I hate this take. That is not how security should look on consumer devices at all and it’s one of the ways the security industry is being co-opted to ruin consumer devices. The user is not the attacker on a consumer device. Consumer devices should provide tools to enable strict protections and allow the user to choose. It should be easy to put the device into the fully locked down state at instal/initial provisioning, likely even the default, but it should also be easy to deviate from that during provisioning. After provisioning it should, of course, be incredibly hard or impossible to go from the locked-down state to the nonlocked-down state without wiping data.
So it’s doing security correctly.
That’s like saying martial law is doing security correctly.
I hate this take. That is not how security should look on consumer devices at all and it’s one of the ways the security industry is being co-opted to ruin consumer devices. The user is not the attacker on a consumer device. Consumer devices should provide tools to enable strict protections and allow the user to choose. It should be easy to put the device into the fully locked down state at instal/initial provisioning, likely even the default, but it should also be easy to deviate from that during provisioning. After provisioning it should, of course, be incredibly hard or impossible to go from the locked-down state to the nonlocked-down state without wiping data.