• twix@infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    I haven’t heard about google testing hardware based attacks on their chips, which I suppose could be caused by android running on a wide variety of chips instead of a few home-developed ones. Next to that Apple has had a bug bounty program for ages, that pays well and covers a wide range of attacks. Not hosting open hackathons has perhaps something to do with public brand image, but Apple shouldn’t be discredited regarding rewarding the findings of bugs and exploits.

    • danielfgom@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Not sure about their own chips but definitely hack the daylights out of Android.

      Apple has a bounty program but it doesn’t work. I’ve read multiple stories over the years of Devs who submitted show stopping bugs and never got anything back from Apple. And they take MONTHS to release a fix.

      The Google Security Team found a massive hole in iOS, reported it to Apple, and after months of waiting with no feedback or fix released, they published it openly. Only THEN did Apple suddenly acknowledge it and released a fix.

      Apple are the biggest hypocrites. They claim to be private and not collect data but literally everything you do on your phone they can see and collect. Everything in iCloud is on their servers. All your browsing history they can see in Safari.

      The only difference between them and Google is that they claim not to sell the data. But as we know Edward Snowden told us that the CIA/FBI etc have full access to all the servers of the Big Tech companies under the Patriot Act. They can decrypt and see your data anytime.

      So in other words not really private. None of them are.

      • twix@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Sadly the same thing has been happening on the android side (a quick google search seems to confirm this). Possible exploits reported but not patched in a timely manner. In general I feel like the Apple bug bounty problem has been swift, although indeed failing from time to time to reward an original reporter. I have not been keeping a close eye on the android side but I imagine the same has been happening. Apple has started to offer e2e encryption on iCloud data blocking even CIA/FBI access. And next to that, seeing I’m based in Europe (and so my data should too) I don’t feel like the patriot act has any impact on me.