Hacker News new | ask | show | jobs
by AnthonyMouse 2767 days ago
> So let’s see, you downloaded the files from their server, now they have a unique id for each user and they can track you more.

Which you can verify they aren't doing if they provide the source code. Or the non-Apple app distributor could verify that they aren't or otherwise sandbox the apps they distribute to prevent that from happening -- another advantage to competition.

> Most commercial apps aren’t going to give you access to the source control.

For something like that, why wouldn't they? Especially when there is a specific reason to, because it's something people are unusually privacy-sensitive about.

And it's not as if a community-developed Pornhub app that did would be accepted into the App Store either.
1 comments
scarface74 2767 days ago
Which you can verify they aren't doing if they provide the source code. Or the non-Apple app distributor could verify that they aren't or otherwise sandbox the apps they distribute to prevent that from happening -- another advantage to competition

So what sandbox is available for apps that don’t allow a native app to ascertain individually identifiable device information?

You also now have to trust the non Apple App Store to check the source code. The entire open source community let the HeartBleed bug stay in open source software for a year and a half...

link
AnthonyMouse 2767 days ago
> So what sandbox is available for apps that don’t allow a native app to ascertain individually identifiable device information?

That's the point. Currently nobody can build that because Apple doesn't allow it.

> You also now have to trust the non Apple App Store to check the source code. The entire open source community let the HeartBleed bug stay in open source software for a year and a half...

"Many eyes" results in fewer bugs over time, not zero bugs instantaneously. It doesn't have to be perfect to be better.

link
scarface74 2767 days ago
That's the point. Currently nobody can build that because Apple doesn't allow it.

And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

Many eyes" results in fewer bugs over time, not zero bugs instantaneously. It doesn't have to be perfect to be better.

Have any statistics to back that up? Is Android more secure or less buggy than iOS?

link
AnthonyMouse 2767 days ago
> And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

https://seap.samsung.com/sdk/knox-standard-android

https://yajin.org/papers/asiaccs15_appcage.pdf

> Have any statistics to back that up? Is Android more secure or less buggy than iOS?

Obvious confounder:

https://en.wikipedia.org/wiki/Darwin_(operating_system)

But what metric would you use anyway? Number of discovered bugs doesn't work because the whole premise is that a higher percentage of the bugs will be found.

It's inherently difficult to measure. But refute the logic: Bugs found by vendor + everyone else > Bugs found by vendor alone. The only assumption is that bugs found by everyone else is non-zero, which is clearly true for any number of open source projects including both Android and Darwin.

link
scarface74 2766 days ago
So your solution to a sandbox app is to buy a Samsung device and use a corporate MDM product to manage that one device?

But what metric would you use anyway? Number of discovered bugs doesn't work because the whole premise is that a higher percentage of the bugs will be found. It's inherently difficult to measure. But refute the logic: Bugs found by vendor + everyone else > Bugs found by vendor alone.

Google and third parties have been finding bugs in other people’s closed source products for decades. Again just because people can look at code doesn’t mean that people are looking at code.

You made the claim that there are less bugs in open source software, without any citations, studies, etc.

Android and Darwin are open source but a large part of both iOS and Android are closed source.

link
AnthonyMouse 2764 days ago
> So your solution to a sandbox app is to buy a Samsung device and use a corporate MDM product to manage that one device?

You implied that no one was making any such thing. They do. An app distributor that wanted to do the same for apps it distributes could do so likewise, but not if Apple stands in their way.

> Google and third parties have been finding bugs in other people’s closed source products for decades. Again just because people can look at code doesn’t mean that people are looking at code.

And if the product was open source, they could also fix the bug, rather than having to rely on the vendor to do it -- which they sometimes don't.

It would also be easier for them to discover the bugs, which would result in more of them being discovered.

> You made the claim that there are less bugs in open source software, without any citations, studies, etc.

Because it's an argument from logic rather than an argument from observation. The claim isn't that some specific number of people have been observed using published source code to discover bugs, only that the number is non-zero -- which doesn't require statistics, only a single counterexample that I can provide myself from personal experience in having done it.

> Android and Darwin are open source but a large part of both iOS and Android are closed source.

Then why propose to compare them as though it would provide some useful information about the effect of open source on finding bugs?

link