Hacker News new | ask | show | jobs
by tokyodude 2656 days ago
I know of no security benefits to closed platforms. I know many people believe one platform that happens to be closed, iOS, is more secure than some other platforms but I've seen no evidence that it's more secure because it's closed. In fact, the platform that's generally considered the least secure, Windows, is also closed.
2 comments
mch82 2656 days ago
There was an entire controversy about how hard Apple made it for law enforcement to access iPhones, which indicates security benefits.

Apple’s business model also aligns with user privacy (so far).

It’s also worth considering Apple’s CEO personally values privacy because he had to keep his sexuality a secret his entire life until he reached such a prominent position he felt safe to speak out.

I agree that the strongest evidence is the source code, compiler code, and electronics schematics. However, there are other forms of evidence.

link
jstanley 2656 days ago
> There was an entire controversy about how hard Apple made it for law enforcement to access iPhones, which indicates security benefits.

It indicates that Apple software is secure, it doesn't indicate that it is secure because it is closed-source. It might be even more secure if it were open source, because then many more people would be looking for vulnerabilities in it.

link
mch82 2656 days ago
Good catch. I responded to “no evidence Apple is more secure” and missed the “because it is closed” context.

I think Apple’s products would be more secure if they were more open. I appreciate that the core is open (Darwin, WebKit, Swift, LLVM).

link
throwawaymath 2656 days ago
The general argument is that iOS is more secure because Apple strictly controls both the hardware and the software. The two are very tightly integrated in Apple products, which means proprietary software for e.g. segregating userland or interacting with the secure enclave is specialized and well-audited.

The other (perhaps more compelling) argument is that Apple is only able to invest this level of security in its products because of its spectacular profits, which would likely be much lower if iOS were open source.

That's basically the gist of it.

EDIT: To whoeever downvoted this, I'm just relaying the argument.

link
saagarjha 2656 days ago
The Secure Enclave is not well-audited in the traditional sense, as it’s just as proprietary as the rest of the device.
link