Sure, my wording isn't perfect. I don't have a watertight definition ready to go. To my mind the spirit of the thing is that (for example) if a site has an http endpoint that accepts arbitrary sql queries and blindly runs them then sending your own custom query doesn't qualify as an exploit any more than scraping publicly accessible pages does. Whereas if you have to cleverly craft an sql query in a way that exploits string escapes in order to work around the restrictions that the backend has in place then that's technically an exploit (although it's an incredibly minor one against a piece of software whose developer has put on a display of utter incompetence).
The point isn't my precise wording but the underlying concept that making use of freely provided information isn't exploiting anything even if both the user and the developer are unhappy about the end result. Security boundaries are not defined post hoc by regret.
Most tech businesses exist because problems exist. Tailscale delivers a solution that's available today. The only alternative is to sit and wait for IPv6. I don't imagine Tailscale is against IPv6 any more than security professionals are against memory-safe programming languages.
Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the app completely viewable and editable by the user.
There are not "exceptions"; there is one exception, and that's educational apps. But it's unclear why Pythonista is educational while the apps mentioned in the article are not. In fact, Pythonista is even listed in the "Productivity" section in the App Store.
Apple's own Swift Playground app does the exact thing that supposedly violates the rules, abusing an inconsistently-applied exception for "educational" apps [1].
Recent regulation doesn't help here, by the way. iOS apps submitted for "notarization" to be distributed in alternative app stores in the EU, Japan, etc. still must comply with a subset of the guidelines, including 2.5.2. EU is probably not interested in strengthening the DMA so that Apple doesn't have to approve everything because then it makes other EU regulations easier to bypass (e.g. Chat Control).
The "educational" exception is definitely a convenient loophole, but it raises questions about consistency and fairness in how these rules are enforced across the board
But do they do it whether you're logged in or not?
I noticed the ChatGPT app also checks Play Integrity on Android (because GrapheneOS snitches on apps when they do this), probably for the same reason. Claude's app doesn't, by the way, but it also requires a login.
You don't need a phone number to create a google account. (Though the account creation flow is inconsistent in this, in sone situations it will require a phone number, in some it won't.)
Proceeds to explain why your opinion is not "fine" but rather invalid, because Apple boiled you like a frog...
Every time someone mentions here that they're concerned macOS is becoming more like iOS, Apple apologists show up to explain how that's not actually happening. I guess now you guys have just accepted it.
> While sadly, it doesn’t look like there will be any ADB command you can send to your phone to make it immediately jump to the end of that 24-hour delay
There's also no evidence that adb-sideloaded app stores will be able to skip PackageInstaller's developer verification enforcement, so no, you will have to wait 24 hours to install F-Droid and actually use it.
Wasn't most of the hype surrounding the Motorola partnership based on the idea that you'd be able to get a device with GrapheneOS pre-installed, boosting the legitimacy of GrapheneOS as a competitor to Google Android? Sure, "GrapheneOS adds several more supported devices" is cool and all, but it's not nearly as exciting...
No. The bare minimum is that Motorola provides the needed baseline hardware security requirements to their future devices. Everything else is just a bonus. There could be green-boot support and/or preinstalled devices, but thats not a necessity. GOS benefits with an official hardware platform, potentially early partner access to AOSP source code, input on hardware and firmware decisions, and Motorola benefits by potentially having GOS features, better hardware security, and making tons of money from alternate OS users, GOS or otherwise.
> Apple's argument for locking down the iPhone but not the Mac has always been some variation of "Mac users are professionals and iPhones are for everyone."
That argument no longer holds water with the release of the Macbook Neo and the associated Tiktok advertising campaign [1].
That would be very similar to LiveContainer for iOS [1]. I think that unsandboxed JIT is still possible as of Android 16, but Google has been cracking down on it.
> IMO you need to actually work around a technical measure intended to stop you for it to qualify as an exploit.
Even well-known vulnerabilities like SQL injection don't qualify under this definition?
reply