Apple slams Google for 'stoking fear' among iPhone users
Google had reported an iOS vulnerability
Google's reporting of a major iOS security vulnerability has been criticised by Apple, which says its rival had exaggerated the impact of the situation.
Last month, Google’s Project Zero research team detailed a flaw that could see user data, such as files, messages and location data, compromised if a user with an affected device visited a malicious website.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” Google's team had said.
- The best Android antivirus apps of 2019
- Over a billion Android phones vulnerable to phishing attack
- Apple is now making it easier to get an iPhone repair
Apple Google security
The vulnerability was patched six months ago and Apple says it was already in the process of fixing the flaws when it was contacted by Google. Indeed, it says the issue was resolved just 10 days after the communication.
However Apple has taken issue with Google’s disclosure. It refutes the suggestion that the target was ‘indiscriminate’, arguing that fewer than a dozen sites were affected – mainly those serving the Chinese Uighur community, and says the post unnecessarily caused panic among iOS users.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised,” says Apple. “This was never the case.”
Apple regards the relative security of the iOS platform as a key differentiator, so the topic is a sensitive one for the company.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The company launched a bug bounty programme for iOS three years ago, offering up to $200,000 to ethical hackers that responsibly reported vulnerabilities. However it increased the upper limit to $1 million earlier this year, a move which would combat claims the rewards on offer were too low.
"Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies," a Google spokesperson told TechRadar Pro.
"We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”
- Here are the best iPhone deals for August 2019
Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.