[h4waii]

Apple has paid out about $20 million dollars in their security bounty program, and a good portion of that must be iOS-related, so much so that they offer dedicated iOS devices to researchers.

iPhones have been jailbroken by visiting a webpage, receiving a message, or joining a WiFi network.

Just about every single iOS release is patching a vuln that was reported or found in the wild being exploited.

So, really, is the "furthest iOS malware" concern being 3rd party tracking a genuine statement?

[judge2020]

Given it’s much harder to get malware through the App Store than it is to get it through the macOS notarization system (or just telling people to right click open your dmg), you certainly won’t find iOS malware affecting a large amount of users unless those users seek it out (via jailbreaks) or are individuals at risk of extremely targeted attacks, which is what lockdown mode aims to guard against: https://www.apple.com/newsroom/2022/07/apple-expands-commitm...

[makeitdouble]

You should define “malware”. There is wide variety of apps that harm users to different degrees, and I’m not sure we’re sharing the same definitions of what the App Store is supposed to protect their users from.

[fragmede]

In particular, an app that signs you up for a $100/month subscription behind your back that's impossible to cancel via some dark UX patterns, will make it through the notarization system just fine, no jailbreak or exploit needed.

[null_object]

> that's impossible to cancel via some dark UX patterns

The scandalous $10 per week kid’s games definitely exist, but in fairness, you made this part up, as all subscriptions are easily accessible on your clearly labeled ‘Subscriptions’ page, and canceled by clicking the big red ‘Cancel subscription’ button.

[makeitdouble]

To note, the “easily accessible” part is for people with an Apple device with iCloud set as the target account.

You don’t have another Apple device to manage your kid’s subscriptions ? it’s simple ! Download iTunes on Windows! No windows or can’t/don’t want to install iTunes? Tough luck.

You’d think icloud.com has feature parity regarding payment managements and critical settings, and no, it doesn’t [0]

BTW having multiple Apple devices still won’t make it that much easier if you happen to use different Apple IDs (if you need access to more than one country’s store for instance, or separate work and personal profiles): logging in and out is a PITA with the Find My Devices lock and 2FA.

[0] https://support.apple.com/en-us/HT202039

[null_object]

> To note, the “easily accessible” part is for people with an Apple device with iCloud set as the target account. > You don’t have another Apple device to manage your kid’s subscriptions ? it’s simple ! Download iTunes on Windows! No windows or can’t/don’t want to install iTunes? Tough luck.

Wow I’m speechless.

Not having access to your kids’ device, and not having access to a linked Apple device, and not having access to a Windows device, and not being willing to download iTunes is considered a dark pattern??

Sometimes I really wonder about the little anti-Apple bubble some people live in…

[fsflover]

F-Droid app store has no malware, even though it does not benefit from Apple's approach to security. All you need in practice is free software.

[pjmlp]

Which besides a few users waiting for the return of OpenMoko, no one else cares about, including malware authors.

[fsflover]

Would you say the same about the Linux repositories?

[pjmlp]

Depends on how we go about regarding the Year of Desktop Linux, alternative repos, snaps and flatpak, and best of all, curl | sh installs.

[fsflover]

Let's just limit ourselves to servers with the original repos, for simiplicity.