
Apple Approved Malware: malicious code now notarized? - lapcatsoftware
https://objective-see.com/blog/blog_0x4E.html
======
bkdbkd
Notarization is moving the problem to a different place, but not fixing the
problem.

Imagine we take our city - Anycity, USA, where only good, trustworthy, and
honest folk live, and we simultaneously decide to replace door locks with
neighborhood locks.. then the city likes the idea and sponsors us to replace
neighborhood locks with town locks - locks on the few roads leading in and out
of town.

Now you start the see the problem. Yes we need walls, yes we need fences, and
bigger walls, and bigger fences, and the city needs more authority, and then
more authority. And we have to put much more trust in the city, but they
really need it in order to keep us good and honest citizens safe.

By the way, what happens if a "bad guy" from Thosepeople, USA gets in
disguised in a Minivan?

This is not a one-to-one analogy I know, but again, I hope it points out the
innate problem with Notarization. It just moves that one problem to Apple's
lap. Meanwhile creating several more innate problems.

------
tinus_hn
Notarization is a basic, automated check. I don’t think Apple ever pretended
it was going to be a waterproof test for malware.

------
fxtentacle
Ouch.

The verification aspect was one of the core arguments that Apple brought
forward to argue that the app store would be a consumer benefit and not a
monopolistic extortion scheme, as Epic had claimed. But now it looks like
unrelated teams are poking holes into Apple's defense from all directions.

Plus, as the article correctly states, the resulting illusion of safety might
be even more dangerous than a user who is aware of the need to be careful with
stuff downloaded from the internet.

~~~
Despegar
It's interesting that you think this because it actually demonstrates the
opposite: that Apple's control over iOS is very valuable and has many benefits
to customers. Not because human app reviewers are infallible, but because a
purely technical approach is simply not good enough.

~~~
fxtentacle
Yet Apple is presenting the purely technical approach as good enough, thereby
creating the illusion of safety when there is none.

~~~
Despegar
That's definitely not true. The only reason notarization exists is to maintain
the Mac's open app ecosystem while having some improved level of security over
the status quo.

------
m1gu3l
this seems like a really interesting read but hot dog the formatting is such
garbage that i can’t follow it. why so many different font sizes!?

