AFAIK they actually made this worse due to the in-app purchase complaints (from parents who recklessly allowed their children access to their credit card). It used to appear for the first purchase and then not for the next 5 minutes (something like that anyway) but now it appears every time you try to purchase anything.
> from parents who recklessly allowed their children access to their credit card
There's nothing reckless about handing a child their favorite game to play.
Once you've been bit with a $100 charge for an in app purchase, you start to question the true utility of the password timeout. 5 minutes ago I downloaded the game on a new device for my child to play. Now they have unfettered access to my credit card account because I just downloaded the game.
Blaming the parent for being "reckless" in this scenario is little unfair. Being a parent is extremely difficult. It requires a lot of patience, thought, and understanding.
In app purchases love to trick the end user into accidental buying. What better demographic than the child who just received the car with the keys in the ignition?
As a parent who's recklessly had this happen to them, I facepalmed and sucked up the extra charges. Mea Culpa, but it does irk me that it's so damn easy to do.
I don't mean to blame parents (if it happened to me my reaction would be similar to yours), I can certainly see how it can happen to people. But with parental controls built into the system and quite regular billing/receipts from Apple it seems like something a parent could spot quickly and prevent from happening again. My negative attitude is mostly towards the stories I've read in the news of parents who didn't notice until thousands of dollars had been billed to them over a couple of months.
Complaints? They lost a lawsuit and had to pay out because of in-app purchases.
Incidentally, in-app purchases have practically spoiled their nascent status as the handheld gaming platform. In-app purchases make sense for certain things, but they've ruined the app store for gaming.
I will never understand how they lost that lawsuit. If a parent gives a child access to their credit card they deserve what happens.
I totally agree with your second point, IAP has spoiled gaming on iOS and that's the fault of the game devs for taking advantage of it. However if it didn't work they wouldn't do it and obviously plenty of people spend money via IAP. It's also their only choice. People are willing to spend more small amounts of money over time than paying a fair price up front for the game.
I wouldn't quite say ruined. Made annoying at times, sure. What's the alternative? The iPad and iPhone are my kid's goto gaming platforms - way more than consoles.
This is why they need a child/guest/multiuser mode so people can hand their phones to children and guests without fear of this kind of shit happening. You can get it on android tablets now, but it needs to be everywhere.
The iTunes password prompt is absolutely maddening. If I make multiple purchases in iTunes it refuses to accept my password after the first purchase i.e. I can buy one film, but to buy another I have to restart. Never mind that I check the remember me box whenever I get the chance (which appears to be shown at random in the login box).
I have to say that I dislike the fanboyish tone of the article.
"The theft of iDevices is rampant throughout the world. While we might blame Apple for producing such desirable products, the company clearly doesn’t want people to have to hide their devices in fake Blackberry cases to use them in public without fear."
Thieves aren't stealing iProducts because they are desirable, they are stealing them because they are expensive. What the hell is a fake Blackberry case and why do I need it to be able to use my iPhone safely? What's the point of insulting Blackberry in an article about security? It's hard for me take this article or author seriously.
"Then I realized that Apple was tackling a real-world security issue by trying to make that issue simply go away for the average user." -- While there are a few features that are generally good for users (activation lock seemingly the best one) the way iCloud keychain is ridiculously a bad idea. Since there is no concept of segregation of the ownership of the data and everything is very easily tied back to the owner the implications of using this aren't worth it IMHO. Do you really want Apple in control of your hardware, software and now access to your online identity (by access I don't mean that they can directly read your account information, but I'm not saying that is out of the question based on what we know about how our government operates within partners such as Apple)?
Apple's (and Google's) limitless boundaries should be taking a majority by concern. Third party security tools are not a bad thing. Users should be interested in understanding and learning at a level that is parallel with the risks they are taking online. This is the part that is breaking down and Apple is "solving" this for those users by further locking them out-of third party software through feature bloat. I'm surprised at the complacency Rich avoids this topic, it truly feels like a paid for point of view post.
I own Apple hardware but I find myself using it less and less in my support of transparent 3rd party tools that help, not hinder, me to control my data. I'm glad the open laptop post sits above this one. To me that's an indicator the masses here are on the same page.
Those of us with the technical understanding to be concerned about security should already be using third-party tools like 1Password, LastPass, etc. I doubt there'll be a massive out flux of those who use those tools to iCloud keychain.
What iCloud keychain does bring is much better security for the other 99%, encouraging them not to re-use the same password across all their sites and to choose good passwords by default. When I see how difficult it has been to get other members of my family to adopt 3rd party password management systems I can only see that as a good thing.
I would concede that you're right, however Apple doesn't provide a construct for the 99% to "do it right". Yes, there will always be those that blindly trust, however when you start talking about a master umbrella for an indivdual's complete, and utter, online presence including physical ties to money, property and other assets it shouldn't be taken lightly. If Apple had provided a "just works" method of showcasing how they cannot ever, without a doubt, decrypt the data while it sits on their servers, or offer up a way for the end user to easily leverage another service (for seperation of duties) they wouldn't receive the flack they do from those who inherently know the risks.
I have had no problems getting family members to adopt 3rd party password tools. An hour showing them along with explaining the rationale and the light bulb switches on. A simple document showcasing how to generate new passwords and add new sites or services goes a long way for the few times they do that particular task.
The root problem is that the 99% seems to be ignorant, not because they want to be, but because someone hasn't talked them through it. I find that pointing family to pages or videos is far less effective than me, personally, explaining things. Not sure why - but it's far more effective (maybe because they know I've actually taken time to show them vs just point them).
I still view iCloud as a bad idea and wouldn't recommend it to anyone I know.
This is literally true and goes beyond security. I hope everyone who complained about Google Reader takes note of this; once you have the freedom to modify and rebuild you are trivially able to continue using your software long after the creators have shut it down.
I don't buy this. Unless by slow you mean "heat death of the universe" slow. This is like the "open always wins" argument - wishful thinking devoid of evidence that caters to "If I want it it shall be".
Apple and Microsoft continues to grow. Samsung too, and they have little to no interest in OSS. Let's also keep in mind that most of the world's core services above the OS (eg Google's mail, docs, search, plus) remain closed source, as is the UI layer for most mobile devices (very, very few use stock android.)
Where OSS is doing very well is in commodity infrastructure - browsers, servers, databases, middleware, etc. It hasn't killed the closed source markets there conpletely, but it has made them work a lot harder.
Open-source also means: The entire planet's population is the pool (of developers). And this in turn means:
As soon as there is a real need for something, and somebody in this world is willing to work on it (for whatever motivation), this piece of software instantly becomes available to the _entire_ planet, without barrier (no price to pay, no payment method hurdles).
This is an _extremely_ powerful property which eventually will dominate the nature of solutions we use.
This is all very nice to state as goal, but it does not help if you need money as software developer.
I do a lot of open source on my free time, but that is because I get paid by one of those commercial bad guys companies to work on closed software, which allows me to contribute back for free.
How far do you think most open source projects would be without sponsoring from commercial companies that allow some developers to work on open source projects.
This is one of the reasons why most successful open source software is developer tooling, or nowadays hidden behind SaaS walls.
It is all nice and dandy to talk about open source ideals, but when you need to earn at least 1 000€ per month, those ideals start to fade away. Speaking from experience.
I'm not saying closed-source is "bad guys" or anything like that. I'm just saying what I'm observing: open-source is picking up steam and maturing across the board. It's not slowing down at all. It's true that it will kill some developer jobs. But that can't be an argument for not supporting open-source (tech is always about getting more efficient, resource-wise, and therefor a job killer by definition).
Software in general is 'picking up steam and maturing a across the board'. We now have almost 2 billion consumers carrying a unix box in their pockets, not running open source.
If anything, the relevance of open source is dwindling by comparison.
Useful software takes a lot of time and effort to write, and there is a lot of investment in learning required to get to the point where one can do it.
Unless a person is independently wealthy, a significant portion of ones time and energy must be devoted to efforts that will be paid.
Therefore open source is either subsidized directly by other paying ventures e.g. corporations for whom it is strategic, of it is engaged in by individuals in the time left over after their paid work.
Until the world changes so that people don't need money to live, developer hours will flow preferentially to the ecosystem according to the available monetary rewards.
The ecosystem that makes it easiest for the most developers to get paid will attract the most developers.
This could be the "open source" ecosystem at some point depending on what business models prevail, but I see no reason why it should automatically be so.
I'm not entirely sure I follow your argument, but you seem to be claiming A implies B, where in fact A is true and B is false.
> Open-source also means: The entire planet's population is the pool (of developers).
This is currently true, even when closed source software also exists. Or at least, getting rid of closed source software won't make it significantly more true than it is now.
> As soon as there is a real need for something, and somebody in this world is willing to work on it (for whatever motivation), this piece of software instantly becomes available to the _entire_ planet, without barrier (no price to pay, no payment method hurdles).
This either is not currently true, or is not as powerful a property as you claim.
It does allow many eyes to inspect source code - which is certainly important in developing cryptographic software.
However it currently does nothing to ensure the timely delivery of patches to consumers. Also, usability of open source security solutions is terrible, and unless people understand cryptographic signing, and the web of trust, and build all their software themselves they have no guarantee that their software isn't compromised.
I would guess a lot of their security stems from their closed app store. Apparently the process is a total hassle, takes weeks, and each every revision is akin to releasing a brand new app. Perhaps they have application security testers breaking that code and ensuring it can not be broken into? Beyond their pruning of content they deem... not worthy of the Apple brand?
I do not have an iPhone (or even a smart phone) so I am not exactly sure how downloads work. Can you download files to an iPhone from Safari or any other browser? If you can't then that certainly helps rule out a lot of malicious software possibilities.
You're definitely wrong there. The process is not a hassle, it rarely takes weeks and yes every update has to go through the same approval process again (as you would expect). And yes you can download some files to your phone but they only exist within the app's sandbox.
The reason iOS security is so strong is because (a) there is no side loading, (b) system updates are regular, simple and apply to almost every phone and (c) apps are heavily sandboxed. It's not magic. Apple simply chose security over openness and flexibility. Android vice versa.
Apparently at one point it took longer and now it is shorter. That's good.
That was kind of my point that I was trying to make though. I definitely could have said it better but what I was going for was "It is a closed system."
Android development seemed relatively sandboxed to me though from the distributed systems course I did work for in. But I can see what you mean when you say heavily as things on Safari don't open up the Wikipedia app like on Android (if you choose to have it that way.)
iPhone's are literally only iPhones too which I imagine helps. The system updates are tailored to a specific piece of hardware. Impossible to accomplish on an Android update.
I notice that the process is speeding up, at least here (it seems country specific, which would make sense as an English-only speaker would not be able to check if a Dutch app contains illegal language etc). Two years ago (for me, in the Netherlands), it took minimally 2 weeks to submit an app; these days it takes days. And the feedback loop if anything is wrong is also small now.
