[zepto]

>>App Store stopped more than $1.5 billion in potentially fraudulent transactions in 2020

> They never justify or source this, they literally just pulled it out of their ass.

They pulled it out of their data.

> Nope, you can use Facebook messenger from an iPhone or even a Pinephone.

Exactly - as I said, there is no shortage of cross platform apps you can use to do group chat.

> Apple is running the only popular chat app which demands you use only their hardware.

So what? There are many options. Nobody has to use it.

> Quite simply: the cost is that almost all the software is absolute shit.

Not for most consumers.

If you are someone who insists on inspecting the source code of SSH apps, I applaud you.

You are one of a tiny minority of specialists who can do this. End users in general quite obviously cannot.

That’s why they buy a consumer product which doesn’t require them to.

[swiley]

I meant to mention this in my other reply but can't now because of noprocrast.

>You are one of a tiny minority of specialists who can do this. End users in general quite obviously cannot.

"Experts" inspecting the source code for apps allowed for some bare minimum security checks. Companies buy out smaller software projects and add spyware to them fairly often (on the iPhone this usually happens via dylibs rather than the App publisher purposefully doing it.) and Apple has removed one of the only ways to catch this without an adequate replacement. The effect is much worse overall security.

[zepto]

> Companies buy out smaller software projects and add spyware to them fairly often (on the iPhone this usually happens via dylibs rather than the App publisher purposefully doing it.)

Yes.

and Apple has removed one of the only ways to catch this without an adequate replacement.

No - these can be scanned for during app review.

> The effect is much worse overall security.

No, consumer software outside the App Store is rarely examined by experts who have access to the source code.

This certainty is not a general practice.

[swiley]

I would be willing to bet money that there is more malware on the App Store than in the official Debian Repos.

[zepto]

So what? There is more malware in the App Store than on floppy disks for the Atari ST too.

The Debian repos are not a software store.

[swiley]

If you hand auth secrets to random apps on the App Store they will get stolen, this happens all the time. Having some contractor spend a few hours poking at the GUI doesn't mean consumers aren't required to be responsible.

[zepto]

> If you hand auth secrets to random apps on the App Store they will get stolen,

I agree. This is why Apple is offering ‘login with Apple’. It’s safer than entering credentials.

> this happens all the time.

No it doesn’t. There are a few rare cases, but many more are stopped by review.

> Having some contractor spend a few hours poking at the GUI doesn't mean consumers aren't required to be responsible.

No, but almost nobody is dealing with SSH keys, and those who are should know how to deal with them.

These are consumer devices - if you need a device you can inspect the source for, these are not for you, but clearly almost nobody can do that.