I'm sorry, but you didn't make a case for bundling together and why finer grain control is would not make sense.
I have no doubt that the problems you guys solve are incredibly complex. There is no question about that.
But does bundling really make sense? I'm not sure why being subject to a 2G downgrade attack is relevant to my threat model including message attachments or FaceTime.
For example, going to a concert, protest, or any large gathering greatly increases my chance of being subject to a 2G downgrade attack but I'm unconvinced it increases my chances of multimedia or FaceTime based attacks.
These fall together in an high enough level but doesn't all security issues? A step down in abstraction and I don't think these are linked.
But you're the expert here. I'll trust you over me, but would like to better understand what I'm missing. This is Hacker News. We can expect everyone here to be familiar with programming and basic security here. So get technical with me
Also security engineer here. You're thinking too small and in the wrong direction. You're not protecting against 2G downgrade attacks, you're protecting against an attacker who has a whole library of things to try on you to see what works.
Lockdown mode is intended to protect against sophisticated actors, the kind who will buy 0days for six or seven figures, roll it into a new version of their product and sell it to governments.
Lockdown mode blocks the riskiest parts of the platform. For example, iMessage no longer automatically unfurls links, because anyone can send you a message and potentially send an exploit that your phone happily triggers without you doing anything.
You don't get to pick a la carte because Apple wants the feature to be effective and simple to enable.
[dead]