Apple has hit back at a Google blog post, which emerged last week, suggesting its rival in the smartphone OS segment was ‘stoking fear’ amongst its users.
The presence of vulnerabilities is nothing to be too surprised about, though when the owner of one smartphone OS points out said vulnerabilities to a rival, egos are always going to flare up. This appears to be the case here, with Apple offering its rebuttal to the Google claims, attempting to calm the waters.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case,” the statement reads.
Firstly, Apple claims the vulnerability was narrow, not broad-based as suggested by the Google blog post. Fewer than 12 websites were able to exploit the vulnerability. Secondly, Apple has claimed these websites were only operational for two months, as opposed to the two-year period which Google is claiming.
The vulnerabilities were reported to Apple in a responsible fashion in February, though last weeks blog from Ian Beer of Google’s Project Zero is what is irking Apple.
What Google pointed out to Apple in February is that there were several nefarious websites which exploited a flaw in the iOS programming to allow hackers access to iPhone users’ contacts, photos and location, as well as data from apps like iMessage, WhatsApp, Telegram, Gmail and Google Hangouts.
The vulnerability covered each version of the OS from iOS 10 through to the latest version of iOS 12, though it was not immediately clear from the blog post whether any data was actually taken from users. Apple has not offered any insight here either.
As mentioned before, the idea of searching for vulnerabilities is not new. Bug Bounties are often offered to individuals and companies to find and report the flaws to the company which owns the software in a responsible manner. Interestingly enough, bug bounty platform HackerOne has recently announced it has raised $36.4 million in a series D round of funding led by Valor Equity Partners.
We suspect Apple isn’t that concerned about a flaw being highlighted, its more who did the highlighting.
Aside from a few very minor ‘also rans’, the smartphone operating system market is dominated by two players; Google’s Android and Apple’s iOS. This is where you have to take the severity claims about the vulnerabilities with a pinch of salt; it is of course in the benefit of Google to make the vulnerabilities seem as serious as possible.
The publication of the Google post could have come at a better time for Apple considering it is set to unveil its latest iPhone tomorrow (September 10).
“A lack of 5G support in the new iPhone won’t surprise anyone, though it will still disappoint operators looking for 5G devices to help them drive traffic to new 5G networks,” said Peter Jarich, Head of GSMA Intelligence.
“At the same time, new features that are expected – improved camera functionality, improved processor, upgrade to Wi-Fi 6 – may all seem incremental rather than revolutionary, particularly if the product line and form factor line-ups remain relatively constant.”
As it is unlikely the new iPhone will offer anything particularly innovative or revolutionary, combined with the high likelihood of it costing a small fortune, Apple will want to quash any negative connotations. The iLifers are extremely loyal, but with 5G attracting headlines around the world, some might be tempted to jump ship to a 5G-compatible device. Google’s claim of vulnerabilities might encourage a few more.