[TillE]

If you don't trust Apple, why would you trust a third party auditor?

I can't think of any entity I would trust with securing truly sensitive information. For important stuff, do it yourself. For simple things, including bank accounts and such, I see no issue with trusting Apple.

[fnordpiglet]

Because you’re trusting both apple and the third party jointly, each of whom have different incentives.

I don’t know I buy the “for truly sensitive stuff do it yourself” line. That’s like saying for the truly lethal substances handle them yourself. Most people aren’t more skilled than the apple security folks. You’re almost certainly going to screw up your encryption or leave some vulnerability unpatched or unknown. Frankly I consider my iOS devices to be some of the most secure systems I have access to, and reading through their security documentation has informed that opinion.

[ee64a4a]

> Because you’re trusting both apple and the third party jointly, each of whom have different incentives.

The cynical view, of course, is that Apple's incentive and the Third Party's incentive can become very much aligned for the right amount of money.

[fnordpiglet]

You also have to consider the market value of their reputations jointly as well. It would have to be a huge incentive to risk their reputation, both apples with their security conscious customers and customers with high regulatory burden, and the auditor whose only asset of value is their reputation. Auditors typically poof out of existence (Anderson anyone?)

[jupp0r]

Trust requires transparency and a published security audit report created by a reputable independent author would definitely increase my trust in Apple because they show that they don't have anything to hide.