This whole thread is chockful of thought-terminating cliches, and I say that as someone who grew from a waiter to a developer thanks to Apple and made a lot of these arguments.
I also worked on Android Wear's iOS app for working with iPhones.
The major problem I see now with these excuses, that I'd like to claim wasn't an issue when I was making them circa 2015-2017, is they're cargo cult (a la Apple likes making things that just work) or boogeymen (if they did anything different, a bluetooth connection would be used, unencrypted, sending all your data into the ether).
The watch has been out for 10 years.
Software is software. Where there's a will, there's a way.
It's very, very, very, hard to believe there's 0 way for Apple to ensure an encrypted connection.
Put another way, avoiding the global observations: If it's impossible, why allow watches to be paired at all?
extreme handwaving hand-me-down 6 year old iBook(?) circa 2005 => wow software can be beautiful => hacking on AppleScript => hacking on iPhone OS 1.1.4 decompiled SDK => iPhone 2 with the App Store(tm) => shit, I can make money off this? => dropout => startup => sold it => saw what an acquisition looks like => by the grace of god herself, somehow made it through Google interviews.
(happy to detail more, like everyone, I love talking about myself :P but figured I'd start with the TL;DR, i.e. the App Store + subsequent boom happened at such a time that made it seems reasonable, years later, to dropout, and having 0 responsibility outside restaurant shifts gave me a fulcrum)
> that I'd like to claim wasn't an issue when I was making them circa 2015-2017,
Well, I wouldn't say that the standards for (software) security were anywhere near as high as they are now. It makes sense that our requirements for things change.
> It's very, very, very, hard to believe there's 0 way for Apple to ensure an encrypted connection.
Sure there are ways, but without regulation I struggle to see why should/would Apple ever bother. Nor do I think that a forced way would be held to the same standards as the rest.
> Put another way, avoiding the global observations: If it's impossible, why allow watches to be paired at all?
Yes, but they can actually know it fulfils some security criteria of theirs. Doesn't have fundamentally broken cryptography hidden somewhere, doesn't leak its keys, all that bare minimum is really difficult to guarantee with external unknown implementations.
I also worked on Android Wear's iOS app for working with iPhones.
The major problem I see now with these excuses, that I'd like to claim wasn't an issue when I was making them circa 2015-2017, is they're cargo cult (a la Apple likes making things that just work) or boogeymen (if they did anything different, a bluetooth connection would be used, unencrypted, sending all your data into the ether).
The watch has been out for 10 years.
Software is software. Where there's a will, there's a way.
It's very, very, very, hard to believe there's 0 way for Apple to ensure an encrypted connection.
Put another way, avoiding the global observations: If it's impossible, why allow watches to be paired at all?