Exemple: How does Apple guarantee that the iOS source code will not be discovered by an adversary?

Is there any type of different encryption for this case?

  • @hperrin
    link
    English
    4
    edit-2
    9 months ago

    A lot of iOS is open source.

    But to actually answer your question, most companies of a big enough size will issue the devices their workers use to them, that way they own the machine the source code will be on, rather than the employee. They will also have some sort of enterprise management software on it that gives them remote administrator access to delete everything in case the device is stolen.

    As for disk encryption, they use the same disk encryption methods consumers use.

    But sometimes source code does leak. Either accidentally or maliciously. Often times, that source code isn’t really useful to anyone else. Like when Facebook’s source code leaked, it wasn’t really that big of a deal, because Facebook is the only company that has the tech stack in place to run it. And it’s not like Google is gonna blatantly steal Facebook’s code.

    The biggest risk to leaked code like that is that someone will discover a vulnerability in it and use that to compromise the company’s service.

    Often times the employee (or ex employee) who leaked the code can be found and sued or prosecuted. It’s an incredibly stupid thing to leak that kind of code, because it really doesn’t gain you much if anything, and puts you in huge legal jeopardy.

    Source: I’ve worked as a software engineer for Facebook, Google, and Microsoft.