@jsnell @imyke There's sometimes a temptation to say "but isn't it secure enough for most people?”
But IT security isn't like that. They aren't trying to stop someone from breaking into your house. They're trying to defend against well-funded actors who are trying to simultaneously break into everyone's houses, and then automate it. The weak link breaks the chain.
That said, you are 100% right about the prompts. That's not more secure, it is just bad design, and LESS secure.
@jsnell @imyke I don’t necessarily disagree with that point, for sure. Myke had asked if, for example, the 15 and 16 were really that different, though and that’s when I was talking back to my podcast.
I’m honestly not enough of a security expert to know the answer. Overall, it is good because it makes attacks on the certificate chain less valuable. But would account level work too? 🤷♂️
I don’t know. It isn’t simple, though.
@jsnell @imyke The idea being that if a bad actor managed to compromise BOTH the developer private keys AND Apple’s private keys, they still couldn’t “mass-infect” the world’s iOS devices with bad versions of apps.
They’d still have to do it one by one for each individual device.
Oh, and for the watch high speed water sports. Speed makes pressure. Going fast in water is equivalent to going deeper.
@jsnell @imyke I tried to find a link explaining this in detail, but I think I'd have to dig into their security whitepapers, and I don't have the time now. But, that is my understanding from reading through these in the past.
Each time you download an app from the App Store on an iOS device, that download is created on-the-fly and signed by Apple just for YOUR DEVICE and no other device can use the download, even though the underlying “bits" within the app are the same.
@jsnell @imyke This is a security feature. It prevents man-in-the-middle attacks where an app is modified maliciously by a bad actor on the network between you and the App Store, or after download on your device's storage.
It is very similar to how macOS is cryptographically locked to your particular Mac, except that it happens for every single app on your iOS device, and not just the OS. This has been true for years (perhaps since the original App Store, though I'm not positive on that).
@jsnell @imyke Follow-up from the most recent Upgrade, which you've probably gotten 1000 times already now, but I was doing that thing where you talk-back to a podcast…
On transferring apps from one device to another: You got real-time follow up that said it but you misunderstood the comment. It IS NOT that the apps are special to your model of phone. Each app is cryptographically signed for YOUR SPECIFIC DEVICE.
You can't transfer apps even between identical models.
@512pixels So sad! I remember actually printing out articles from AnandTech (along with @siracusa OSX reviews on Ars) so I could finish reading them offline and make notes.
I was sad when Anand himself left to work for Apple, and now the other shoe has finally dropped. Feels era-ending.
Ryan Smith, with some very sad news: It is with great sadness that I find myself penning the hardest news post I’ve ever needed to write here at AnandTech. After over 27 years of covering the wide – and wild – word of computing hardware, today is AnandTech’s final day of publication. For better or [...]
512 Pixels