Hacker News new | past | comments | ask | show | jobs | submit login

Security yo.



There is no reason Apple could not allow users to install their own certificates, or even to just provide an "easy jailbreak" that was not accessible remotely, without compromising security for users who elected not to use these features.


Android allows sideloading, and the security problem arises not from users who “elected” to use those features, but from those who were duped into using them. For example somebody might be trying to play a Pokémon emulator, end up on a side loading site with some technical instructions, and load their phone with malware without even realizing it.


Let us not give up freedom for security.

A reasonable solution would be to make it sufficiently "technical" to unlock the device, so people can't be easily tricked into it.


I keep hearing that Apple's direction of travel is to sunset MacOS for iOS. If that's the case, Apple will need to provide developers a path to develop for iOS on iOS. So there will be a need for an "expert / developer mode".


I hear a lot of people say that too, but Apple itself has repeatedly said that iOS and macOS serve different purposes and they will remain separate products.

What we do see Apple doing is consolidating some aspects of iOS and macOS development. That makes sense since iOS was originally built on the OS X kernel, but then allowed to diverge.


Would they have to? I mean, yes, that would be nice, but for example people developing for game consoles don't develop on the console itself, but rather using a separate development system.


He means security for apple and things on the app/itunes store.


You have been able to do this since iOS 10. You get a free developer certificate simply by having an Apple ID, allowing you to sign and sideload apps onto your device.


The free account is severely crippled. To seriously side load your own apps, you need a paid account. And I think that’s a travesty!


Not all functionality is there, no doubt, but can you explain why you believe it is severely crippled? Works reasonably well for me.


Oh, I’m mostly talking about the 7 day limit.


Can I side-load Cydia using my free developer cert?


You would need to modify it to install apps in a different way and to also sign them, and most things would not work due to root access being required, but technically you certainly can.


> you certainly can

but

> most things would not work

It should go without saying that the whole point of installing an app is that it work. It does me little good to have the binary sitting in the file system if it doesn't actually perform the function which it was built to perform.

Developer certs != jailbreak. Apple could provide a jailbreak option, but it chooses not to, so people who want to actually control their own devices (a not unreasonable thing for someone to want IMHO) have to deal with Chinese hackers.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: