you're either severely underestimating how easy it is to insert a backdoor or overestimating how competent apple's code review practices are. remember that time you could bypass the root password prompt by putting in nothing?
> how competent apple's code review practices are.
Thousands of developers over a decade have touched code going into iOS & Mac OS and so far have a pretty good track record on internal espionage and back doors.
> remember that time you could bypass the root password
Pretty dumb mistake, but willing to put money on them that it won't happen again. I think you severely underestimate just how competent Apple (and Google, Facebook, or Microsoft) are at their job given the enormous complexity of the problems they solve.
> Thousands of developers over a decade have touched code going into iOS & Mac OS and so far have a pretty good track record on internal espionage and back doors.
Maybe. Or maybe they have an impeccable track record on not getting caught (at least publicly). It's essentially impossible to differentiate the two.
Between those companies developers have checked in tens or hundreds of thousands of exploitable bugs. It's not far-fetched to think that at least one of them might have been intentional.
> It's essentially impossible to differentiate the two.
This sounds like "guilty until proven innocent" logic - maybe we should drown people to prove they're not witches. I'm all for a healthy dose of skepticism, but there's a point it passes into fantasy.
Companies quietly fix problems all the time. Why would anyone disclose anything negative if they are not mandated to, by law? Remember when Uber paid off a hacker and kept the hack under wraps? That is just one example.
This is not guilty until proven innocent, this is just the way most businesses operate.
Even if tomnipotent's estimate is correct, that's still a pretty small number considering what is potentially at stake. Access to iCloud would surely net you enough information to change the balance of power in the world.
Look how difficult it is getting two or more developers to agree on "small" things like code formatting conventions or serialization frameworks. Finding two or more people in such a position that would knowingly break the law by colluding together in some grande conspiracy with the necessary access and privileges to code/production process is the stuff of movies.
> Finding two or more people in such a position that would knowingly break the law by colluding together in some grande conspiracy
This is true only if we were to ignore the following:
organised crime; politicians; all secret services, both domestic and foreign; corporate espionage; opportunity getting the better of people, especially problem gamblers and drug addicts
You obviously have not been watching the news lately. If you had tried to sell the actual events of the last two years as a movie script it would be rejected as too outrageous to be believed. I mean, Donald Trump as President? Seriously?
I'm pretty sure the Chinese government would be capable of planting two or three sleepers in Apple's software division if they decided to.
The valley is a pretty incestuous place and people with specific skills are pretty small in number. It doesn’t seem wacky that someone with nation state budget wouldn’t have a network of influence to get someone hired somewhere.
That’s like saying “we hired the getaway driver, we can rob the bank now, right?” You’ve identified the first step of the plan. There are about nineteen more, and the theoretical network of conspirators required to accomplish this Oscar-winning screenplay would be quite large, which always spells trouble.
To that end, I’m amazed it took that long for the FBI to take down the network in the article. The more people who are read in to criminal activity, the risk exponentially increases, as anybody who has been on either end of investigative leverage can tell you. I’m stunned one person in the early days of this scam, particularly when it started involving colorful people, didn’t flip as a bargaining tool for other things they were into.
It's not uncommon to plant your own puppet as a president/prime minister of a country to make that country's policies favourable to you (CIA has done it numberous times). Planting a software developer cannot be harder.
One of the largest and most secretive companies in the world, the same one obsessed with preventing all leaks from exiting the company, the same one who produces ubiquitous devices with occasional national security implications that interest foreign governments, the same one who deals with serious IP problems in the very example nation you just happened to choose, has no thinking or plans around the well-known threats of industrial espionage or sabotage, is what you’re essentially saying. Consider for a moment whether that could be remotely plausible, and I think you’ll see it isn’t.
I didn't say they have no plans. Obviously they do. But unless you work for Apple, you don't know what they are.
Whatever their plans are, there is some number N of employees who could subvert those plans. It is legitimate to wonder how big that number is, and to note that there is no way for anyone outside of Apple to know.
