Commentary
6/24/2015
08:05 AM
Pablo Valerio
Pablo Valerio
Commentary
Connect Directly
Twitter
RSS

iOS 9, Android M Place New Focus On Security, Privacy

Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users.



8 Ways MDM Can Ease IT Pain
8 Ways MDM Can Ease IT Pain
(Click image for larger view and slideshow.)

I've been using an Android smartphone for the past four years. Since the beginning I have been troubled by the number of permissions many apps require before being installed, and by the almost impossible task of disabling those permissions.

If you want an app such as Twitter to be installed on your Android device, you need to accept a bundle of permissions that include: Identity, contacts, location, SMS, photos/media/files, camera, microphone, WiFi Connection, device ID, and call information. This is just to be able to tweet and read your Twitter feed. The only permission you can actually block on Android now is access to your location, which will have to be disabled for all apps at the same time.

Permissions for Apple iOS devices are no different. While Apple allows users to block apps accessing your contacts and location information, the rest of the permissions apply.

(Image: James Anderson/iStockphoto)

(Image: James Anderson/iStockphoto)

If you have the possibility to root your smartphone and install a different Android OS, such as the one from Cyanogenmod -- I use it on my Sony Xperia phone -- then you can enjoy more control of the privacy settings and disable any permission by app.

Basically there are three permissions that app developers are reluctant to part with: Contacts, browsing history, and location information. This information is the Holy Grail for targeting advertisements.

That is why another permission is becoming omnipresent: WiFi connection info. Since many users are turning off location sharing in order to protect their privacy, app developers have found a way to zero in on the location of the device by looking at WiFi data and matching it with that of other users. The WiFi routers your phone sees during normal operation can be mapped to physical locations with great precision. Out of thousands that you may pass every day just a few are necessary to reconstruct most of your mobility.

The only way to avoid it is to turn off WiFi altogether.

Apple and Google have been heavily criticized for not giving users more control. Meanwhile, corporations are investing billions in Mobile Device Management (MDM) software from companies such as AirWatch, Samsung, and Blackberry in order to block access to sensitive data on mobile devices.

Emphasis On Privacy

However, this dynamic is starting to change. Recently, Apple and Google, during their respective developers conferences, announced new versions of their mobile platforms that will give users more control of the information that apps can mine on the devices. That ability will increase encryption and security.

The next version of Android, codenamed M, will allow users to install apps without agreeing to permissions first. Then they will be able to authorize the app to access some information, such as location, on a one-time or permanent basis. It will also enable hardware developers to start using biometric identification such as fingerprints as part of the Android security settings.

[Read about what you missed at Apple's WWDC.]

Apple's iOS 9 will increase security PINs from four to six digits, making it 100 times harder to break by brute force. Both companies want users to get more comfortable with two-factor verification for certain services, something that Google has been offering for some time now.

But one of the most significant changes to iOS 9 is its new "App Transport Security," which helps app developers use the HTTPS to encrypt Internet traffic. Most apps today are sending and receiving Internet data without any encryption.

Android M and iOS 9 will offer encryption by default, something that law-enforcement agencies have been aggressively fighting. But the two companies have publicly challenged the requirement to give US agencies backdoors out of desires to genuinely increase users' security and to protect their businesses in other countries. 



If they give backdoors to the FBI or GCHQ, can they continue to sell iPhones and Nexus devices in Germany and China?

During a recent event at the Electronic Privacy Information Center, Apple's CEO Tim Cook was adamant about encryption.

[Take a look at Google I/O.]

"We believe that people have a fundamental right to privacy. The American people demand it, the Constitution demands it, morality demands it," Cook said. "So let me be crystal clear -- weakening encryption, or taking it away, harms good people that are using it for the right reasons. And ultimately I believe it has a chilling effect on our First Amendment rights and undermines our country's founding principles."

(Image: Stephen Krow/iStockphoto)

(Image: Stephen Krow/iStockphoto)

Another Apple executive explained the company's policy about collecting data: "We don't mine your email, your photos, or your contacts in the cloud to learn things about you," said Craig Federighi, Apple's senior vice president of software engineering, at this year's Worldwide Developers Conference in San Francisco. "We honestly just don't want to know."

Google And Apple Still Capture Information

However, Google and Apple are not offering any restriction on their ability to collect information.

As the original writers of the code, they have the possibility to access all functions of the operating systems without limits, and they make full use of that. Apple is famous for turning on Bluetooth on iOS devices every time it sends a software upgrade in order to enable marketers to detect shoppers and send them instant offers.

I believe this is the price we have to pay to use a smartphone.

As Dan Geer, chief information security officer for In-Q-Tel, writes for the Christian Science Monitor Passcode security website: "If your personal 'expectation of privacy' is based on the impossibility of observability or even the impossibility of identifiability, then your logic [...] is temporary and weak," Geer wrote, adding, "There is no mechanistic difference whatsoever between personalization and targeting save for the intent of the analyst. To believe otherwise is to believe in the Tooth Fairy. To not care is to abandon your duty."

Pablo Valerio has been in the IT industry for 25+ years, mostly working for American companies in Europe. Over the years he has developed channels, established operations, and served as European general manager for several companies. While primarily based in Spain, he has ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service