the difference that it happens at call time and not installation time.

> All of this only goes to prove that Apple's security in iOS is not extraordinary as you claim

It shows the exact opposite! Notice how ridiculously weak these results are. On one of the most high-profile targets today, an app may (unconfirmed) be able to determine the user's email address and send it to a server. On a trojan app that the user deliberately installed, and then deliberately granted access to Twitter, it can post a tweet without the user's confirmation, if the user has not updated the OS. Fetch the smelling salts!

Meanwhile, millions of Android phones are part of botnets, like NotCompatible.C, at one point reaching 1.5% of mobile devices in the USA. A Chrome 0-day came out last week, allowing full control remotely of fully-patched Android phones. These aren't research papers showing theoretical attacks, this is real life.

Yes, iOS has extraordinary security, and its competition only makes it look better.

[blinkingled]

A Safari zero day was just sold to governments (Nov 2nd). But yeah continue to assert otherwise if that makes you feel better. I am sure you have some explanation for that and all the previous jailbreaks for iOS and how they show iOS security being extraordinary! Android phones with botnets? Yeah you can believe that so hard it will make it a fact soon!

/jeez why do I bother with Apple fanboys?