It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.

Huge application. Dominating it’s industry. It had only one user on a DBs with a password that hadn’t been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The “Founder” thought he was clever because he’d turned of all logging on the DB and was under the impression if he couldn’t detect a breach he didn’t have to report it. The DB engines were so unbelievably old “community” versions of DBs. The password was something along the lines of <company name>1998!

They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it’s way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.

Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it’s nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.

But that’s A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I’ve seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there’s a breach AND a lawsuit from users. Before then there’s no victim and no crime.

Tldr; auditing software is a lot like what I imagine smoking crack is like.

I trust ads more than I trust them being sued for millions by regulators across the globe.

No wonder you ended up with an Apple device. Lol.

It’s not. iOS has just been awful for a long time and since it hasn’t been downgraded in recent memory and some people take that as a positive thing.

iOS does not have better privacy protections. Privacy is more than putting the word Privacy in an ad. French Regulators fined Apple millions for illegal data collection AND they’re still being sued by multiple orgs. In fact, you have no choice to opt out of the collection, only to opt out of it being used for personalization. Android has more granular controls over every permission. Until they really pull the plug GrapheneOS and others still count on Androids side as well.

Apple was cool before the iMac in '98. After that they’ve been drumming their products down. There is genuinely no advantage. “It just works” except it works less than my windows machine. “It’s more Unix like” Windows has WSL now. “Muh Enclave Chip” TPM is better. Both collect your data.

Anyone who prefers or likes Apple products does it because of vibes and appearance rather than anything with technical.

I do want to add, Android beating iOS in privacy isn’t a high mark. It doesn’t mean Android is good with privacy.

Hope and fairy farts mostly. I’m assuming they’ll branch out from what they have now if Android chooses to do that. Ala MariaDB.

iOS isn’t any better. I’m looking to OnePlus and maybe LineageOS. Hopefully GrapheneOS isn’t dead.