There's a device called a USB filter that turns every USB port into a charge-only port, and protects against sketchy charging ports. Add this helpful dongle to your life if you travel a lot: amazon.com/Plugable-Unive
Conversation
I would rather live in a world where there are both Android devices and iPhones that are out-of-the-box secure enough for a campaign to use. And I know Google is full of engineers who are trying to make this happen. But the effort dies somewhere in the domain of upper management
3
6
29
Replying to
It’s not even upper management. Android itself has decent exploit mitigation work, etc. it’s OEMs and the fucked up android vendor ecosystem.
Bugs happen. Bugs that may be unpatchable amd that users won’t know they have because the vendor has long since moved on, however...
3
3
Replying to
I understand the complaint about the ecosystem, but Google also manufactures its own phone, which it has chosen not to make safe.
3
4
If you read the paper (usenix.org/system/files/c), you’ll notice that the severity of the issues on Google phones is low. The really bad issues were all OEM phones.
I’m frequently a big Google critic, but IMO you’re being unfair.
3
6
As points out, the lock screen is functionally the last line of defense on an Android phone, so "it's almost not broken" is not a reassuring consolation. I agree that the phones Google makes are the safest, but they are not safe enough, and that is on Google
2
3
It's the last line of defense on both phones for the default data class. iOS makes it easier for apps and the OS to put data at rest after locking but the vast majority of apps and OS functionality either can't or doesn't do that even with it being a bit easier without libraries.
1
1
As long as it covers mail, photos and text messages I’m willing to live with it.
1
It doesn't cover photos or contacts. Mail and text messages would depend on the app. Signal opts into NSFileProtectionComplete on iOS and uses the keystore on Android, but Moxie doesn't seem to really believe in doing it and maintains the Android app so it's not as far along.
2
Not sure what Apple does for their own mail app and text message handling. They could queue them up by appending to encrypted data and then merge it into a proper database after unlocking but that code isn't open source so someone would need to reverse it to see what they do.
1
You can do the same thing on Android with the hardware-backed keystore APIs which some apps do, but the APIs have only been solid for a few years. It's a lot lower-level than just marking a data class. Not sure why they still haven't introduced a simple data class or two for it.