First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts : apple

[–] [email protected] 19 points 6 months ago (3 children)

OMG! See this is exactly what Apple said works happen if they were forced to slow side loading. I hope you are all happy!

“Checks notes”: Side loading has not been enabled yet…

… oh

[–] [email protected] 8 points 6 months ago (1 children)

Apple before implementing sideloading:

"We can't let users install unverified apps. Sideloading will make our devices less secure. "

Apple after they're forced to implement sideloading:

"We give users the freedom to install apps from outside the store. The iPhone is as secure as ever. "

[–] [email protected] 2 points 6 months ago (1 children)

I'm sure they're concerned about security, but the main reason is they don't want to give up their cut of any app sales.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

I know I'm earning this downvoted spam, but...

This requires you to use enterprise-oriented features that blast you with warnings telling you not to do it. After you ignore those warnings they can install anything they want on your device.

This is basically sideloading for corporations.

And it is exactly an example of what will happen (and be quite common) if regular sideloading and alternative app stores with no Apple validation are forced on us.

It's a problem on Android, already. Banking apps disable themselves if your device is rooted due to malicious Trojans that exploit that feature to gain easy access to your data.

[–] [email protected] 0 points 5 months ago

I'm sure they'll make sideloading a miserable enough experience for all involved (but not miserable enough to make it obvious that it's in bad faith and incur the wrath of the EU) that both users and devs will just opt not to do it

[–] [email protected] 6 points 6 months ago (3 children)

A trojan you have to install yourself (by accepting a malicious MDM profile) is not a trojan...

[–] [email protected] 10 points 6 months ago* (last edited 6 months ago) (1 children)

That’s not true. A Trojan is a virus disguised as something else to trick your victim. Am I the only one that messed with their friends with ones like sub7 and stuff like 30 years ago? Lol

[–] [email protected] 1 points 6 months ago

Do you know how most viruses and Trojans work? Because I can guarantee they don't just show up on your computer magically.

[–] [email protected] 1 points 5 months ago

I agree with your sentiment, but it's still a Trojan.

It just requires you to bypass all of the "do not do this unless you know what you're doing" warnings to go through the very obviously risky process to be able to install the Trojan.

[–] [email protected] 5 points 6 months ago (2 children)

This is an actual interesting article that they just ruined with SEO spam links to 'the best ' all over it. Sigh.

[–] [email protected] 3 points 6 months ago (2 children)

do you need some help setting up ad blockers?

[–] [email protected] 2 points 6 months ago (1 children)

It's literally in the text of the article. I'm using both ublock origin and a pihole here.

[–] [email protected] 1 points 6 months ago (1 children)

huh, i can't see it

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

I think they mean the links to other articles:

One of the reasons many people pick one of the best iPhones over their Android counterparts is due to security.

Which, well, I dunno how that's so bad. It's just linking to other articles on the same site 🤷

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

The usual. Can’t say I see any of it though. All blocked.

[–] [email protected] 1 points 6 months ago

Pegasus

[–] [email protected] -2 points 6 months ago

this is why i took all banking apps off my phone. the websites work fine anyway.

[+] [email protected] -14 points 6 months ago (5 children)

I'm sorry for the Apple users, but Apple devices are so restricted, why would you even want to use one?

[–] [email protected] 7 points 6 months ago* (last edited 6 months ago) (1 children)

It all comes down to what you use the device for. I know the apple hate is strong but there’s not a whole lot of different use cases going in to either one other than the ecosystems. Also most android fanatics haven’t even used an iPhone to comment on anything. They do anyway though.

[+] [email protected] -7 points 6 months ago (2 children)

I have used an iPhone for 2 years and getting an Android 6 months ago was a breath of fresh air. I could install any app I wanted, including custom launchers, sms, TTS, etc. I didn't have to sign into a MAGMA account to use the device. I had a headphone jack. I could add a network speed tracked in the status bar. I could actually implement DNS adblocking and it worked. I could install Firefox extensions - a huge thing that's 36% of the reason I'm not going back to iPhone.

[–] [email protected] 3 points 6 months ago

DNS ad blocking on iOS has been fine a few years at least. I've been using NextDNS on mine since 2020. I actually shocked some family members at how easy it was to setup on theirs, to the point where they felt weird not seeing the ads plastered everywhere. One actually wanted them back. Stockholm Syndrome, I guess.

You can use either their app, which toggles a network profile for the DNS, or install a MDM profile from their site, which is a more persistent option. I prefer the app as you can toggle it off if something isn't working and you want to confirm whther the DNS is the culprit.

[–] [email protected] 3 points 6 months ago (1 children)

Orion allows Firefox extensions and I’m sure others do as well. If you’re a nerd, love tinkering around constantly, and not your standard insta/tiktok/facebook/insert dating app user which I would argue is a huge amount of phone users. Android is the obvious choice, but only specific ones of course cuz there’s hate there too towards specific brands if you’re super nerd.

DNS ad blocking works too through VPN ad blockers (for 4-5? Years now). I don’t want to argue but every point you made makes no sense. You just didn’t do any research or are not really at the nerdom level to be so appreciative of an Android.

[–] [email protected] -3 points 6 months ago (1 children)

You only responded to two of my points.

Orion allows Firefox extensions and I’m sure others do as well

I honestly didn't know about Orion. The lack of alternate browser engines on iOS is still problematic though.

DNS ad blocking works too through VPN ad blockers

Cool, you refuted one more point. How about the rest? You still need an Apple account to use iOS properly - to install apps, to have automatic cloud backup (only iCloud is allowed to run in the background - and I know because I used to use Google photos, you had to have the app open to backup photos). You can't edit the status bar to show a network speed indicator or anything else. You can't install third party SMS, phone, or launcher apps and the FOSS environment is quite small anyway due to Apple's walled garden with the app store and hostility to developers - It costs $99 p/a + the cost of an Apple computer to release an app to the Apple app store.

You just didn’t do any research or are not really at the nerdom level to be so appreciative of an Android.

Lol, gatekeeping, much? I would argue even for noobs android is better just for the FOSS suite available and ease of switching if they do become more tech literate and start caring more about customisablity.

Android is the obvious choice, but only specific ones of course cuz there’s hate there too towards specific brands if you’re super nerd.

Any Android device is miles above an Apple device, but eg Pixels with GrapheneOS are obviously going to be superior to Samsung or Huawei phones too. On that I agree with you.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

I think both are great and have nearly all of the same things. Really all I was getting at.

iCloud is a plus for me as it intertwines everything I use seamlessly. I can’t argue a point against you not wanting an apple account.

I agree with the side loading points but for me the greater argument there is what are you needing to side load and is there not something better that already exists without having to side load? I’m a super nerd and don’t have anything I need to side load but I have AltStore setup just in case I would want to.

I agree with the browser crap too. I have no issues there though either other than safari maybe being too strict on cookies at times. I have all the extensions I need, even userscripts. Shortcuts is extremely powerful these days too.

Why do I need a third party sms? I honestly don’t even know what that means? There’s tons of different apps for alternate phone numbers for texting. Or you really want to have a completely different messages app using all of the features of the Messages app? For what? Launcher apps were cool when I was flashing custom roms and stuff as a teenager.

They’re not miles above. What FOSS do you absolutely need that isn’t on iOS?

Again I find them both great… I just don’t understand the need to come in to threads and bash apple users.

[–] [email protected] 2 points 6 months ago (2 children)

As a developer: superior hardware, years ahead of Android in terms of performance. Android is way too limited in what you can do with it as a developer.

[–] [email protected] -3 points 6 months ago (1 children)

Sorry, what? Are wee talking about different operating systems? Apple is way more hostile to developers, as I described in my other comment.

[–] [email protected] 4 points 6 months ago

Practically you simply can do a lot more on iOS, especially if you are doing things that require a lot of performance. The CPU is much, much faster, you have access to more RAM, the GPUs are more advanced. There is actually a GPU computer API that works on all phones instead of the mess on Android where there simply isn’t anything that is universally supported.

APIs are also a lot more powerful on iOS. Anything related to media, for example. You have so much more control and advanced APIs for things like the camera, dealing with video data, etc. There simply is no comparison. Android is a toy OS compared to iOS.

[+] [email protected] -4 points 6 months ago* (last edited 1 month ago) (1 children)

[removed by mod]

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

I work on some stuff that has to run on iOS and Android, computer vision related. So often when we work on new functionality it’s “no, we can’t do that on Android”, never the other way around. CPUs are slower, GPUs are slower, and worse they lack features. Fragmentation is an absolute PITA. There isn’t even a decent GPU compute solution that works on all android phones. RenderScript is too high-level and you can’t even be sure it runs on the GPU. GPU compute is not supported on all versions of OpenGL ES and only a subset of phones support either the latest version of OpenGL ES or Vulkan. It’s an absolute mess.

Even if a phone supports Vulkan, there are tons of optional features that you can’t rely on being supported.

By comparison, iOS is absolutely amazing. Almost all iPhones run an up-to-date iOS version, you can know for certain which GPU features are supported. Both GPU and CPU are also a lot more capable than on Android phones. For example: A-series SoCs have support for hardware accelerated matrix operations, on the GPU side you have things like SIMD-group operations (permute, reduction, matrix). All stuff that you can’t use on Android because it’s either not supported at all or only a handful of phones support only some of them.

[+] [email protected] -3 points 6 months ago* (last edited 1 month ago) (1 children)

[removed by mod]

[–] [email protected] 3 points 6 months ago (1 children)

Fragmentation is a disadvantage in this way, but it allows for a far bigger strength – democratisation of technology

How is not supporting certain hardware features ‘democratisation’ ? This is not something users would be able to make an informed decision about, or even know about. No user goes into a phone shop and asks for a phone that has a GPU with support for SIMD-permute functions, to name one thing.

Camera2 API for years that gives us manual camera controls.

This is a good example. Camera2 API is still not supported by all phones, to the point they had to come up with CameraX to give hide the mess of dealing with multiple camera APIs from developers. Even then, Camera2 API is a joke compared to what you can do with AVFoundation.

One example: on iPhone I can set up the camera to deliver full-resolution (8, 12 or 24MP depending on the model of phone) frames to my app at, at least, 30 fps. Not only can I capture full-resolution images, I can get a synchronized stream of metadata (e.g. detected faces) with these frame. In addition to processing these frames in my code, I can simultaneously write the video to a compressed video file, again in full native camera resolution, with a custom time-synchronized metadata stream.

You can’t do anything even remotely like that on Android. You can’t get a video stream at native resolution, you’re lucky if it can do 1080p. You can’t grab raw video frames and record to a movie file at the same time. You can’t get a synchronized metadata stream. You can’t write custom metadata streams to video recordings. Hell, you can’t even get the current ISO value from the camera during live capture.

This is just one example, but there are many more areas where Android is severely lacking in capabilities.

Android may offer more customization options for end-users, but for developers iOS is so much more powerful that they aren’t really in the same league.

[+] [email protected] -2 points 6 months ago* (last edited 1 month ago) (1 children)

[removed by mod]

[–] [email protected] 3 points 6 months ago (1 children)

Can you give me real world applications of any of the things you mention, that people who shoot using Android find lacking versus iPhone?

This is not about users, this is about developers. What a user will notice is that the Android version of certain apps don't work as well as the iOS version. We put a lot of effort into getting an acceptable user experience on Android, but there is only so much you can do. For example: on one specific image processing pipeline we use an internal resolution of 2 MP on iOS and 0.5 MP on Android. The Android version generally also runs at a much lower frame rate. Certain features may also be unavailable on Android. What the end-user will notice is that it just doesn't feel as smooth on Android as it does on iOS.

Android is generations ahead with hardware, on par with CPU/GPU, better NPU

That's hilarious.

This is the fastest Android phone according to Geekbench, Compare to the fastest iPhone. For our specific application it's the single-core CPU and GPU performance that matters most. (any algorithm that can be parallelised runs on the GPU, the rest doesn't really benefit from more than 2 CPU cores).

Of course, the benchmarks above don't really matter, because you don't develop for the fastest phone you need to support, you develop for the slowest. Our stuff needs to be usable by the general public, due to the nature of what we make we need support basically any phone that has any significant real world use. In practice this means that on the iOS side our stuff needs to run with decent performance on iPhone 7 (released in 2016) and later. Here are the benchmark scores for the iPhone 7.

Now compare this to the Samsung Galaxy A14, more than 4 times lower single-core performance. Note that this is not the crappiest Android phone we need to support. Instead it's the most popular Android phone of 2023. The oldest and slowest iPhone we need to support is still significantly faster than the most sold Android phone of last year.

The nice thing about iPhones is that every iPhone sold is a high-end device, performance wise. Most Android phones sold are low to mid-range devices. While there is still a significant performance gap between high-end Android and high-end iPhone, the performance gap between what you actually need to support on iOS and Android is enormous.

does not need paid apps to shoot RAW video or photo

Neither does iPhone: Settings -> Camera -> Formats -> Apple ProRAW (photo), Apple ProRes (video).

get current ISO value in Open Camera and plenty apps that can utilise Camera2 or CameraX APIs. There seems to be quite a bit of misinformation in there

Please link to the API docs that describe this API. To be specific: it needs to be able to set the camera to automatically manage exposure and then read the actual ISO values chosen by the camera while it's adjusting it's actual exposure.

Android is so far ahead in real world, it is comical. iPhone’s advantages are always on paper and never in reality, which as we know never matters.

Sounds like you have never in your life written a single iOS/Android app that requires any significant amount of processing power. I wish I lived in your fantasy world where Android is on par, let alone ahead, because it's such an enormous PITA to have to deal with this enormous performance gap. It would make my life so much easier if Android phones were just half as fast as iPhones.

In the end I really don't care what OS it runs, I just want to build nice things. It just gets frustrating sometimes when having to take into account all these low-end Android devices limits what you can accomplish.

[–] [email protected] 2 points 6 months ago (2 children)

Google sells more of my data than Apple

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago)

None of them actually sell your data, and both of them have personnalised ads. The difference being one pretends to be a privacy warrior and the other has pretty detailed and granular privacy settings (spoiler, that's not apple). Dont get me wrong, I dont like Google either and they probably collect and actually process personnal data than apple, but both of them are absolutely terrible and both of them absolutely know everything about you. It's just that apple is much better at preserving a good brand image. Though one valid point I could see is that having a phone made by apple reduces the likely number of parties who have access to that data, on android, you often buy a phone from samsung or the others, and then they also have their spyware on theere

[–] [email protected] 2 points 6 months ago

Apple collects and "phones home" more data than Google off of their smartphones

[–] [email protected] 0 points 1 week ago

Because they are so restricted ;-) since i moved my whole family onto it, i cut support time by 90%.

[–] [email protected] 0 points 5 months ago

I used to install custom ROMs on my android phone and spent days of my life getting everything exactly the way I wanted things.

I ended up with a clunkier version of iOS.

Ultimately I don't need or want an open platform in my pocket. I want to be able to trust that the App Store isn't garbage, and don't want to have to worry about my parents easily installing viruses on their devices.