I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does. It is only a very small subset of the population that considers security, even secondarily. And if they do, many don’t understand enough about it to implement it properly. The article in question asks if users should upgrade to the newly released iOS, version 9.3.3. Hold off on OS updates? Seriously?
In the past I have recommended Codebook Secure Notebook as an alternative to iOS’s native notes application. I even went so far as to recommend NOT using the native Notes app. However, I have recently completely reversed my position on this. A third-party app is no longer needed to secure your notes. Beginning in iOS 9.3.2, notes in the native Notes application can be secured with a password. When password protected, notes are encrypted with AES-128. This eliminates the need for a third-party application, which reduces overall attack surface. Taking advantage of iOS encrypted notes is extremely easy and intuitive. Continue reading “iOS Encrypted Notes”
This week has been awash in coverage of a federal court ordering Apple to unlock an iPhone 5c used in the San Bernardino shooting. This story began for me when I awoke Tuesday at 5 a.m. EST to half a dozen text messages linking me to Tim Cook’s “A Message to Our Customers.” I have had almost a week to digest the letter, follow the story, and reach some conclusions. My thoughts and observations on the “Apple vs. FBI” debate are listed below.
- The FBI has chosen to use this issue to paint encryption in an unfavorable light. This single issue has advanced the government’s position that encryption is a tool for terrorists and criminals. James Comey (the Director of the FBI) has long been an outspoken advocate for encryption “backdoors” and “front doors” but until now has had few concrete examples to sell the public on such mechanisms. This is the chance they have been waiting for.
- There is probably very little to find on the phone in the first place. I talked about why I believe this a couple weeks ago on a podcast interview. I talked about why I believe this which basically boils down to: there isn’t much to find on the phone that can’t be gotten elsewhere. Jonathon Zdziarski posted an even more thoughtful list of reasons this device probably doesn’t contain anything of real intelligence value.
- This is an opportunity for the FBI to put Apple in the unenviable position of looking unreasonable and uncooperative. It’s just one phone, and they were terrorists, after all. The problem is, as Apple points out, is that it creates a dangerous precedent. We have consistently seen mission creep with other laws and technologies that were designed for use in very isolated instances but have been used to pursue an increasing number of lesser crimes.
- The FBI is essentially conscripting Apple software engineers to write code for the government’s use. This should be alarming to any business owner. If the federal government can compel a company like Apple to write code (or do any work, really) without pay and against its objections, it can do so to anyone. Apple, it should be pointed out, was only recently overtaken by Google as the world’s most valuable brand.
- Apple has its own set of motivations for defying the judge’s order to open the device. This has been pointed out vociferously. My own opinion is that regardless of why Apple is taking a pro-privacy stance, they are. The market wants privacy, and Apple fills the void. Apple is not a non-profit, not a humanitarian or philanthropic organization, and it is not the EFF. Very few for-profit companies are filling this void, so my money will go to the one who is.
- An interesting article arose out of this controversy that backs up my call for longer, stronger passcodes on your iOS devices.
- Encryption works.
This has certainly been an interesting week, and there are certainly more to come.
Comparing phone operating systems for any reason is akin to discussing religion or politics at a broadly mixed table. Tensions mount concurrently with blood pressure. Alliances are formed and the room becomes divided between “us” and “them”. Capabilities are compared, and not in cold, scientific language. Awkwardness ensues when the Android vs iOS debate is hauled out. I don’t enjoy confrontation for the sake of confrontation, so I generally avoid the subject if possible. If the conversation comes up, I typically try to bow out of it gracefully. After writing Your Ultimate Security Guide: iOS and beginning research for Your Ultimate Security Guide: Android, I no longer feel comfortable continuing to give a bland, “well, each has it’s strengths and weaknesses.”
So, this article will be a side-by-side comparison of the Google (now Alphabet, though I will continue to call it Google throughout this post)-produced Android and Apple’s iOS operating systems where the following two factors are primary above all else: privacy and security. It will not be a generalized “Android vs iOS” discussion. It will not take into account considerations like convenience, familiarity, availability of apps, availability/diversity/choice in hardware, ability to customize, or other factors that people frequently cite when comparing the two. It will focus entirely on privacy and security. That’s it. I will address eight areas of concern as follows: each companies general stance on privacy as evidenced by public statements and actions, data collection and monetization, device encryption and passcodes, default protection of data-in-transit, malware prevalence and susceptibility, operating system and app integrity and updates.
TL;DR: If you don’t want to be bothered with the justification and if privacy and security are your primary concerns, buy an iPhone.
General Stance on Privacy
Ok, so this one is a little hard to quantify, but I do think it is worth considering. I may be accused of cherry-picking quotes here, and I agree – I am. But on the whole I think these two quotes fairly epitomize the philosophies of these competing companies.
Apple’s policy on this is pretty clear, per Apple’s “commitment to your privacy“, signed by CEO Tim Cook:
“Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t ‘monetize’ the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you.”
Google’s stance on privacy is equally clear. CEO Erik Schmidt:
“…A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”
The bottom line: Apple is a hardware company, interested in selling you, its customer, more product. Google is a advertising, data-mining, and marketing company interested in selling you, its product, to more customers.
Data Collection and Monetization
I’m not sure that I need to explain in great detail the vastness of Google’s data collection apparatus. Google Search/Image Search/Patent Search/News, Gmail, YouTube, Google Calendar, Google Drive, Google Voice, Google Plus, Google Books, Google Docs, Google Translate, Google Chat, Google Groups, Google Hangouts, Google Sites, Google Alerts, Google Maps, Google Streeview, and Google Earth are just a few of the “free” services are designed to entice you to put more, and more granular and detailed, information into the Google data stream. Google also controls a number of advertising services, including AdMob, AdSense, AdWords, AdWords Express, Double Click, Google Grants, etc. Google is now also involved in the Internet of Things, purchasing Nest, a manufacturer or internet-connected thermostats and smoke detectors for $3.2 billion. Why would an advertising company purchase a thermostat company for such a huge sum? Because it can record when you are at home, when you are sleeping, how active you, and other information that it aggregates along with your other information to build a more detailed advertising package about you. But perhaps the single most detailed collection platform in Google’s inventory is the Android-equipped phone. Your Android phone (make no mistake about it, it’s really a Google phone) can record your location, periods of wakefulness, frequency of movement, Wi-Fi connections and passwords, physical movement, correlation with other devices, and a host of other very, very detailed information that it shares with Google. Some of this can be opted out of to some extent, but it’s still a Google-powered handset, and Google put the software on the open market for a reason. Do you have privacy-related concerns about using a Chromebook? If so you should probably re-think your
Apple does allow some app developers to collect and sell data to advertisers, but in nothing even approaching the scale and scope of what Google does (again I will point out that Apple is a hardware company and Google is an advertising company). This data collection is done in a very limited manner through an initiative called iAds, and it is possible to opt out of iAds. This is not to downplay Apple’s data collection – I still don’t like it from a privacy perspective and you shouldn’t, either. But when compared with the immensity that is Google, well, it isn’t really much of a comparison. In fairness, though, Apple does still collect a lot of data and this is not a good thing, even if it doesn’t package and sell it; large repositories of data are dangerous because they are desirable targets for hackers and governments alike. All other things being equal though, I still prefer the company that does package and sell my data as a primary revenue stream.
Device Encryption and Passcodes
Because they are small and carried literally everywhere with us smartphones are much more vulnerable to loss or theft than desktop computers. Encryption on smartphones is incredibly important and this is another area in which Apple excels. Apple has included device encryption by default for years, and very good encryption at that. When they publicly announced that devices would no longer include a backdoor that allowed Apple to access information on devices Google quickly followed suit with a press release that said all Android devices would be encrypted by default. Unfortunately (and it is unfortunate – we need encryption!) Google quickly and quietly backtracked on this promise upon complaints of performance hit on encrypted devices. Android devices are still sold that are not encrypted by default. Of course users can choose to encrypt their devices I greatly prefer encryption that is implemented by default and does not require user input because we know a large percentage of users, either ignorant or uncaring, will not implement.
One thing worth mentioning here: on mobile devices your passcode is (usually) not the same thing as the decryption key. The decryption key is tied to a unique code burned into the hardware of the device. The purpose of the passcode is to provide OS-level protection of the device and prevent unauthorized access to data on the device. But since we are talking about passcodes it is worth taking a look at. Beginning with iOS 9 on the iPhone 6S, Apple required a six-digit passcode as a “simple” passcode. This is a substantial security upgrade over the old iOS requirements. Additionally, I have found no upper limit on the characters permitted in a passcode for iOS devices (I have gone as high as 30 characters). By comparison, Android permits not only 4-character simple passcodes but also the ridiculous swipe-to-unlock patterns, and have a maximum passcode character limit of 17 characters. A 17-character passcode is probably plenty but I was dismayed when I could not use the same, longer passcode I use on my iPhone to lock my privacy- and security-focused (and Android-based) Blackphone.
Default Data-in-Transit Encryption
Apple offers very good AES-256 encryption over its iMessage messaging and FaceTime voice- and video-telephony applications. It is so good it has raised the ire of the FBI. While there are plenty of more reputable, free, encrypted communications platforms out there but this is my favorite type of encryption: ubiquitous, organically-integrated, and seamless. Millions of encrypted messages are being sent in cases where very it is probable that few of the senders and recipients value or even know about the underlying encryption. This is a very good thing. Additionally, in iOS 9 Apple introduced App Transport Security (ATS), a developer protocol that encourages (though doesn’t require) app developers to use HTTPS when data from apps is transmitted from the device. This is a very good thing; the data that is constantly being transmitted by our apps reveals an enormity of data that is hard to overestimate.
Gmail, it must be said, also offers excellent security. Google permits incredibly long passwords and it’s two-factor authentication system is the standard by which others are judged. Your entire session with a Google product is typically HTTPS-encrypted, and encrypted inside of Google. All of these measures, however, are designed to protect you from everyone except Google (and it should be noted that email is only a tiny percentage of overall transmitted over Android handsets). Google holds the keys and your data, no matter how secure, is scraped by Google (unless of course, you have encrypted it yourself). Unfortunately the Android OS offers no competing (or, even more unfortunately, compatible) product to answer Apple’s iMessage and encrypt text messages by default and without requiring an additional app.
A smartphone is a computer and is subject to the same malware threats as computers. The commonality of malware for the two devices is incomparable: in 2014 the Cisco annual security report estimated that an astonishing ninety-nine percent of mobile malware was targeted at Android devices and there is little evidence to suggest this trend has changed dramatically in the intervening two years. Though Apple is not immune to malware, it still makes news when Apple products are found vulnerable to it. As an example of this, Zerodium recently, and very publicly, offered a $1,000,000.00 bounty for a remote jailbreak vulnerability for iOS 9. Only one team (of three possible) actually collected. Root access exploits for Android devices are far more common, and don’t make national news when they are found. As another indicator, Zerodium also publicly posted a pricing chart for remote exploits; nothing ranked higher in pricing (up to $500,000.00) than iOS; by comparison, Android exploits only fetch up to $100,000.00. Much of the malware problem with Android is due to the lack of routine, direct updates of the operating system and the inclusion of unvetted applications in the Google Play store.
OS Integrity and Updates
Much of the malware issue can be lain at the feet of operating system integrity – that is, the operating system remaining intact and being kept up-to-date. This is a major problem for Android handsets. Google released Android as an open-source project and as a result it can be freely modified. Hardware manufacturers modify the OS to suit their needs, and a service providers like AT&T and Verizon modify them even further. Updating is the real issue with Android, though. When Google pushes software updates they typically don’t go directly to the device. Instead they have to to work their way again through hardware manufacturers and service providers before reaching the end-user device.
The Apple OS, on the other hand, is designed for a particular set of hardware and is not modified. Further, and perhaps more importantly, updates are pushed directly from Apple directly to all handsets. This means that a significantly higher percentage of iOS devices get updated quickly. A number of articles (most citing Mixpanel statistics) highlight this trend. Within 72 hours of its release a higher percentage of iOS users had upgraded to the latest OS version (iOS 9) than Android users had in the previous nine months (to Android 5/Lollipop). At the time of this writing approximately 75% of iOS users are running the latest version of the OS compared to only 44% of Android users who are running the latest OS (iOS 9 has been out for under three months at this time; Lollipop has been available for more than 12). Even the brand new Blackberry Priv, a phone marketed around privacy and security, ships with an outdated operating system.
Installing an application on a device gives it an incredibly amount of privilege. Regardless of whether you use an iOS or Android device, it is only as private and secure as the applications you choose to install on it. With that being said, there is a difference between the level of trust I place in the apps I download from the App Store and Google Play. Apple’s App Store is a so called “walled garden”, into which only vetted applications are allowed. Curating apps in this manner prevents many potentially malicious apps from even being accessible to the user, let alone executed. This is not to say that the App Store is perfect; privacy- and security-compromising code does occasionally get through, and much to everyone’s chagrin, Apple is incredibly opaque about the vetting process for applications and what black- and whitelisted criteria they look for.
Apps for Android devices face no such scrutiny (or any at all really, unless the app interferes with Google). Anyone can create an Android app, and anyone can download an execute any Android app from nearly any source. Couple this with an outdated OS and the potential for abuse is staggering. Because the App Store is curated, fewer apps are available to Apple users than Android users, but this argument is beyond the scope of this post. I compromise my convenience on a daily basis for the sake of privacy and security, and have no problem “restricting” myself to the 1.5 million or so apps that are in the App Store.
Before I conclude my privacy- and security-centric Android vs iOS comparison, let me make one other thing clear. I will not list my credentials to support this claim, but I am certainly not an Apple “fan boi”. But I do use an iPhone and have for a long time. With that said, it should be equally clear that I consider brand loyalty to be a fool’s errand am brand-name agnostic. The only allegiance I have is to the brand that provides me with the right balance of privacy, security, and yes, convenience, not the brand that is (or isn’t) the one I love (or loathe). Though we are all, by nature, hesitant to change, the fear of change does not override my fear of mass surveillance. No allegiance, no loyalty, no limiting my options because I like or dislike one manufacturer over another. If you are using your iPhone just because it’s an Apple product, you’re doing it wrong. And vice-versa.
Is it possible to make an Android device very secure? Yes, it is, and the people at Silent Circle have proven it with the Blackphone. If you are a DIY-er, you can install custom versions of Android software like CyanogenMod that are frequently and directly updated and generally much more secure than stock Android. Can you backup your Android phone locally without sending data to Google? Yes, but again it requires rooting the phone and using something like Titanium Backup, yet another workaround. Rooting also introduces another host of vulnerabilities that must be secured. Because I place such a high value on privacy and security, I would rather start with a more secure baseline and work upward from there, rather than starting at the bottom an hoping to get to an acceptable point.