This is one of those rare kinds of mistakes where I really believe someone's head should roll. They gave away the privacy of potentially millions of people. It will have real world consequences for some of them.
A keypad lock bypass is going to give away the privacy of millions of people? No it won't. Most people don't even use the silly thing; it isn't on by default.
How do you know how many people use the lock feature? Maybe I know a paranoid group of people, but at least half use it, probably more. Even if it's 10% that's still a very large number of people.
And what's "silly" about preventing people from getting immediate access to your email account or text messages? You can get into most people's online bank account once you have their email.
If you know someone who would do malicious things with your contact list, I think you've got bigger problems.
And playing devil's advocate, sure a thief could steal your phone and use this exploit (if he even knew about it), but what's he going to do with the contact list? If someone steals your iPhone, they did it to wipe it and resell it. There are much, much easier and less risky ways of getting large lists of people's contact info if that's what they're after.
Programmers make mistakes. Saying they should get fired over this is a bit silly, IMO.
EDIT: I'm not trying to downplay the seriousness. It's definitely serious. I've known some people who would use this against their "cheating" girlfriend in a heartbeat to see who they've been calling. But I seriously doubt anywhere close to millions will be affected.
Okay, how about this scenario. Someone with access to someone's office steals their phone and sells it or its information to the highest bidder. I used to work in the same building as FOX News. One day Rita Cosby's Blackberry showed up in our office space ... totally separate elevator banks, different floor, different everything. Our best guess was that someone from the cleaning crew grabbed it, got scared, and ditched it, but someone with other motives could do some serious damage in a day where smartphones provide portable access to a massive amount of personal and private information.
Are you telling me that a sufficiently motivated entity couldn't get to the data stored on the phone? Once you have physical access to a device, things like this kind of become moot anyway, don't they?
Sufficiently motivated? Absolutely. But I contend there's a huge difference between something that takes technical skill to obtain versus something demonstrated on YouTube and is simple enough that my mom could make it happen.
Well, hang on, that's not fair. Your first example cited selling a device to someone vastly interested in obtaining extremely valuable data - imagine this happening to President Obama's iPhone. But now you're saying that the concern is coming from someone who can figure this out by watching a YouTube video.
I seriously doubt anywhere close to millions will be affected.
In his defense, he was saying that the privacy was potentially compromised, not that they would be affected. All iPhone users have had their privacy potentially compromised.
