I would rather live in a world where there are both Android devices and iPhones that are out-of-the-box secure enough for a campaign to use. And I know Google is full of engineers who are trying to make this happen. But the effort dies somewhere in the domain of upper management
Conversation
Replying to
It’s not even upper management. Android itself has decent exploit mitigation work, etc. it’s OEMs and the fucked up android vendor ecosystem.
Bugs happen. Bugs that may be unpatchable amd that users won’t know they have because the vendor has long since moved on, however...
3
3
Replying to
I understand the complaint about the ecosystem, but Google also manufactures its own phone, which it has chosen not to make safe.
3
4
If you read the paper (usenix.org/system/files/c), you’ll notice that the severity of the issues on Google phones is low. The really bad issues were all OEM phones.
I’m frequently a big Google critic, but IMO you’re being unfair.
3
6
As points out, the lock screen is functionally the last line of defense on an Android phone, so "it's almost not broken" is not a reassuring consolation. I agree that the phones Google makes are the safest, but they are not safe enough, and that is on Google
2
3
It's the last line of defense on both phones for the default data class. iOS makes it easier for apps and the OS to put data at rest after locking but the vast majority of apps and OS functionality either can't or doesn't do that even with it being a bit easier without libraries.
1
1
As long as it covers mail, photos and text messages I’m willing to live with it.
1
It doesn't cover photos or contacts. Mail and text messages would depend on the app. Signal opts into NSFileProtectionComplete on iOS and uses the keystore on Android, but Moxie doesn't seem to really believe in doing it and maintains the Android app so it's not as far along.
2
Mail app is fully protected. How weird that photos aren’t. What possible justification is there for that?
2
Photos and contacts are accessible by apps via APIs including during background work. There's no way to access the text message database in a third party app though, unlike Android where users can grant / revoke an SMS permission to apps like Signal and set them as the default.
1
2
If you search 'contacts photos iphone lockscreen bypass' you can see that whenever security researchers find a lockscreen bypass, it's what they mention in their press releases since it's sensitive data on any phone and wouldn't require an OS exploit as getting app data would.
Everyone already has my contacts. It’s a lost cause.
1
It's really just a mistake to have it as a permission instead of exposing case-by-case access. Not sure about how it works on iOS, but on Android apps can have the OS prompt the user to pick or add a contact without Contacts access. Same with photos and other files, etc.
1
1
Show replies
The vast majority of app data isn't at rest (most apps don't care at all about security like Signal), but there's no way to access anything not exposed by the apps in their UI without more than just a lockscreen bypass (i.e. getting root or at least arbitrary filesystem access).