[mapgrep]

Engineering and corporate behavior aren't really orthogonal topics, are they, when the actual engineering you want to inspect is unavailable (closed source) and you have to rely on observed behavior and trust?

If Apple actually did have a history of, say, pushing customized "iOS update" binary blobs at USG targets that undermined all the security features they describe in their white papers and in their (other) marketing, that would actually be entirely relevant to claims about the security of iOS, would it not? Even without such on-device updates, a system like iMessage can potentially be thwarted if Apple itself decides to cooperate with MiTMing, at least in certain scenarios.

(Btw I'm not actually endorsing OPs point that Apple is too close with the U.S. government. That does not seem accurate given the public heat brought down on Apple by entities like the FBI recently. But if it were Microsoft, there would be a point there.)

[tptacek]

I think Apple has gone through a lot of trouble to avoid being forced to compromise iMessage, but I am not recommending iMessage. iMessage is orthogonal to Apple's platform security, which is simply better than Android's.

That's all I'm saying.

[jacquesm]

Closed source it may be but what's stopping you from reverse assembly? After all even in 'open source' you still don't know what you run unless you built it yourself. And even then you have to trust your toolchain.