> Because they were deceived by Apple's quality promises?

The point being, with Kaspersky as security experts, it really does call into question their judgement and expertise.

It's entirely rational to have believed iPhone to be more secure in the past, now believe Android is more secure, and yet remain on iPhone:

  1. At some point, weigh probabilities of exploits
  2. Update Bayesian priors as new evidence arrives
  3. Even if the initial decision currently appears incorrect, there needs to be a high enough difference in probability to justify switching, because in switching, you're still exposed to any persistent exploitation via the old exploits plus new exploits on the new platform

Switching back and forth the instant your Bayesian prior swings over/under 50% for Android being more secure than iPhone is a terrible strategy. (Also, you need to risk-weight your various exploit probabilities... security is a multidimensional quantity, so collapsing to a scalar is at least context-/threat-model-dependent.)

This is irrelevant to the fact that they claim expertise as to why the iPhone is less secure.

They aren’t just claiming it’s because of this one exploit or some exploit stats - they are making the claim that it’s because it’s not open source.

Since they knew this all along, we can conclude that they have poor judgment.

So, they discover a vulnerability in ios and publish the details of the symptoms of the exploit -- something that Apple themselves were unaware --, release a tool to detect indicators of compromise in iphone backups and yet, somehow they have poor judgment?

What should they be doing? Keep the discovery to themselves so those who claim iPhone is secure can continue living obliviously with their worldview unchanged? Wouldn't we accuse them of poor judgment if they did that?

It is quite reasonable for them to say the ecosystem being closed is making analysis and detection difficult. It is up to Apple to do what they want with that information.

If I'm understanding the GP correctly, they're asserting that any "real expert" would have anticipated being exploited on iPhone and would never have used iPhone.

I can see this point of view, but I feel expertise is more about skill in acquiring information and updating beliefs. In my view, real experts can be blatantly wrong, even about foundational facts, if they have an exceptional ability to update those beliefs.

No expertise is needed to say any os/device is likely to suffer an attack/exploit. Anyone who says that for any platformwill be right with a probability of 1.0

It issue is that their claim that the cause of the exploit is the propriety OS, is both not plausible (because otherwise Android would be far more secure than iOS), and is inconsistent with their alleged expertise.

It’s entirely possible that they are experts, but are making making a claim that is not based on their expertise, for reasons of political and marketing expediency.

They knew all along it was closed source, but that doesn't mean they believed all along (or at least were confident enough in their belief) that closed source resulted in higher risk of extant exploitable flaws.

Sure, I think a lot of people would think about it this way - but that just means they don’t have any real expertise.

Kaspersky says:

“We believe that the main reason for this incident is the proprietary nature of iOS.”

If the proprietary nature is the main reason for the incident, then Android should have been overwhelmingly more secure all along, and they should know this.

If they are only just figuring this out now, then they have been ludicrously ignorant for people who claim to be experts.

Occam’s razor says they really aren’t as expert as their marketing claims and they are trying to save face by blaming Apple.

Given that the Kremlin is blaming Apple and the NSA, perhaps Kaspersky is trying to deflect blame for not having warned Russian diplomats about the issue.

I feel this is likely going to devolve into a semantic argument over the true definition of real expertise. A key sticking point will likely be volume of a priori knowledge vs. skill in acquiring and synthesizing knowledge.

The issue is their claim that the cause was the proprietary nature of iOS.

This is inconsistent with their claims of expertise.

That’s the issue. I believe the claim isn’t being made because they are experts or because it is true, but rather to deflect blame for marketing and political reasons.