Hacker News new | past | comments | ask | show | jobs | submit login

IOS more secure than android? Joke ready. IOS is closed source. You can not tell whether Apple, the CIA, or the NSA are spying on you.



Open source doesn't mean it's secure either and you have no proof that Google isn't doing the same via its Google Play Services on top of Android nor do you have any proof that none of the Android manufacturers are not modifying the Android code without your knowledge. Recall this security issue: http://www.prnewswire.com/news-releases/kryptowire-discovere...

and not to mention the nasty Heartbleed that's still affecting us.

Open source only means the code at some "point" may have been vetted and secured but it will not remain secure forever.

At this point, there is no secure anything, as long as it is man-made, it can be broken by another man.

Apple has incentives to protect your data and it has enough money to not have to rely on sharing the data unlike Google and other Android companies. But this is not to say Apple isn't evil. They all are by default as in the nature of for-profit business they're in.


Do you own a disassembler? I do. Also, a decompiler, debugger, and other analysis tools. Closed source does not mean "black box."

And besides, open source doesn't mean anyone has reviewed the code. Reviewing a program for security takes work, regardless of whether it is open or closed.


Hello! Have you seen the CIA's leaks? It does not matter, because you should already be aware of all the vulnerabilities in IOS.


I really do not understand any of this. I am in the 1st period of the Information Systems course. But I know one thing, it's much easier to find a backdoor with the open code than the other way around. Besides that nothing guarantees that with these techniques you do not miss something.


One of my perennial favorite HN comments: you, the professional reverse engineer, could not possibly do what you do. I've never tried to do it, but I know you can't.


More like I the lowly software developer can read code but I can't reverse engineer - and why should I learn?


It's fine not to learn. What's less fine is stridently asserting, as you have all over this thread, that security advice from experts is flawed while at the same time huffing about how little time you have to learn about the details.


I have repeatedly asked you to actually provide some citations for your claims. Please do so.


Whether it's open or closed source, you have to examine the actual binary code to see what's running on the device. And the tools for this are very good. Both Android and iOS have been very heavily vetted.


Given enough googly eyes, all bugs are hilarious.


Explicit backdoors are a tiny part of the risk you are exposed to, so even if the risk of a undiscovered backdoor in a product is higher than in another, it can still be more secure overall. The article we are commenting on explains quite a few points counting in favor of iOS. An adversary doesn't care about backdoors if the thing you use has plain old unplanned vulnerabilities they can exploit instead.


If you don't understand this, then you're in the wrong business. I hope your school teaches that even vetted security code can be turned against you.


Many people who find bugs for a living would argue the opposite.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: