top | item 39783974

(no title)

I don't even let my users have browser extensions without them going through the formal review process. Managing the proliferation of PWAs (potentially unwanted apps) is one of the most unsolvable issues in security. iOS is the gold standard for secure mobile computing due to inability to support alot of these risky use causes.

discuss

wiseowise|1 year ago

> we’ve removed all features in the name of security

Wow, gold standard for sure. Is this why iOS zero day costs less than Android one?

https://zerodium.com/program.html

mderazon|1 year ago

Exactly, this is marketing talk. Pixel is secure, get regular updates, lesser target than iphone and in terms of privacy can be "hardened" just by going over the Google services setting menu and opting out of everything. Rest can be achieved by using Firefox (which actually runs on Android not like FF on iOS which is a shell) with ad blockers and choosing a different search engine.

I would argue it's much more secure and more private this way

grumpyinfosec|1 year ago

i wouldn't put much stake a zerodium numbers as the benchmark of platform security. People who sell these kind of gray market mobile zero days for big bucks aren't going public about it. Mostly because the only buyers that aren't the OEM are nation states, maybe the top end of criminal land and of course the NSO group. Plus android's at least 10x the market when you start talking IOT and point sale etc.

tpmoney|1 year ago

Wouldn't the value of a zero day be the expected return on what you can get from it? So a lower cost on iOS zero days means less buyers want them, presumably because they're less capable than a zero day on Android?