Glen Filthie left a comment asking what I like for vendors providing good phone security. I replied:
I think that Apple is much more serious about their customer's privacy than Google is. Apple has repeatedly told governments to get bent when they demand encryption backdoors; Google seemingly couldn't care less.And here's an example of how Apple's update model is superior:
Also, I think that Apple's update model is superior (it certainly was just a few years ago; I don't get the sense that this is a big area of concern to Google).
Your mileage may vary, void where prohibited, do not remove tag under penalty of law.
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.
The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16. It's due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing library used to process image formats on Samsung devices, which remote attackers can abuse to execute malicious code.
"Samsung was notified that an exploit for this issue has existed in the wild," the electronics giant noted in its September security update.
Note that you get this patch from Samsung, not Google. Samsung is the phone handset manufacturer, and has customized the (Google supplied) Android OS so they rolled the patch. Now customizing the OS isn't bad per se, but it's fair to ask who has a better security group: Apple or Samsung. Same question for Motorola and all the Android phone vendors.
So I like my chances better with Apple, at least for security. And notice that this is only looking at the patching cadence. Apple has a history of standing up to governments who ask for encryption backdoors (by my count this is the US.gov, the UK.gov, and the EU.gov). Each time, Apple told them not just "no" but "Hell, no".
Once again, your mileage may vary, void where prohibited, do not remove tag under penalty of law. But Glen did ask.
Well thanks BP. I always hear the techies and cool kids bashing Apple and from a normie/boomertard’s perspective my iphone12 seems to do more than I need it to. But they talk about them from the “experts” point of view and they always seem to be negative. They start using jargon and I can’t follow it.
ReplyDeleteAll I know is that if/when that totalitarian monster awakes… my phone’s going in the trash.
When the COVID Lockdowns hit in Feb of 2020, Zerodium, the largest purchaser of backdoors/hacks/exploits for use by bad people (mostly governments) was offering $500,000 and up for Apple iPhone exploits. I think the payment topped out at 1.5, though it may have been 2 million.
ReplyDeleteIn May of 2020 they put a moratorium on Apple exploits. They had ALL that they needed for the foreseeable future.
Apple talks a good game, but they don't let outside people inspect their code.
Then there is CVE-2023-38606. Apple built a backdoor. It was very sophisticated, and probably nearly impossible to detect from the outside. It still ended up in the wild, because 2 people can keep a secret if one is dead. It let bad guys (and probably the NSA) have complete access to an iPhone. It was possible because there were no outside eyes on the code.
That and the fact that my Samsung A15 (or the new A16) costs about 25% as much as the cheapest iPhone, and you can keep the walled garden
On the subject of code... Some years ago, when encrypted communications was becoming all the rage, Apple decided to put encryption into iMessage. Did they use open source, verified code? Of course not. They're Apple. They write their own code. It was so bad that defects in the encryption were discovered almost before the rollout of the new version was finished. In the end, they did what they should have done to start, and implemented the Signal protocols.
ReplyDeleteIt goes back to the lack of independent audits. There are none.