[pm90]

> I understand how one may consider this a "closed ecosystem" from one perspective. However, from a customer point of view any startup or mom-and-pop can leverage these very complex and expensive world-class security developments, whereas in the past this access has been reserved to the very select few that could afford it. When the barrier to entry is lowered and access is commoditized, customer wins.

I don't understand why the customer can't get these benefits AND the ecosystem be open as well.

[kabdib]

Pressure from governments to not supply consumers with hardware that is resistant to surveillance is one reason.

AFAIK, the consumer systems that are most resistant to physical attack (and that lack spooky things like Intel's system management CPU) are game consoles. The hardening is a requirement for anti-piracy and anti-cheating, and in newer generations of consoles it's been quite successful. Recent iPhones are a distant second in terms of security architecture.

[hedora]

> Recent iPhones are a distant second in terms of security architecture.

Source? Apple does some pretty sophisticated stuff around hardware security mechanisms and software correctness.

(I genuinely want a technical description of the mechanisms consoles use these days so I can read it -- not trying to start an argument...)

[cmdrfred]

I don't have any details but without a exploit a game console will never run a single line of code that isn't signed. It makes the attack surface rather smaller than an iPhone.

[eric_h]

Without an exploit, how does one run unsigned code on an iPhone, exactly?

[cmdrfred]

Like so: https://www.igeeksblog.com/how-to-sideload-apps-on-iphone-an...

[eric_h]

You're still signing the app when you side load it in that way.

[gm-conspiracy]

I would agree with you if they cannot be updated via an internet connection.

[stuckagain]

You can't have an open ecosystem when part of the ecosystem is hundreds if not thousands of full-time security experts and 24x7 opsec analysts. It is an integrated software and operations system. The software alone doesn't get you anywhere.