Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
Apple doesn't even require seeing the source code, and so there is no way they can stop malicious applications written to evade detection from getting to the App Store.
And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
Of course, both Android and Windows Phone are broken too, since they also expose oversized monolithic kernels written in C to random applications, but at least Android doesn't require you to give up freedom to get non-security.
> Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
The jailbreaks for recent versions of iOS only allow jailbreaking unlocked devices, at which point security is already compromised.
> And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
In iOS 8 they allowed other apps to use the same JIT engine Safari does[1]. This makes me inclined to take them on their word when they say it was previously disallowed for security reasons (some early jailbreaks could be done just by visiting a web page, using security holes in Safari's javascript JIT).
> What? You must mean something else because unlocked devices aren't (necessarily) compromised.
I mean compromised in the sense that the malicious party now (for example) has access to the user's email, and would be able to reset a whole host of passwords for online services (assuming they don't use 2FA or something similar, which most users don't). If they wanted to install a keylogger, or get saved passwords, then yes they still have to jailbreak my device. This xkcd is relevant: https://xkcd.com/1200/
I think we must be using "unlocked" in different ways. I'm intending it in what I think is the conventional way for this context: when the device's cellular subsystem is not electronically locked to a particular cellular service provider.
You're absolutely right, I should've picked a different word. I mean unlocked in the lock-screen/password sense. Of course, messing with carrier settings is not easily done even if the phone is not carrier-locked, and pulling of an exploit that way is even more difficult.
>Security? What security? Every single release with iOS has been totally broken
Here's a recent report from computerworld - Malware infections delivered via mobile networks - Windows 80%, Android 20%, "iOS and other operating systems were at nearly negligible percentages"
Nothing's perfect but iOS isn't that bad.
(Window's numbers seem to be mostly pcs with tethering. "Data generated from scans by Alcatel-Lucent's Motive Security Guardian technology, which is deployed worldwide by both mobile and fixed-line networks, and monitors traffic from more than 100 million devices")
Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
Apple doesn't even require seeing the source code, and so there is no way they can stop malicious applications written to evade detection from getting to the App Store.
And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
Of course, both Android and Windows Phone are broken too, since they also expose oversized monolithic kernels written in C to random applications, but at least Android doesn't require you to give up freedom to get non-security.