Although I agree in principle, the counter-argument to this is that Apple would ultimately be blamed in the minds of consumers for not keeping those devices protected from bad software. They could say I told you so, but that doesn’t help them after the golden goose of the App Store has already been cooked.
>the counter-argument to this is that Apple would ultimately be blamed in the minds of consumers for not keeping those devices protected from bad software.
To be brash, maybe consumers need to learn how to protect themselves or move to dumb hardware that is impractical to hack. I don't understand this trend of blaming corporations for not being the de facto gatekeeper of security. They should help minimize spam/malware, but if you're going out of your way to disable those securities (likened to turning off Windows Defender after 2 warnings), your insecurities are self-inflicted.
Many "opponents" aren't asking to change the default experience. They simply want the reigns to take those risks and tinker. Most people can barely even find the theme settings on Android; I won't believe a signifigant portion will get through idiot-proof safeguards just because "well they have a chance to now!"
> To be brash, maybe consumers need to learn how to protect themselves or move to dumb hardware that is impractical to hack.
Most people can't use systems well enough to take charge of their protection. Ideally they wouldn't need to use systems beyond their competence any more than I should have to synthesise my own ibuprofen from scratch (I wouldn't know where to begin), but software ate the world so they can't opt-out either.
> I don't understand this trend of blaming corporations for not being the de facto gatekeeper of security
Governments, the alternative place to seek security, can't do it. The attacks are global in origin, cross border government cooperation isn't at that level, while all Apple local corporations worldwide are all aligned with the one in California.
This trend was preceded with "install antivirus", which had some overlap with "don't connect to the internet" back when that was practically possible.
> They should help minimize spam/malware, but if you're going out of your way to disable those securities (likened to turning off Windows Defender after 2 warnings), your insecurities are self-inflicted.
Those warnings are themselves seen as Apple trying to prevent people switching to other stores.
> I won't believe a signifigant portion will get through idiot-proof safeguards just because "well they have a chance to now!"
What counts as "significant"?
For example, 1% of a nation having their bank accounts drained would be a huge issue — I think that's about 15 times what ransomware currently costs per year.
I've yet to encounter a system so well designed that it's at the 99% level of "idiot-proot", the closest they get is by being the exact opposite: too hard to use so the idiots hurt themselves some other way first.
As a technically minded person, I must say I don’t know how to protect myself from secretly malicious apps.
A weather app needs my location and network access. It doesn’t need to sell ongoing location tracking information associated with my device identifier and IP addresses to marketing companies.
I've been a software engineer for a while, but I don't solve this using a technical approach. I've avoided having apps abuse me by choosing apps written by folks that have no incentive to abuse me. This means going to open source and community-driven apps as much as possible. Of course there will always be proprietary apps and in those cases I need to look at the entity that wrote the app and how much I trust it in terms of their development practices and incentives.
I've used Android for more than 15 years and have never had an issue with malware or viruses or anything of the sort. 90% of this is refusing to install apps that I don't absolutely need. And the rest of it is probably using open source and community apps instead of corporate apps whenever possible.
Unfortunately, the approach of "de-commercializing your phone" is not something that Apple will ever support or allow because it doesn't make them any money. Luckily on Android, I have access to FDroid, which makes this entire approach possible.
> It doesn’t need to sell ongoing location tracking information associated with my device identifier and IP addresses to marketing companies.
fortunately, GDPR covers that already. Or CPPA if you reside in California.
But that's not quite what by Malicious. Malice implies intent for bad desires. A company selling your weather tracking data with dubious consent is simply greedy. It very likely wouldn't be in your top 10 list of perpetrators if your phone was hacked, wiped, or stolen.
I don’t know look at all those people turning off sound check (volume leveling between songs) on their iPhones based on complete fabrications and misunderstanding of what it is and how it works. It’s buried deep, but people still do it.
