Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#apple’

apple

Apple is portraying itself as the defender of privacy in the tech world, but it’s one slip away from embarrassment

January 10, 2019

Analysis: Apple has continued to ratchet up its criticism of competitors in a bid to differentiate itself as the “most secure” tech company.
The move is a risky one, as Apple is exposed on several fronts to possible privacy and security leaks and breaches, putting it one step removed from a significant reputation dent that could further hurt sales.
Kate Fazzini

CNBC.com
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
John Gress | Reuters
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
Apple ramped up its efforts this week to differentiate its business on the basis of privacy and security, a risky move given risks to its cloud-based backup service and a challenging privacy environment globally, particularly in China, where the company says it is struggling.

Apple took a high-profile swipe at Google, Amazon and Facebook at this year’s Computer Electronics Show, with a full-building ad touting “What happens on your iPhone, stays on your iPhone.” CEO Tim Cook has criticized competitors for their privacy practices and their willingness to share data with third parties.

Apple is now also reportedly hiring ex-Facebook engineer Sandy Parakilas, who called Facebook a “living, breathing crime scene” because of its misuse by Russian hackers in the 2016 election. (Parakilas is reportedly taking an internal spot as a privacy product manager at Apple, a role not likely to include public-facing statements like these in the future).

For sure, Apple’s core business is different from Facebook’s and Google’s. Apple makes the bulk of its money selling iPhones and other computing devices, and charging consumer subscriptions for things like Apple Music. That means Apple has little reason to compile detailed information about users, and even less incentive to sell that information to third parties. But Facebook and Google make the vast majority of their money from advertising.

But putting such a big stake in privacy as a differentiator may be a risky business move.

First, Apple is just one iCloud breach away from an embarrassing incident that could damage its “what happens on your iPhone, stays on your iPhone” claims.

Scandals in the past years involving major celebrities who have had nude photographs stolen from their iCloud archives have been dangerously close. Apple has said these incidents involved username and password theft, giving criminals access to iCloud files through the celebrities’ password information, not a breached iCloud database.

But iCloud relies on the same cloud-based network architecture most companies rely on, including Amazon Web Services, Google’s cloud platform and Microsoft Azure. No database is impenetrable, and that includes those iCloud uses. A single instance of leaked data or an insider theft could put the company at serious reputational risk.

Third-party applications are also a potential sticking point. From a security point of view, Apple’s app store has stringent safeguards in place that make it more resilient to security issues like application spoofing than competitors such as Google’s Play store.

But independent iPhone apps still have the capacity to misuse data. The company routinely removes applications from the store for providing user information to unauthorized third parties. The New York Times reported earlier this year that numerous free iOS apps track detailed user information and provide it to third parties.

So Apple may also be one data-tracking scandal away from significantly denting the idea that data necessarily “stays on your iPhone.”

Tags: , ,

emailtracking-ta

Apple’s App Store Privacy Crackdown May Hurt Facebook’s Onavo

June 15, 2018

Apple Inc.’s new rules for app developers limit their ability to harvest user contact data, but they also could hurt a key app owned by Facebook Inc. called Onavo Protect.

The iPhone maker’s updated App Store Review Guidelines ban applications that “collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.” This could give Apple grounds to remove the Onavo app, although the software is still available despite the rules kicking in last week.

Onavo Protect, when installed on an iPhone or Android device, uses a virtual private network to scan incoming and outgoing internet connectivity. It also gathers information about users’ devices, their location, apps installed on the gadgets and how people use those apps, what websites they visit, and the amount of data used, Facebook wrote in answers to Congressional questions that the social network operator posted online Monday.

Onavo collects data on other apps via networks, rather than through devices. The iPhone maker already blocks apps from getting information from other apps on the device itself via a technology called sandboxing.

Apple’s new guidelines “sound like they’re almost written in response to what Onavo and others have been doing,” said Will Strafach, a researcher who has studied Onavo Protect and focuses on the security of Apple’s iOS mobile operating system. A Facebook spokeswoman declined to comment.

Apple has criticized Facebook this year for privacy missteps, and the iPhone maker recently announced new controls for iPhones, iPads and Macs that will limit how internet companies like Facebook and Google track web browsing.

Tags: , ,

ransomware

Senator Franken asks Apple for privacy guarantees around Face ID data

September 15, 2017

A friendly letter from Senator Al Franken (D-MN) to Apple requests that the latter provide a few more details on the tech behind its Face ID system, which allows users to unlock their iPhone X using facial recognition.

It’s very far from a nastygram; the Senator pretty clearly just wants to cover a bit more ground than Apple had time for in its presentation yesterday. He writes:

I am encouraged by the steps that Apple states it has taken to implement the system responsibly. However, substantial questions remain about how Face ID will impact iPhone users’ privacy and security, and whether the technology will perform equally well on different groups of people. To offer clarity to the millions of Americans who use your products, I ask that you provide more information on how the company has processed these issues internally, as well as any additional steps that it intends to take to protect its users.

Face ID, which uses a Kinect-like system to scan the user’s face and only lets a matching faceprint unlock the phone, is being treated with some skepticism in the tech community. An onstage flub during the iPhone event didn’t help, but there are some usability concerns (how do you unlock your phone while it’s on the table a couple of feet away? Surely not a PIN?) and privacy ones as well.

Of course, there were similar concerns when Apple debuted Touch ID’s fingerprint recognition — and sure enough, Sen. Franken wrote a letter then, too.

His letter today is well-informed as to the potential weaknesses of facial recognition systems. For example, he asks what the source was for the billion face images Apple touted as the training set for the system, since a lack of diversity there could lead to underrepresented groups being unable to use Face ID.

He also asks whether Apple has any plans to use faceprint data for any purpose other than Face ID, whether it’s possible for Apple or any interested third party to extract that data from the phone, and whether the data might be stored remotely.

Interestingly, he asks whether there are any protections against a person being forced to unlock the phone by someone else holding it up to their face. Kind of dark, Senator!

Lastly, he asks how Apple will respond to law enforcement requests for faceprint data. That’s a sticky issue right now considering the amount of pressure tech companies are under to identify users, respond to law enforcement requests and so on.

If Apple’s answers are anything like the answers it gave in its response to the 2013 letter, the gist will be that because the faceprint is stored in the Secure Enclave and therefore is inaccessible to Apple, its services or its partners, many of these questions will be moot.

For the remaining questions, however, I look forward to Apple’s responses and evasions, each of which will likely be illuminating in its own way. Apple is requested to respond to the Senator by October 13.

Tags: , , ,

android-png-cf

700 million Android phones have spying firmware preinstalled

December 21, 2016

The term “mobile phone security” is something of a joke these days, with the number of exploits, bugs, and breaches that are endlessly assaulting us and putting our personal information at risk. So, when security outfit Kryptowire sounded the alarm on Chinese company Adups for using its preinstalled apps to spy on Android users with Blu smartphones, it wasn’t exactly a shock. Now, however, the impact of Adups alleged spying is growing in magnitude, and it’s dragging other Android device manufaturers into the quagmire.

Don’t Miss: Accidental drops? Water dunks? The AirPods seem to be practically indestructible

Adups is a company that facilitates over-the-air updates for mobile devices, so its firmware is preinstalled on lots of devices. However, the firmware does much more than it claims, and has the ability to snoop in areas that it shouldn’t, and without the user ever knowing. That information can then be collected by Adups for whatever purposes it desires.

Trustlook, another digital security firm, dug deeper on what devices utilize Adups and could be used by the Chinese company to scrape your private information, and the list is absolutely massive. Trustlook says that over 700 million Android smartphones have Adups firmware installed that puts the user at risk of having text messages, call histories, and device information collected without their knowledge or consent.

Many of the manufacturers who utilize Adups are smaller companies who only release their devices in Asia or specific smaller markets. However, there are a few notable names on the list, including Lenovo, ZTE, and the aforementioned Blu.

The Blu R1 HD was the first device found to be relaying this sensitive information back to Adups, and the company took action to halt the app’s nefarious habits, but it’s now up to the rest of the dozens and dozens of manufacturers on the list to do the same. The best course of action right now seems to be keeping the phone as updated as possible, and installing any security patches that come down the pipeline.

Tags: , ,

featured image 7

Here’s why the FBI forcing Apple to break into an iPhone is a big deal

February 17, 2016

When U.S. Magistrate Sheri Pym ruled that Apple must help the FBI break into an iPhone belonging to one of the killers in the San Bernardino, Calif., shootings, the tech world shuddered.

Why? The battle of encryption “backdoors” has been longstanding in Silicon Valley, where a company’s success could be made or broken based on its ability to protect customer data.

The issue came into the spotlight after Edward Snowden disclosed the extent to which technology and phone companies were letting the U.S. federal government spy on data being transmitted through their network.

Since Edward Snowden’s whistleblowing revelations, Facebook, Apple and Twitter have unilaterally said they are not going to create such backdoors anymore.

So here’s the “backdoor” the FBI wants: Right now, iPhone users have the option to set a security feature that only allows a certain number of tries to guess the correct passcode to unlock the phone before all the data on the iPhone is deleted. It’s a security measure Apple put in place to keep important data out of the wrong hands.

Federal prosecutors looking for more information behind the San Bernardino shootings don’t know the phone’s passcode. If they guess incorrectly too many times, the data they hope to find will be deleted.

That’s why the FBI wants Apple to disable the security feature. Once the security is crippled, agents would be able to guess as many combinations as possible.

Kurt Opsahl, general counsel for the Electronic Frontier Foundation, a San Francisco-based digital rights non-profit, explained that this “backdoor” means Apple will have to to write brand new code that will compromise key features of the phone’s security. Apple has five business days to respond to the request.

What does Apple have to say about this? Apple CEO Tim Cook said late Tuesday that the company would oppose the ruling. In a message to customers published on Apple’s website, he said: “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data.”

Back in December, Cook defended the company’s use of encryption on its mobile devices, saying users should not have to trade privacy for national security, in a broad interview with 60 Minutes. In the interview, Cook stood by the company’s stance of refusing to offer encrypted texts and messages from users.

What does this mean for the next time the government wants access? The order doesn’t create a precedent in the sense that other courts will be compelled to follow it, but it will give the government more ammunition.

What do digital rights experts have to say? There are two things that make this order very dangerous, Opsahl said. The first is the question is raises about who can make this type of demand. If the U.S. government can force Apple to do this, why can’t the Chinese or Russian governments?

The second is that while the government is requesting a program to allow it to break into this one, specific iPhone, once the program is created it will essentially be a master key. It would be possible for the government to take this key, modify it and use it on other phones. That risks a lot, that the government will have this power and it will not be misused, he said.

And the lawmakers? Well, they are torn. Key House Democrat, Rep. Adam Schiff, D-Calif., says Congress shouldn’t force tech companies to have encryption backdoors. Congress is struggling with how to handle the complex issue.

On the other side of things, Senate Intelligence Committee Chairman Richard Burr, R-N.C., and Vice Chair Dianne Feinstein, D-Calif., say they want to require tech companies to provide a backdoor into encrypted communication when law enforcement officials obtain a court order to investigate a specific person.

What now? This could push the tech companies to give users access to unbreakable encryption. To some extent, it’s already happening. Companies like Apple and Google — responding to consumer demands for privacy — have developed smart phones and other devices with encryption that is so strong that even the companies can’t break it.

Tags: , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
fb featured image
Privacy Problems Mount for Tech Giants
January 21, 2019

By Sam Schechner Jan. 21, 2019 6:30 a.m. ET Big tech companies have taken a public lashing in th...

Read more
pr
Why data privacy is hot and machine learning is not
January 15, 2019

by RAFAEL LAGUNA — 1 day ago in CONTRIBUTORS Looking back on the past twelve months, we will all ...

Read more
apple
Apple is portraying itself as the defender of privacy in the tech world, but it’s one slip away from embarrassment
January 10, 2019

Analysis: Apple has continued to ratchet up its criticism of competitors in a bid to differentiate i...

Read more
privacy-coins-and-bitcoin-dominance-guide
Editorial: Privacy Lessons From Google
December 28, 2018

Thursday, December 27, 2018 Congress is eyeing a federal privacy framework for 2019. But what about...

Read more
pp
Why Privacy Needs All of Us
December 17, 2018

By Cyrus Farivar Dec 17 2018 - 7:30am An excerpt from "Habeas Data: Privacy vs. the Rise of Surve...

Read more