$opts[CURLOPT_SSL_VERIFYPEER] = false;
$opts[CURLOPT_SSL_VERIFYHOST] = 2;
That's not wrong, but it still doesn't explain to me why I, as a user, should trust both application A and site B that have agreed to trust each other with a self-signed certificate. The reason was have the CA model is to introduce a trusted third-party* that can verify for us that everything is on the up-and-up. The user should not be in the position of having to trust unknown parties.
*Yes I know the CA companies have problems. Maybe the model is so broken by nature that it doesn't matter, but it's still true that the self-signed model bypasses it.
it does not delegate trust to some 3rd party that might screw up and cause things to have be changed, or risk compromise
Instead, the company that issues the self-signed certificate is to be trusted not to screw up? "Just take our certificate, it's fine, trust us".
If Alice and Bob trust each other, this is OK, but what if Bob is bumbling idiot? What about when Alice and Bob, who trust each other, tell Mallory to trust them to trust each other, and Carol mistakenly trusts Mallory?
Presumably you can write them for iOS, and I have no doubt that there are plenty of apps on the AppStore that are playing fast and loose with SSL trust managers.
True fact: I have written Java code to allow for self-signed or any old cert over SSL, or even none. It's not hard to find plenty of sample code. In the course of my employment the code was used for testing only and either not part of a production build or disabled by default in production, but I cannot say what other developers or teams may have done in with my code in their systems.
Why the authors focused on Android and why they felt the need to blame the OS rather than alerting people to cruddy apps, one can only speculate.
Spreadsheets -- well, Excel really -- are inescapable in business.
I know personally of complex multimillion dollar deals in the oil and gas business involving buying and selling entire refineries and gas pipelines where the numbers were all worked out on a spreadsheet.
The insurance industry lives on the spreadsheets put together by the actuaries.
The only consistent reason I've seen for Excel users will give up their rows and columns and have bespoke software created is when the dataset gets cumbersomely large. A secondary reason is when the kinds of calculations needed can't be cobbled together with Excel's function and macro tools. Even then, it's not unheard of for users to demand summary/aggregate reports and analytics that they then copy the numbers from into their spreadsheet to do their scenarios.
Just keep in mind the next time you hear about big money moving around in some deal -- somewhere someone probably had a pivot table for that.
Never test for an error condition you don't know how to handle. -- Steinbach