Apple or Android for security?

Glen Filthie left a comment asking what I like for vendors providing good phone security. I replied:

I think that Apple is much more serious about their customer's privacy than Google is. Apple has repeatedly told governments to get bent when they demand encryption backdoors; Google seemingly couldn't care less.

Also, I think that Apple's update model is superior (it certainly was just a few years ago; I don't get the sense that this is a big area of concern to Google).

Your mileage may vary, void where prohibited, do not remove tag under penalty of law.

And here's an example of how Apple's update model is superior:

Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.

The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16. It's due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing library used to process image formats on Samsung devices, which remote attackers can abuse to execute malicious code.

"Samsung was notified that an exploit for this issue has existed in the wild," the electronics giant noted in its September security update.

Note that you get this patch from Samsung, not Google.  Samsung is the phone handset manufacturer, and has customized the (Google supplied) Android OS so they rolled the patch.  Now customizing the OS isn't bad per se, but it's fair to ask who has a better security group: Apple or Samsung.  Same question for Motorola and all the Android phone vendors.

So I like my chances better with Apple, at least for security.  And notice that this is only looking at the patching cadence.  Apple has a history of standing up to governments who ask for encryption backdoors (by my count this is the US.gov, the UK.gov, and the EU.gov).  Each time, Apple told them not just "no" but "Hell, no".

Once again, your mileage may vary, void where prohibited, do not remove tag under penalty of law. But Glen did ask.

Hey, remember that Apple iOS fix last month?

It looks like the Bad Guys are attacking older devices as well:

Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls "extremely sophisticated" attacks.

The latest security update, pushed on Monday, fixes an out-of-bounds write issue tracked as CVE-2025-43300 in the ImageIO framework, which Apple uses to allow applications to read and write image file formats. It's available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, and the iThings maker on August 20 patched the same CVE in its newer devices.

Well done to Apple for this.  iPhone 8 was released a long time ago, but they're still supporting it with security fixes.  Bravo. 

Tagged with my Apple Sucks tag because this time they absolutely do not. 

 

Seen in the neighborhood

 

All I've ever seen before in this neighborhood are the usual run-of-the-mill printed campaign signs, and only during election season.

Something is different. 

A message to commenter "DTWND" (and people who think like him

I recently posted The Lamps Are Going Out All Over America.  For the two of you (likely including DTWND), the reference was to the beginning of World War I, when the politicians realized that the New World that they had created was basically everyone standing is a room filled with gasoline waving lit matches around.  We know how that turned out.

My post was not inflammatory; it was sad. Nonetheless, reader DTWND left the following comment:

Those of you on the right are really, REALY [sic] hoping that something in the shooter’s background will tie him to the leftist, liberal side of politics. Meanwhile, you’ll continue to deny and obfuscate the truth that this was one of your own. Just like the group that planned to kidnap Michigan’s governor Whitmer; the guy that shot and killed the two Minnesota legislators: the folks that marched in Charlottesville: the shootings at the LGBTQ nightclub in Orlando: the ‘peaceful demonstators’ [sic] at the Capitol on January 6th; etc.

I find it telling that all the former presidents, Democrats and Republican, issued messages of condolence, condemnation of the event, and calls to end political violence, while the current president condemned the violence but also expressed the point that those of the left persuasion need to under scrutiny and should not be trusted.

As Mr Kirk had stated, “Prove me wrong.”

Here is the pertinent part of my original post, and my replied to Mr. DTWND:

Who would have figured 24 years ago that society would be destroyed from within?

[Memes deleted]

If you don't know the people who don't understand that sentence, then they are the ones who you need to not know. 

Not particularly well said, but perfectly understandable.  And so you clearly failed on multiple levels: 

1. It sure as shootin' looks like the shooter was a leftist freak.  The 72 hour rule applies here, which you either ignored, didn't know, or skated past because you were angry.
2. It "wasn't one of our own", it was exactly what you'd expect from a rabid Left baying for the blood of conservatives.  See #1, above.  Nicely done, getting two own goals from the same ball, though.
3. The group that was going to kidnap Governor Crazy Eyes was led by a FBI asset.  Sorry you're so behind on this, but not really surprised.
4. The rest is IQ-90 level Leftist boilerplate.  Ashley Babbit would reply but could not be reached for comment, as she was shot in the back by a Capitor Hill police officer on January 6.  Some of us are aware on the rules for the use of Deadly Force; you clearly are not, but thought this was a winning argument for "conservative violence".  Dumbass. 
5. Former Presidents call for the end of political violence?  Gosh, why might this be hard to believe?
    
   
6. Most significantly, you (a) did not reply to the content of my original post and (b) chose to try to insult me and hijack my site for your absurd political dogma.

Fine, then - let it be so.  DTWND, go away and don't come back.  We don't need your thoughts polluting this site. You're banned.  Go hang out with your leftie assassins.

The lamps are going out all over America

Who would have figured 24 years ago that society would be destroyed from within?

If you don't know the people who don't understand that sentence, then they are the ones who you need to not know.

We Swore to Remember

Another declassified NSA Cryptanalysis doc

This one is from 1965 (i.e. it was classified for 60 years!) [PDF warning].

It's the output from a computer program (from 1965!) that takes an encrypted cypher stream and performs tricks of the trade like frequency analysis of each character and other statistical analysis.  The test was for the cryptanalyst to use this to identify which language was being enciphered.  Essentially, it was a training class for Secret Squirrels. 

Pretty cool in a very crypto geeky way.  It took me back to some training I had as a larval engineer as the class of new hires waited for their clearances to be approved.  I wasn't great at it (I was an electrical engineer, not a linguist).  The Queen Of The World eats this sort (cryptograms in the newspaper) of stuff for breakfast.

(via) 

War Department bans Chinese nationals from Cloud environments

This is an area that has needed reform for years:

The Pentagon will no longer allow Chinese nationals to support Department of Defense (DOD) cloud environments, Defense Secretary Pete Hegseth said in a video posted to X on Aug. 27.

Hegseth said the arrangement – part of a Microsoft program known as “Digital Escorts” – allowed coders from China, remotely supervised by U.S. contractors, to assist with sensitive DOD cloud systems. He called the setup an “unacceptable risk” to national security.

Well, yeah. 

Here's how the rules have been bent for years.  Initially what was mandated was that only U.S. Citizens could work in these environments.  After lots of complaints from tech companies (*cough* Jobs Americans won't do *cough*) this was changed to "US Persons".  This added both Green Card holders and H1-B Visa holders to the list of acceptable people allowed into the environments.

Fast forward a decade and Silicon Valley has so gamed the H1-B system that the US imports a huge number of foreign workers while laying off US citizens.  So the question is how much loyalty to the USA do these people have?

Green Card holders?  Probably a lot.

H1-B holders?  Dunno.

Chinese H1-B holders?  Per the SECDEF, they represent an overwhelming security risk. 

Like I said, this area has been ripe for reform for years.  We will see if this policy gets extended from the War Department for Fed.Gov in general. 

Dad Joke CCCLX

You've heard of Pop Tarts.  Why aren't there Mom Tarts?

Because of the Pastry-archy.