During preparation for a workshop at DEF CON in August on locating privacy leaks in network traffic, we discovered a number of applications on both iOS and Android that were broadcasting precise location data back to the applications’ developers – in some cases in unencrypted formats. Research released late Friday by Sudo Security’s Guardian mobile firewall team provided some confirmation to our findings – and demonstrated that many apps are sharing location data with firms that market location data information without the users’ knowledge.
Is anyone still surprised by this? Apple was recently also forced to remove one of the most popular apps in the Mac App Store because it turned out to be spyware. The one redeeming feature of closed application stores is that they’re safer – if that advantage turns out to be a lot less solid than proponents of walled gardens proclaim, why do we keep insisting on maintaining them?
The one redeeming feature of the police, an organised group of armed people given special powers to detain and question other people, is that they’re make our communities safer – if crimes are still committed, why do we keep insisting on maintaining them?
False analogy, because police’s sole reason for existence is to protect the people.
An app market walled garden’s sole reason for existence is to protect the economic interests of the app markets owner, not to protect the people that use it – at least not as a direct reason, you can raise the argument that it’s an indirect reason because people are more likely to leave if you can’t guarantee their protection, but in case of (quasi-)monopolies that’s not really happening, so they can just do whatever they want.
According to every single iPhone owner this is only a problem on Android and no amount of research will change that. Too much cool-aid is bad for you. Sorry, juice. I meant juice!
I am sure that as long as you install the latest version of Android, which includes all the latest security fixes, you are more or less as secure as iOS.
Can you see the weak link?
That’s only a valid argument if said applications were to exploit known bugs or leaks in older Android systems.
In this case, they just use readily available APIs to which they are given access by the user upon installation, so it does not matter whether the systems those apps run on are up to date.
Edited 2018-09-12 13:56 UTC