The company that makes the hardware and installs the base software on your phone can see and do whatever you are privileged to see and do on the phone. There is nothing an app or website can do to protect you.
-
Show this thread
-
They control the hardware and software that operates the display, and could use it to see anything you see on the device, even from the most hardened app.
1 reply 1 retweet 5 likesShow this thread -
They handle managing the memory and storage for every program and can see what they all contain. Even data that is encrypted when the phone is off - because they can see the keys in memory needed to access it when on.
1 reply 1 retweet 5 likesShow this thread -
They control the keyboard software and can see any password you type. And any other credential you supply, or cookies or access tokens you get with that credential.
1 reply 1 retweet 4 likesShow this thread -
They can impersonate any app on the network perfectly. Or directly control it to do what they want.
1 reply 1 retweet 4 likesShow this thread -
This is why there is a profound qualitative difference between granting API access to a third party, and granting API access to build tools for a user on their own device. There is already no real choice but to trust the device marker a person is choosing to use.
1 reply 2 retweets 6 likesShow this thread -
There is not one iota of difference in the illicit access Huawei might have got through a Facebook app or features developed by them under contract and one Facebook wrote itself. Because they control the lower layers of trust already.
1 reply 1 retweet 5 likesShow this thread -
And if Facebook declined to provide an app for the platform? People would log in on the web browser ... that was put on the phone by Huawei.
1 reply 1 retweet 5 likesShow this thread -
This goes for all apps and websites equally. Your email, your cloud drive of whatever flavor, your favorite end-to-end encrypted messenger of any sort.
1 reply 1 retweet 4 likesShow this thread -
If you can't trust the device maker not to break contracts and spy on you, you can't use the device at all. No contract or lack thereof with any third party matters.
2 replies 5 retweets 17 likesShow this thread
This is oversimplified and defeatist since you can't trust any of them. You can certainly make educated guesses about what aspects were practical to backdoor (eg just factory installed OS) and assess risk after mitigating those.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.