Hacker News new | comments | ask | show | jobs | submit login

> Apple will actually require all developers to have a privacy policy by October 3rd.

A year and a half after their more privacy-conscious competition but good progress: https://www.iubenda.com/blog/privacy-policy-for-android-app/...

> And having developers post a bond is logistically impossible to implement.

Require a credit card at publisher signup. Explain it will be charged for violations.

>their more privacy-conscious competition

I don't want to assume you're trolling, but this is literally the first time I've heard anyone ever say Google is more privacy conscious than Apple.

That's the power of marketing for you. One required privacy policies while the other didn't. One asks before enabling AGPS data collection, while the other doesn't even let you opt out. One allows you to use on-device maps as default, while the other doesn't. One allows you to replace the default SMS app with Signal, while the other doesn't.

When you think of a toxic hellstew of vulnerabilities, you probably don't think of Apple either, even though its App Store infected more users with malware than all its competitors combined. https://researchcenter.paloaltonetworks.com/2015/09/malware-...

You’re either being extremely disingenuous here, or are missing/leaving out some important and relevant details.

The malware you’re referring to—XcodeGhost—was produced by compromised non-Apple copies of Xcode installers downloaded by (mostly) Chinese developers from non-Apple (Baidu) servers, who then produced iOS apps with the non-Apple Xcode. The modified copies of Xcode would inject malware into iOS app builds. The link you provided says nothing about actual numbers of end users with malware infections, much less that there were more users infected than all Apple’s competitors combined. It merely suggests potential number of users who could be affected if they installed known compromised versions of apps built with the non-Apple Xcode—and it provides no methodology for what these estimates of total potentially affected users is based on.

Privacy policies do nothing to actually protect user privacy. Facebook’s requiring of privacy policies hasn’t protected users or the company from multiple privacy fiascos.

What GPS data collection are you referring to here? Apple-collected data stays on user devices. Third-party apps are granted permission (or not) to use location services however they see fit. Location services can be disabled entirely. What third parties do with your location data is between you and them, not Apple.

iMessage being replaceable by Signal or any other app as a default messaging app says nothing about Apple’s commitment to user privacy. You are free to use Signal.

I am not being disingenuous. You simply don't understand what I said.

The best outside estimates show XCodeGhost infected at least 400 million users. That estimate is from knowing which apps were infected and using publicly available estimates for their users. Apple didn't say how many exactly (or even warn its users about the malware) because Apple only pays lip service to security for marketing purposes.

> Privacy policies do nothing to actually protect user privacy.

You disagree with Apple on this then.

> What GPS data collection are you referring to here?

I told you exactly what data collection I was referring to there. Apple (not third parties) collects GPS data from user's phones to run its AGPS service. Unlike Android, which has an opt-in for this, Apple doesn't even let you opt out.

> You are free to use Signal.

But not as your default SMS app. Instead, you have to use Apple's closed source and unverified app.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact