Apple Software Quality

[parseckadet]

While there's plenty of discussion going on about Apple's latest critical security flaw (the FaceTime bug), I haven't seen or heard anyone bring up Apple's recent track record of these continual issues over the last year and a half or so. At least, I haven't seen it discussed in detail. I haven't compiled a list of all the critical vulnerabilities we've seen since the release of iOS 11 and High Sierra, but it just seems to me that we've been going through this dance an awful lot since then.

I'm curious to know how everyone else is feeling on this topic. I've been a devout Mac user since 2000, and iPhone user since it was first released. I've converted my wife and my mom to Apple devices largely on the argument that they are more secure than the alternatives. I feel like that argument has since flown out the window. I mean, how could anyone make such a claim any longer when it was revealed that anyone could have activated your phone's microphone and camera without your knowledge? My confidence in Apple has been severely shaken, to the point that I'm now reevaluating whether I should stick with the platform.... for the second time in less than two years.

And BTW, I'm absolutely convinced that the FaceTime bug has been making the rounds much longer than this last week. On New Year's Eve I received a FaceTime call from an unknown number. I declined it by pressing the side button. I am absolutely convinced that was someone using this bug to eavesdrop on me and that they had access to my audio and video until I shut my phone off a few days later.

 

[keysofanxiety]

The software's more stable now in my experience, with a few general exceptions such as OS X 10.7 (dreadful memory management).

Issues are more reported on due to the considerably larger userbase. More users = more usage = more weird and wonderful ways to break the software.

0.1% of 1 billion iOS devices affected by a bug is 1 million users.

0.5% of 100 million iOS devices affected is half a million users.

This wouldn't mean the older OS was twice as reliable because half the amount of users were affected by a bug.

 

[velocityg4]

It's an arms race. There will always be security bugs and glaring f*** ups. The GrayKey box was an example of a security flaw. Any Jailbreak is another security flaw.

After Apple found out about the Facetime flaw. They let the world know and took action to minimize the problem until it could be corrected. They also provide updates for four to five years. Whereas most Android phones may never get a security updates. Those which do are often on a delayed roll out and only get them for a couple of years. For the general Android phone. I'd only feel secure with a Pixel or Android One. So it gets OS and security updates for at least two years. For other devices. They would need to support LineageOS. To get monthly security updates.

As I recall Apple had also patched Meltdown and Specter before they became public knowledge.

Filevault and a firmware lock do a good job securing your Mac if stolen. While Bitlocker has been found to be useless on many SSD. There are also far fewer issues with malware.

While nothing is bulletproof. I trust Apple to fix known security flaws in a timely manner. I also trust that they will provide updates for a longer time. Extending the useful life of devices. I-devices anyways, MS supports Windows and old hardware longer than Apple does macOS and Macs.

 

[Tech198]

Apple does patch stuff better now, then in the past...

But it's kind of a "see-saw" approach.. With more features we want in iOS and Mac, the more Apple needs to fix.

Not always, but I've never seen something new added to software that just worked 100% first time.

 

[nouveau_redneck]

Good topic, parseckadet.

I'm kind of concerned myself on how Apple is approaching the latest high level security problems, and specifically the keychain issue recently found. Yes, issues happen, and Apple responds, but we are seeing serious fundamental problems that could potentially compromise customer data and security.

Recently, I was thinking about putting more of my personal data into iCloud. That's on hold, and I'll continue to keep it local with local backups. I've also pulled my keychain out of iCloud. I love the Apple privacy approach, yet I'm worried that there is an issue in the security department.

Does anyone have any insight on what is going on internally at Apple? The level of response and commitment to plugging and stopping these issues?

 

[parseckadet]

Does anyone have any insight on what is going on internally at Apple? The level of response and commitment to plugging and stopping these issues?

I sure hope it's better than their public response, because everything I've seen so far amounts to putting lipstick on a pig. Sending an unnamed executive to the home of the family that reported it?! How does that reassure anyone that stuff like this won't happen again? I'm glad congress is trying to get some answers, but I'm sure they won't understand Apple's responses anyway.

 

[pat500000]

Apple is more of reactive than proactive.

 

[AidenShaw]

Apple is more of reactive than proactive.

On some things (like the failure of the Mac Pro 2013 (trashcan)) you can't even call them reactive.

More like

​

 

[C DM]

I sure hope it's better than their public response, because everything I've seen so far amounts to putting lipstick on a pig. Sending an unnamed executive to the home of the family that reported it?! How does that reassure anyone that stuff like this won't happen again? I'm glad congress is trying to get some answers, but I'm sure they won't understand Apple's responses anyway.

There's pretty much nothing out there for anyone that can reassure that issues won't come up. Reality is reality.
[doublepost=1549734968][/doublepost]

Apple is more of reactive than proactive.

Most companies (and even people) are Perth much combination of both, and the larger they are and the more people/products/services they have to deal with the more things will be in the reactive column rather than proactive, even when quite a bit of proactive practices are in place. Again, just the reality of things for the most part.

 

[parseckadet]

There's pretty much nothing out there for anyone that can reassure that issues won't come up. Reality is reality.

I think you’re either misunderstanding me or trying to dismiss my point by intentionally oversimplifying it. I’m not looking for perfection, and I fully understand that bugs have happened in the past and will happen in the future. I’m a software developer my self, and I’m fully aware of the adage that “Developers write bugs.”

My point is that it seems like a lot more of these critical security issues are slipping through the cracks than they used to. Hell, just Thursday we learned that the latest iOS release fixed to ADDITONAL zero-day exploits which had previously not been disclosed.

All I’m looking for from Apple is a CONVINCING statement or some other action that they really are taking this seriously and details on what they’re doing about it. Like I said, not looking for perfection, or an overnight resolution. I just want Apple to convince me that they’re actually trying to improve the situation.

 

[C DM]

I think you’re either misunderstanding me or trying to dismiss my point by intentionally oversimplifying it. I’m not looking for perfection, and I fully understand that bugs have happened in the past and will happen in the future. I’m a software developer my self, and I’m fully aware of the adage that “Developers write bugs.”

My point is that it seems like a lot more of these critical security issues are slipping through the cracks than they used to. Hell, just Thursday we learned that the latest iOS release fixed to ADDITONAL zero-day exploits which had previously not been disclosed.

All I’m looking for from Apple is a CONVINCING statement or some other action that they really are taking this seriously and details on what they’re doing about it. Like I said, not looking for perfection, or an overnight resolution. I just want Apple to convince me that they’re actually trying to improve the situation.

As far as improving that's one thing, as fear as reassurances that something won't happen again that's a little different. That aside, in terms of more issues or issues happening more often, there are factors that need to be accounted for in all of that, things like there being way more devices out there with way more variety than before with more people using and even looking for issues than before.

Look at something like Windows and how many issues they patch on a monthly basis (many security related ones too) for years and years now. Sure, that's not really a 1-to-1 type of comparison, but things are not that far off these days with how complex/varied and widespread iOS and iOS devices have become.

None of it is to excuse anything or to say that things can't be better, but it is to say that there is a reality that is in play whether or not we might like it and the mom-and-pop shop type of approach that perhaps used to be there (and even that wasn't really to the degree as sometimes it is made out to be) just doesn't really apply as much, no matter how much a company might strive for it, when that company is way beyond one that can operate in that type of manner.

 

[parseckadet]

As far as improving that's one thing, as fear as reassurances that something won't happen again that's a little different. That aside, in terms of more issues or issues happening more often, there are factors that need to be accounted for in all of that, things like there being way more devices out there with way more variety than before with more people using and even looking for issues than before.

Look at something like Windows and how many issues they patch on a monthly basis (many security related ones too) for years and years now. Sure, that's not really a 1-to-1 type of comparison, but things are not that far off these days with how complex/varied and widespread iOS and iOS devices have become.

None of it is to excuse anything or to say that things can't be better, but it is to say that there is a reality that is in play whether or not we might like it and the mom-and-pop shop type of approach that perhaps used to be there (and even that wasn't really to the degree as sometimes it is made out to be) just doesn't really apply as much, no matter how much a company might strive for it, when that company is way beyond one that can operate in that type of manner.

Here’s why I don’t buy the “There are so many more devices these days,” argument. I’m not comparing today to 10 years ago. I’m talking about comparing today to the way things were before iOS 11 and High Sierra. So just 1.5-2 years ago. That’s why I’m so concerned. I really don’t think they crossed some sort of critical line in the sand in that time that means it’s now an order of magnitude more difficult than it was just two years ago. Yes, the installed base has grown in that time, but not by leaps and bounds, and the product mix is mostly the same. It really seems that, in terms of security, Apple’s software quality has fallen off a cliff.

 

[C DM]

Here’s why I don’t buy the “There are so many more devices these days,” argument. I’m not comparing today to 10 years ago. I’m talking about comparing today to the way things were before iOS 11 and High Sierra. So just 1.5-2 years ago. That’s why I’m so concerned. I really don’t think they crossed some sort of critical line in the sand in that time that means it’s now an order of magnitude more difficult than it was just two years ago. Yes, the installed base has grown in that time, but not by leaps and bounds, and the product mix is mostly the same. It really seems that, in terms of security, Apple’s software quality has fallen off a cliff.

I'm not quite sure about that to that degree. I think things have changed to a somewhat more noticeable degree in the last couple of years with the introduction of the X line of iPhones in addition to more iPads and Apple Watches. Maybe not by a huge amount but a noticeable change nonetheless, and the increase in issues also doesn't really appear to be disproportionately larger--there were all kinds of issues before and while there might be somewhat more of them and/or of more publicized variety, it doesn't really appear to be a truly drastic change of some sort.

Now, the workmanship in one way or another might have decreased and could certainly be improved to one degree or another. (And, even with those improvements things will still slip through that some people will still comment on saying that everything is horrible and shoddy nonetheless.) That said, again, it doesn't appear to be something on the level of being "off the cliff", especially in the context of everything else.