The issues with Android are not due to the token ways in which it is slightly more permissive for users (while on the whole still being extremely locked down...); they are due to the ecosystem of manufacturers and how devices end up being deployed. Also, the reality is that for the first over well-over five years of iOS existing, it was de facto open: jailbreaks were commonly available and easy to use; the idea that the very existence of an ability to control your own device can thereby be shown by simple demonstration to not be a serious concern. And to be very very clear: of course the issue is not "the piddling revenue" (they break even on the App Store at best)... the business reasons are that they want a strong DRM story in order to be able to pitch content producers and developers on why their platform should get to deploy and vend their media.

> The issues with Android are not due to the token ways in which it is slightly more permissive for users (while on the whole still being extremely locked down...); they are due to the ecosystem of manufacturers and how devices end up being deployed

I meant something slightly different wrt 'permissive', namely that the overall market execution of Android is very permissive. To users buying the product, the specific reasons why Android is less secure don't matter. The only thing that matters is that they cannot fully trust software on the device or acquired though stores. Whether its the vendors that don't update the OS or the telecom company that installs crapware or the poorly policed third-party app store, malware has ample ways to get on the average Android device, due to the permissiveness of the full chain of processes and people involved in how it is deployed and managed.

> the reality is that for the first over well-over five years of iOS existing, it was de facto open: jailbreaks were commonly available and easy to use

Agree. The first few years were a whirlwind of rapid evolution and Apple had its hands full, and Apple just wasn't developer-focused. Jailbreaks were likely tolerated because developers were hungry to try things and Apple knew the libraries on iOS weren't that great at the time. Plus, jailbreak developers were like an outsourced R&D group for Apple to pluck ideas from. However, as iOS matured, and our culture rapidly adapted to smartphones, people began trusting them with more and more personal information. The cost of not addressing security became higher and higher. Developer tools and libraries also matured in this time, so overall the negatives of jailbreaks (security) began to far outweigh the positives.

> the idea that the very existence of an ability to control your own device can thereby be shown by simple demonstration to not be a serious concern.

Concerns for security exist on a spectrum (and are weighed against other concerns in development), and concerns can change as the world changes and the product evolves.

> the business reasons are that they want a strong DRM story in order to be able to pitch content producers and developers on why their platform should get to deploy and vend their media

I've never once heard the argument that DRM is the reason iOS is locked down. It also doesn't follow given that Macs are not locked down and can get the very same media, as can other platforms.

Given Apple has consistently focused on making computers for regular people for over four decades, I think it's pretty obvious the reason iOS is locked down is simply because there's an enormous amount of bullshit that comes with having users download software from unknown sources, and that a tightly controlled platform provides a much better user experience for regular users. Any other benefits are incidental.

EDIT: After re-reading your comments, I think we're disagreeing in whether locked down = more secure. In the case of iOS, I think it was a conscious decision made to create a better user experience, and an important subset of user experience is security. As you point out with the history of jailbreaks on iOS, you're saying Apple's permissiveness then suggests they don't have that security concern and they want to lock it down for other reasons (correct me if I'm wrong in characterizing your argument). I disagree and think security was one of many concerns being balanced at the time. Also I believe the types of vulnerabilities used by jailbreaks were probably not the types typical users would encounter in daily use of a device, such as browsing the web or downloading apps from the app store. Correct me if I'm wrong on that.

> Jailbreaks were likely tolerated because developers were hungry to try things and Apple knew the libraries on iOS weren't that great at the time.

> As you point out with the history of jailbreaks on iOS, you're saying Apple's permissiveness then suggests they don't have that security concern and they want to lock it down for other reasons (correct me if I'm wrong in characterizing your argument).

No: you completely misunderstand. I am not saying Apple let jailbreaking happen; I am saying Apple's device was so poorly secured (in an absolute, not relative, sense), that in practice you can model the device as being "open to anyone who wants to make their own device open". It was more open than Android for long periods of time as the jailbreaks were more consistent in their ability to give you full control of the device (Android jailbreaks tend to be "hit or miss", really).

The argument then becomes simple: if iOS is a platform you consider secure ("iOS is de facto the most secure consumer OS out there"), in practice this is a device which anyone who wanted to could get complete control over their own device, and so we know that property is unrelated to security.

The only thing it really does is make the device look better from a DRM perspective (particularly the AppleTV). I run into tons of developers constantly who are obsessed about piracy well past the point where it makes sense, and most of them have this weird mental model of Apple's security features that make them think weird stuff like "if I embed a key in my compiled binary no one can read it".

Regardless, I am just going to say it, as me having this information and trying to avoid saying it is probably just causing more problems than it benefits anyone: I have been challenged multiple times by people working at Apple (years ago, and I don't even think these people still work there, which makes me feel at least slightly more comfortable saying this) that if I want them to have a more open device in the ways that I want, I need to tell them how to do it without opening the flood door for piracy.

The argument to me reads as "if the security isn't perfect, it means they are not even trying, which makes it obvious that security is not the goal." but the not-perfect->not-trying jump doesn't seem to be fair.

I don't think goals or intents matter. Apple's goal might be to prevent the Ancient God Mulk'nar from returning to our dimension to begin the second stage of The Reckoning, and commenters might point out "Mulk'nar hasn't showed up yet, so this must be working"; but if either Apple or the commenters seriously think that having a closed device is what is preventing Mulk'nar from returning, they are clearly deceiving themselves as in practice the device has been de facto open (by ludicrous means that should not be required) for many years. The argument here is essentially "you are asking Apple to give up the only thing preventing Mulk'nar from returning" and I am showing how that makes no sense given the reality of history. People are saying the iPhone is very secure. The iPhone is, factually, a device which for many years was one of the more open platforms for people to tinker with their own device, due to the jailbreak scene. So the idea that allowing even all people, much less just security researchers, to tinker with their own device somehow would undo the security of the system doesn't make sense.

I think it's important to remember that Apple has a history of leaning to the decision which is most financially beneficial to Apple, wrt opening up the flood door to piracy. See iTunes/iPods policy changes over it's lifetime.

Interesting paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2244111

The article I read said Apple had iPhones that are easy to hack ? Can you explain what it means ? Quote “for special iPhones that don't have certain restrictions so it's easier to hack them, according to multiple people who attended the meeting.”

Wasn't there one jailbreak that worked through just Safari? Or am I remembering wrong?

Correct. One via TIFF exploit, then later via PDF exploit.

Yep, I believe that was the very first one.

I believe you're referring to JailbreakMe. Yes, it was Safari-based, but no, it wasn't the first jailbreak.

except cases like this: https://medium.com/@johnnylin/how-to-make-80-000-per-month-o... show that it's just a security theater for users rather than an actual working protection for users.

User lock-in is all that Apple really cares about - the entire app approving dance just adds a nice toolset to find arbitrary reasons for blocking apps that might be interfering with Apple interests (https://www.recode.net/2016/6/30/12067578/spotify-apple-app-...).

This is scammy and awful developer behavior, but probably best to keep in mind there was no overtly malicious content actually in the app regarding security, instead preying on user ignorance.

FYI: You're not wrong on this, I have found multiple apps which try to grab sensitive info and phone home with it, only pointing out your link may not be the best example to use.