I would argue that iPadOS (built on iPhone's coat tails) moved the field forward significantly in terms of isolation and user security.
While this has left a long tail of inconveniences, many resolved and some not, I am very confident that using 1 app on my iPhone/iPad will not leak data to another in any case that I am likely to care about as a non-significantly interesting person (political figure, etc).
... and for those people Apple even makes lockdown mode to move the bar, while acknowledging it adds extra inconvenience: https://support.apple.com/en-au/105120
I have no such confidence about macOS, Linux or Windows, in fact the reverse. macOS has done the best at trying to bolt on some sandboxing (and linux has it too) but that's still very holey and not all-in like iOS/iPadOS has ended up.
Yes, I know there have been many bugs and leaks in iOS but the security level is far and above the desktops currently, and designed that way from the ground up. So when they finally make something work like copy and paste or sharing between apps, etc... it's by and large done very well.
It's been very difficult to add that kind of thing to Linux because you're trying to do the reverse and lock things down and it breaks everything... making it very challenging.. as opposed to Apple where basically nothing useful worked at the start (no copy/paste, one app at a time, no meaningful filesystem, etc).. but managed to get the product successful in the limited state and has slowly unlocked that stuff over time. Admittedly very slowly.
I cannot speak for Android as I just have never used it or surrounded myself in info about it's design, security, etc.. it may well be very similar although they from my casual observation seemed to do a much worse job at granular privacy permissions (e.g. for the longest time permissions were all granted at install time, and so many apps want so many most people are blind to it.. as opposed to Apple's model where even if notarised for something on the app store in most cases you have to agree to it when the app first uses it.. I know they fixed that a while back but I have no idea how well things have transitioned to that now). As a very techy person deeply knowledge in many things, and using desktop Linux since 2002, it's kindof a hilarious personal failing that I have never used Android.. I really should try and resolve that at some point.
Android permissions began to ask for individual confirmation on first use in Android 6.0 (released in 2015) so the grant-all-on-install model hasn't been how it works in a very long time.
Also your narrative about iOS moving from locked down to opening things up over time isn't entirely accurate, when iOS (iPhoneOS) was first released, it didn't have any concept of permissions at all! Apps could use whatever API the OS offered with the user none the wiser. At that time Android Market forcing developers to disclose which permissions were required was seen as unusually transparent and secure. Random iPhone apps scanning contacts deceptively pushed Apple to adopt a permissions model several years after the iPhone was first released.
The two platforms have historically leap frogged each other in various ways but at this point have started to converge as mobile settled into a boring appliance instead of groundbreaking new computing paradigm. Apart from sideloading, notifications and some minor annoyances here and there I can almost forget which OS I'm using as I switch between iOS and Android (thanks to gestures removing the trademark home/back navigation distinctions).
> While this has left a long tail of inconveniences, many resolved and some not, I am very confident that using 1 app on my iPhone/iPad will not leak data to another in any case that I am likely to care about as a non-significantly interesting person (political figure, etc).
Log in to YouTube with one Google account. Log in to Google Drive with a different one.
Google knows that both accounts are owned by the same person, because Apple lets Google's apps access the data of the others on the same system.
It wouldn't surprise if Apple had fixed this, it's the sortof thing they would fix, but it may be worth trying with 2 devices not from the same iCloud account. Wouldn't surprise me if the code paths were subtly different in that case.
They would seem to contain identifiers as law enforcement have been able to follow up on instances where there has been airdropping of perverse images, but as noted by others the files don't include names.
The problem with airdrop (and likely why the 10 minute setting now exists) is that it includes a preview image as part of the notification request.
So other than being able to subject someone to perverse images, preview images have also been used in state-sponsored zero-click attacks to infect the phones of their targets. While that vector seems to be muted for now, the 10 minute setting provides a layer of defence against both potential future zero-clicks and receiving unsolicited previews images.
I've found QEMUs microvm to be faster at boot while having nicer tooling and a cleaner upgrade path if needing more features. Aside from hype I'm actually not sure why anyone would still use firecracker.
If I had to guess it is possibly something to do with fighting crawlers/bots/etc triggering the detection? And running some kind of more advanced logic to try ensure it's really being used. Light captcha style.
There’s a slight improvement in that the passkey will only transmit to the correct website. Cannot select and fill it to the wrong domain.
But other than that I agree. Especially now that these synchronise with iCloud, BitWarden, etc seems a no brainer you can just steal these and access everyone’s accounts in many cases with no extra 2nd factor.
While this has left a long tail of inconveniences, many resolved and some not, I am very confident that using 1 app on my iPhone/iPad will not leak data to another in any case that I am likely to care about as a non-significantly interesting person (political figure, etc).
... and for those people Apple even makes lockdown mode to move the bar, while acknowledging it adds extra inconvenience: https://support.apple.com/en-au/105120
I have no such confidence about macOS, Linux or Windows, in fact the reverse. macOS has done the best at trying to bolt on some sandboxing (and linux has it too) but that's still very holey and not all-in like iOS/iPadOS has ended up.
Yes, I know there have been many bugs and leaks in iOS but the security level is far and above the desktops currently, and designed that way from the ground up. So when they finally make something work like copy and paste or sharing between apps, etc... it's by and large done very well.
It's been very difficult to add that kind of thing to Linux because you're trying to do the reverse and lock things down and it breaks everything... making it very challenging.. as opposed to Apple where basically nothing useful worked at the start (no copy/paste, one app at a time, no meaningful filesystem, etc).. but managed to get the product successful in the limited state and has slowly unlocked that stuff over time. Admittedly very slowly.
I cannot speak for Android as I just have never used it or surrounded myself in info about it's design, security, etc.. it may well be very similar although they from my casual observation seemed to do a much worse job at granular privacy permissions (e.g. for the longest time permissions were all granted at install time, and so many apps want so many most people are blind to it.. as opposed to Apple's model where even if notarised for something on the app store in most cases you have to agree to it when the app first uses it.. I know they fixed that a while back but I have no idea how well things have transitioned to that now). As a very techy person deeply knowledge in many things, and using desktop Linux since 2002, it's kindof a hilarious personal failing that I have never used Android.. I really should try and resolve that at some point.
reply