XPost: misc.phone.mobile.iphone
From: mariasophia@comprehension.com
Maria Sophia wrote:
> The amount of energy required to get folks on this newsgroup to
> understand how iOS works is so immense, they'll never get to why.
>
> But I will.
Getting back to the question posed in the original post of this thread:
Q: Why does iOS ask for your passwd even though you never logged out?
A: ?
At this point the question is no longer whether iOS works the way it
works. That has been demonstrated repeatedly with Apple documentation,
multiple user reports, and direct testing. The remaining question is
why only iOS behaves this way when other consumer platforms do not.
The answer appears to come from three design choices Apple made that
Android and Windows do not make, so here's my first-pass explanation.
1. iOS is built around a single identity authority. One Apple ID
controls App Store, iCloud, Find My, Activation Lock, device
restore, purchases, subscriptions, keychain sync, and more.
Android does not use a single identity authority. Google accounts
control Play Store and some sync features, but device security,
restore, and OEM services are separate. Windows is even more
decoupled, with Microsoft accounts used for Store and sync, but
device security and activation are independent.
Because iOS centralizes identity, it uses multiple authentication
tokens with independent expiry. Android and Windows do not
centralize identity this way.
2. iOS couples identity to device security state. Activation Lock,
Find My, restore authorization, and device association all depend on
Apple ID authentication.
Android does not tie device unlock, restore, or factory reset to the
Google account in the same way. Factory Reset Protection exists, but
it does not block normal device use when tokens expire. Windows does
not restrict device functionality when Microsoft account tokens
expire.
When required tokens cannot be refreshed iOS restricts device
functionality. Android and Windows do not behave this way.
3. iOS uses short lived tightly scoped tokens. Apple documents ID
tokens, authorization codes, App Store session tokens, purchase
validation tokens, StoreKit transaction tokens, and renewal info
tokens.
Android uses fewer tokens with longer lifetimes. Google Play uses a
long lived account token and a purchase token that does not affect
device functionality. Windows uses even fewer tokens, with long
lived Microsoft account credentials and no device level coupling.
Each iOS token has its own expiry and scope. Android and Windows use
fewer tokens with longer lifetimes and less coupling.
No other operating system ecosystem "bricks" (Activation Lock) your device
if you simply refuse to re-authenticate when constantly asked to.
These design choices explain why only iOS behaves this way.
The Draconian behavior of only iOS is not caused by user actions.
It is the result of Apple's chosen architecture which no other operating
system vendor has chosen to implement (not even Apple for macOS).
Only iOS behaves this way because only Apple chose:
A. a single identity authority,
B. tight coupling between identity and device security, and
C. a large ecosystem of short-lived authentication tokens.
Android & Windows deliberately avoid all of these poor design choices. The
resulting differences in behavior are the direct consequence of Apple's
architectural decisions, which only iOS users (no other OS does this).
--
The amount of energy required to get folks on this newsgroup to
understand how iOS works is so immense, they'll never get to why.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
