I should have elaborated even further, because I already suspected that someone would nitpick that phrasing. So let me explain the difference:
"according to law-enforcement officials" - they are clearly not experts in tech and are unaware of the crucial difference between Apple and Android in this scenario.
The most significant difference is that Google explicitly stated their system includes "reasonable time-limited protections against hijackers changing passwords or recovery factors" - but only if users have properly configured recovery options beforehand.
According to Google's official statement: "Google Account Recovery flows also have reasonable time-limited protections against hijackers changing passwords or recovery factors set up by the legitimate users - provided users have set up a recovery phone and/or recovery email."
In contrast, the WSJ article describes how on iPhone:
- Thieves could immediately change the Apple ID password using just the device passcode
- there was no waiting period or time-limited protection mentioned
- Once changed, victims were instantly locked out with no grace period
- Apple's Recovery Key feature could be enabled by thieves to permanently lock victims out
Android users on the other hand could proactively:
- Set up recovery email and phone numbers that would be retained for 7 days after changes
- Enable Google's Advanced Protection Program, which specifically blocks PIN-based password resets entirely
- Configure multiple recovery options that created additional barriers
Apple users had limited options, the article mentions security keys could be added, but testing showed "security keys didn't prevent account changes using only the passcode, and the passcode could even be used to remove security keys from the account". This made Android's vulnerability more preventable and recoverable for users who had properly configured their security settings in advance, whereas Apple users were stuck and vulnerable to the pin-hijack until fixed, because iOS did not offer any similar protections such as time-based safeguards.
Well you realize it’s not a good look to post a citation and then immediately say the article is wrong only about the part you disagree with? See “Gell-Mann amnesia effect”.
But Apple implemented features to block that over a year ago.
https://support.apple.com/en-us/120340
> Well you realize it’s not a good look to post a citation and then immediately say the article is wrong
I did not say that the article is wrong, don't misquote me. You are also still failing to understand what the crucial difference is:
An iPhone was vulnerable to the pin-hijack, because of its limited security options - a security aware user was as vulnerable as an amateur.
An Android phone was only vulnerable if it was NOT properly secured.
So 100% of iPhone users were vulnerable, while Androids were only vulnerable if misconfigured.
So I was and I am still 100% correct, but you simply decided to nitpick that one sentence of mine that was prone to being nitpicked without bothering to understand what the significant difference between the systems were.
>But Apple implemented features to block that over a year ago.
Yes they did, after a lot of time and pressure. And if you read my comment again, you can see that I have already stated that they have implemented it. So what's the point of you telling me something that I have already mentioned several times?
If you’d just said all of this upfront, it would’ve come across as more honest / less confrontational.
>If you’d just said all of this upfront, it would’ve come across as more honest / less confrontational.
"I should have elaborated even further, because I already suspected that someone would nitpick that phrasing . So let me explain the difference:" https://news.ycombinator.com/item?id=45690226
After me clarifying what I've meant, the response wasn't "Oh I see now what you intended to say, thanks for elaborating", but misquoting me and making hostile and snide comments. That is someone who wants to be confrontational and lacks honesty in trying to understand what was meant in the first place.