Hacker News new | past | comments | ask | show | jobs | submit login

I'm saying that the flashing/side-loading is the back door. A malicious actor with physical access to your phone (think screen repair shop, TSA agent, etc) could flash a compromised OS or install malware on your device.

Also, there a lot of not-savvy people who will follow instructions in a well-crafted email or pop up and allow themselves to succumb to spyware and malware.




I'm saying that the flashing/side-loading is the back door

Next you'll be saying compilers are backdoors, too. That's not what the term "backdoor" means.

A malicious actor with physical access to your phone

Stop. Physical access means all bets are off.


I should have been more clear. I was using Tim Cook's statement as an analogy for flashing/side-loading. Allowing good guys to do it means bad guys can do it too.

Tricking a user into side-loading malware does not require physical access to the device and is relatively common on the Android side (more so on third-party stores).


My last few Android phones have wiped themselves before allowing me in a state where I could flash a modified version of android.


Well, it's a good thing we have Apple's track-record to show us it's impossible to break out of these walled gardens, otherwise we'd really be in trouble if someone got physical access to our phones.

https://www.theiphonewiki.com/wiki/Jailbreak


Fair enough. I used to keep up with jailbreaks way back before I started buying unlocked phones and had read about difficult-to-crack OS versions (and the as-of-yet unjailbreakable 3rd generation Apple TV), but I wasn't aware that it was still this pervasive.


While I hate the economic stifling of tech innovation that is the App Store culture, I would like to point out that Jailbroken iphone were used by the Chinese government to target protesters in Hong Kong quite recently.


My point is that stating that side-loading is a back-door that can be abused when your phone is in someone else's possession ends up not being a very good argument when that actually ends up being the harder way to accomplish getting software onto the phone, considering side-loading is both password protected (if your phone is) and still doesn't expose functionality beyond what the OS allows (unlike jail-breaking).


The device clears user storage before allowing you to flash a new OS, so that isn't an effective way to compromise a user's data. Application installation requires unlocking the device, so the ability to sideload doesn't give an attacker any meaningful ability over installing from an unscanned app store like Apple's.


The device is wiped of profile data and logins. You files are intact and accessible through a file explorer.

It is a very restricted and time consuming method to access a device.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: