Apple's macOS is sub-par for security, Apple exec Craig Federighi tells Epic trial

Safe for Infants!

So that's why iOS works the way it does. Thanks for the explanation Apple.

Apple's approach to security

If your country manor (a metaphor for macOS) is designed by Apple there will be a fence around the garden. Not really for security - just to prevent anyone from walking in, vaccinated or not, even with a written invitation. The main gate - but not necessarily the access road - may move from time to time to the other side, but that's just to confuse anyone trying to reach the garden (which is not on Google Maps - no documentation - and the locals in the neighbouring village are as likely as not to remember where the main gate was the last time they visited and wrote a blog post about the experience).

There are forbidden sections in the garden and in the house itself, even for family members - they can only access parts of their own property if they put on very special Apple-branded shoes ("Full Disk Access", anyone? You can't just open a Terminal and ls(1) in certain directories, such as your own Mail or Downloads folders, even if you are admin, though you can see the contents in Finder). Mind you, some of the staff are required to wear those special shoes even though they never need to access the grounds at all (seems like a security hole to me, but apparently not to the architects).

The garbage bin ("Trash") will trigger an alarm if you try to retrieve family silverware thrown out by mistake or to arm a bomb in it while wearing special branded shoes (can't double-click on an executable in Finder), but with any other footwear there is no problem (you can execute binaries in Trash, e.g., from a shell - just not from Finder).

If you find a hole in the fence you can walk around the property unrestricted, and the code to the safe with the family jewels is on a Post-It note on the safe's door. Finding a hole may not be trivial, but if you (or some Aussies, as the case may be) do there will be no other obstacles - the jewellery will be yours for the taking.

Etc., etc. Dunno about iOS - judging by the article, the principles are the same.

[AC because developing enterprise security tools for macOS are among my responsibilities - not at Apple, but as putting my employer in El Reg's position will not be terribly professional I am using every layer of obscurity available, consistent with Apple's security principles... This part of my job is not fun at all, and it's not even funny. The cynic in me would just leave those Apple-designed houses unprotected, but our paying customers manage many "properties" of all kinds and insist that everything should be covered.]

Think of the children

““With iOS, you’re able to create something where children, even infants, can operate an iOS device and be safe in doing so. Really different products.””

Well it is nice to know that they are really different products and the IPad Pro is not really suitable as a business tool it is just a more expensive version of the IPad toy.

Seriously how can Federighi keep a straight face on the stand. Children have never been able to operate computers. The Mac has never been marketed for use by children. Never been pushed to schools for education purposes. There has never been software written for the Mac for use by children even infants.

Think of the children. Because children will be safe using IOS devices, it not like IOS devices can access the internet and visit sites with content not suitable them.

Everything in Apple, nothing against Apple, nothing outside Apple

Do the older ones remember the time when Apple was advertising as being the anti Big Brother?

Nowadays it's all the opposite, Apple is glad to tell it will control everything.

Optimal security is something like a dumb light or an old Bakelite phone. They don’t do much, and they can’t be hacked - so they’re secure. Maximum insecurity would be a device that lets you do whatever you like to whatever file from wherever. Think something like Windows 95 or classic MacOS. They have a network stack, and very little in the way of permissions.

Everything else is on a continuum inbetween. I like iOS being secure. It’s a phone for gods sake, and we shouldn’t lose sight of that. For 99% of use case the tight security is not a problem - in fact, it’s a very definite benefit. The same applies to the watch and to the iPod.

The Mac is another matter. It’s used for myriad use cases - and it’s mostly a tool for professionals. The trade off of security / flexibility therefore errs more on the flexibility end the spectrum - which necessarily causes it to have a malware problem, at least when compared to iOS. The same is equally true of other flexible platforms - including Linux (and Windows 10 even let me absentmindedly delete a system file the other day, so I could argue that the situation is worse there - they’re erred too far toward flexibility)

The thing is that if the Mac erred further toward secure it would lose users, including me, fast. I think that the balance is about right.

As to the iPad, much has been made about how the hardware is great but the software is not. I think it’s not a problem with the UI per se - it’s the fundamental issue that the security / flexibility balance of the iPad is wrong. Given what the device is, and what it’s intended to do, I’d argue that the iPad should be a smidge more flexible and a smidge less secure. And it’s a pretty big smidge at that.

Maybe it is just me, but reading what Federighi said sounds a bit desperate.

I have a feeling that Apple will regret some of the statements that Federighi was told to say.

I'd be annoyed if the walled garden is opened up.

Ok, I get it. Apple is absolutely gouging devs on this, and they could be much fairer - BUT I like the walled garden. I like that I dont have to think too hard about 'will this app rape my device'. I like that someone is curating the apps to make sure that I'll probably be ok. I very much like that they stick 2 fingers up at companies like Facebook.

If I didnt like it, I'd buy an Android device.

You could give users the choice to opt in or out of the walled garden, which is probably the best Epic can hope for. I think I know which way most people would go. (see FB privacy choices). Its then a balance of law suit cost vs how many people will opt out.

Ratner effect

I wonder if Federighi has ever heard of it?

I also wonder if he actually believes in what he says?

I think there are better ways to make the point

Including consumer choice and understanding the risks, benefits and drawbacks associated with each OS approach. Anyone can buy a Mac and play Fortnite. Likewise anyone can buy an iPad and play only those games Apple allows. Given Federighi's comments, I'd expect to hear some noises from Jobs's grave....

Level of malware

Federighi: "And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS."

I assume that *ANY* level of malware on the Mac (or iOS) is not acceptable to Apple right? I mean, does anyone (part from scammers) find malware "acceptable"?

Ok, so realistically, no-one is ever going to completely eradicate all malware from a platform, but it seems Apple is working towards getting it to the absolute minimum level that is technically possible without making the platform unusable - and perhaps only that is what they would "find acceptable".

Tim Cook takes the stand on Friday

"I swear to tell the truth, the whole truth (subject to 30% retained by Apple) and nothing but the truth."

Acceptable risks

Someone needs to tell this so-called Apple expert about a concept called acceptable risk. Using his analogy of the car, we can virtually eliminate all automobile deaths by imposing a 35 MPH speed limit. But we don't. Why? Is it because we want people to die? No. It is because we, as a society, have deemed there a level of acceptable risk. There are huge benefits when you allow us to drive 70 MPH on the highway.

And so it should go with our devices. Yes, we can get virtually eliminate all malware by a walled garden. But at what cost? There are huge benefits when you allow us to install our own apps on a phone or computer. This is an acceptable risk.

It is the 30%

EPIC doesn't care about walled gardens, the 30% apple tax is painful.

The model to tax sellers for each item sold is nice for people who make and sell in small numbers, since they do not have any upfront costs.

If a big supplier sells 50 million times its app for $ 1,-, they have to pay Apple over 16 million.

Apple has some valid points in arguing that a walled garden fits within their view of providing customers an excellent quality experience.

Charging large sellers millions for use of their walled can however not be justified, since it doesn't bear any relation with the costs Apple incurs to enable the store or to distribute f those apps.

It seems reasonable that Apple would be forced to introduce different models for use of its app shop if it wants to continue to operate this in a monopolistic fashion.

Apple's argument is a little like standing before the court and claiming that you had to turn to crime because you were crap at your job. The great part is that he isn't lying.

Is it me?

Reading this story and the comments, every time I see Craig Federighi's name I see Ferengi

... the mac is the car ...

....

I think of it as the Mac is the car: you can take it off road if you want, you can drive wherever you want," Federighi said. "As that comes as a driver, you’ve got to be trained, there’s a certain level of responsibility to doing that. But that’s what you wanted to buy, you wanted to buy a car....

....

Have I not been reading persistent rumours about an iCar that is not at all like this sort of car? Well, maybe the off road bit, but not by want.

Is the reimagined car to be to a car what an i-device is to a computer?

You want to go to the hardware store, but it insists you go past half a dozen takeouts first, in case you might be hungry.

You need to pick up the kids, but have to wait through an interactive simulation of local daycare's.

Customer protection

That's a nice device you have there. Shame if anything were to happen to it...

Further safety measures needed.

Are they absolutely insane? The iPhone telephone and SMS services are totally unlocked and capable of receiving abusive messages, hate speech, etc. Even worse, they enable telephone banking without allowing Apple a 30% cut!

These services need to be curated via the official call and message store which will ensure you are kept up to date on the releases of new iShiny products and safe from all these pesky callers like family and friends.

App Store

I'm fine with Apple keeping the walled garden. Thanks to Apple's iOS walled garden, the chances of me mistakenly downloading a malicious app are essentially non-existent.

Now compare that to Android app stores and Google Play.

At least I can confidently assume the apps I've installed from my walled garden aren't trying to exfil data and steal my banking credentials.

I have iPad, iPhone and Mac.

No, I don’t want my Mac to be wall gardened.

But I prefer my iPhone and iPad to be so.

Why? Because I use them for completely different purposes.

Off the rails

The arguments seem to be going way off into the weeds. Epic had a contract with Apple that spelled out the terms and conditions. Epic decided later they didn't like those T&C's so went around them and got caught. They could have renegotiated with Apple at the next renewal. It's also come to light that what Apple charges is not out of line with the rest of the industry. Customers could easily get an Android device to play the game if it were no longer available on iOS. I have a stack of fondleslabs right next to me here on the workbench. One works as a phone and the others get used for other tasks.

If Epic finds it required that they be on iOS for their business to be profitable, they have to pay the piper. eBay is very nasty if there is even a hint that you might arrange a sale outside of their official methodology. They get their cut or you get the boot. Even if a transaction doesn't happen they can delete your account. It's a right PIA when selling something complex/unique/bespoke where it's a good idea to have a chat with the prospective buyer.

Seems to me

Apple's defence is we are $h1t at security, so we have to be careful who we let in.

Which provides no defence to the claim they are a monopoly and no defence to the fact they are exploiting this position to gouge their users/developers.

At the moment they charge exactly the same as google do, but the choc factory only has an effective monopoly, not a literal one.

the pair of them need to look hard at the service they are providing and the cost of providing it.

App purchase fees are listing and distro fees, so should not be more than about 12-15% (like Amazon Marketplace or e-bay selling fees) and as the volume goes up this comes down.

In-game items are payment processing fees, so any reasonable processor will be working on about 5% (see PayPal, SumUp, WorldPay, Stripe, ....) or less, at the volume they are processing.