There's a device called a USB filter that turns every USB port into a charge-only port, and protects against sketchy charging ports. Add this helpful dongle to your life if you travel a lot: amazon.com/Plugable-Unive
Conversation
I would rather live in a world where there are both Android devices and iPhones that are out-of-the-box secure enough for a campaign to use. And I know Google is full of engineers who are trying to make this happen. But the effort dies somewhere in the domain of upper management
3
6
29
Replying to
It’s not even upper management. Android itself has decent exploit mitigation work, etc. it’s OEMs and the fucked up android vendor ecosystem.
Bugs happen. Bugs that may be unpatchable amd that users won’t know they have because the vendor has long since moved on, however...
3
3
Replying to
I understand the complaint about the ecosystem, but Google also manufactures its own phone, which it has chosen not to make safe.
3
4
If you read the paper (usenix.org/system/files/c), you’ll notice that the severity of the issues on Google phones is low. The really bad issues were all OEM phones.
I’m frequently a big Google critic, but IMO you’re being unfair.
3
6
As points out, the lock screen is functionally the last line of defense on an Android phone, so "it's almost not broken" is not a reassuring consolation. I agree that the phones Google makes are the safest, but they are not safe enough, and that is on Google
2
3
It's the last line of defense on both phones for the default data class. iOS makes it easier for apps and the OS to put data at rest after locking but the vast majority of apps and OS functionality either can't or doesn't do that even with it being a bit easier without libraries.
1
1
As long as it covers mail, photos and text messages I’m willing to live with it.
1
It doesn't cover photos or contacts. Mail and text messages would depend on the app. Signal opts into NSFileProtectionComplete on iOS and uses the keystore on Android, but Moxie doesn't seem to really believe in doing it and maintains the Android app so it's not as far along.
2
Mail app is fully protected. How weird that photos aren’t. What possible justification is there for that?
2
Photos and contacts are accessible by apps via APIs including during background work. There's no way to access the text message database in a third party app though, unlike Android where users can grant / revoke an SMS permission to apps like Signal and set them as the default.
If you search 'contacts photos iphone lockscreen bypass' you can see that whenever security researchers find a lockscreen bypass, it's what they mention in their press releases since it's sensitive data on any phone and wouldn't require an OS exploit as getting app data would.
2
1
Everyone already has my contacts. It’s a lost cause.
1
Show replies