Today I got confronted with a danger that Android poses. Yet, is this truly an Android issue? An Apple user will of course nod yes in a very rapid way. My Huawei is not the only one hindered by this. At Android central the following was found: “Are the apps definitely being removed from the App Drawer, or is it just that the shortcut is disappearing from your home screen?”
This is of course a fair question, it still is not OK, but the difference between an app and a shortcut is quite the difference.
It turns out that the apps are on my phone, but they no longer run, they are now called ‘com.spyfox.tripletown‘. The apps seem to have gotten themselves damaged. The question no becomes why. At this point I also notice a program called ‘Li emotion’. The kanji next to it gives it away. My question now becomes ‘what is this and what does it do? This is because it is a separate app, I never installed it (as far as I can tell) and the rights it does have are massive. Yet there is no indication what it is, why it is on my phone and why it is allowed to do many things without my permission. It does not take too long that this is part of the Huawei Emui, so there is no real issue as the operating system needs to be able to do all this. Comprehension was the mere element that resolved everything.
This does not solve my app issue (which actually fixed itself) and gets us to the Guardian video (at http://www.theguardian.com/silent-circle-partner-zone/video/2015/aug/17/smartphone-users-read-their-app-permissions-out-loud-video). So yes, when we see the rights and speak them out loud, they sound very disconcerting. But why is it such an issue? ‘Modify calendar events and send e-mails without my knowledge‘ sounds extremely offensive, but now realise that you set up a meeting, you change the meeting and all parties are automatically updated through messages. Did you know that they got another mail stating that the meeting had changed? There you go, mystery solved. Apps ‘reading your text message‘ sounds like a worry, but is that program actually comprehending the information, or does ‘reading’ mean ‘parsing’, processing the text in all this? Computer lingo for the layman is not the easiest task.
In all this the one that stood out for me was ‘I give this app permission to automatically turn of airplane mode‘ if airplane mode was there for safety reasons (the airplane message no one ever believed that mobile phones interfered with airplane instruments), than the option to turn that off should not be allowed, but in all that, this could be as simple as the dialogue box ‘Would you like to deactivate airplane mode?‘ The video ends with ‘the biggest risk to you and your privacy is your smartphone‘, this is a decent claim to make. In all this, it is actually about users and consumers who do not understand (read comprehend) what they are agreeing to. They do not understand what they have consented to. That is always dangerous, because the things you do not realise are the issues that turn you into the greater fool. Here we can paraphrase the greater fool theory which states that “the price of an object is determined not by its intrinsic value, but rather by irrational beliefs and expectations of market participants” into “the security of your environment is determined not by the borders you mentally erect, but rather by naive believe that the applications on your smartphone will respect them“.
You see, I believe that people should be worried about privacy, and #Privacynow is a valid need, but what is your actual privacy? The way that they are getting there is a little bit of a worry, yet the path is not without valid reason. Consider the quote “It’s common for users to employ the same username and password across systems, so if someone compromises that particular password, the potential also exists for them to compromise additional user accounts“, this is a worry in one way, because is this about the safety of the phone and its apps or is this about Common Cyber Sense? Something I have been advocating for about 2 decades. So how is this a danger for Android? That is part of the issue. In my view the danger to IOS is not smaller and the danger is nor subsiding any day soon. One of the earliest sources is around 2008, in 2010 Computer world, CNet and other sources stated “About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday“, there are two sides here. In the first, is this like the earlier issues in the video and stated, ‘a form of feigned transgression?’ Or is this in the second ‘leaky security that leads to open access of information?’ There is however a third option, apps that were created that are intent on creating a backdoor that allows access to all data. It is the third that is a true danger, yet how realistic is this danger?
Computerworld stated this from a Google representative: “This report falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ Permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious“, this is not just clearly the case, there is supporting evidence on several levels that this is true. In addition, these parts are quotes from 2010 and since then both Apple and Google have upped the security game by a lot. Still, it is the news from last week (at http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/) ‘iPhone Malware Is Hitting China. Let’s Not Be Next‘ is the issue today. The quote “Unlike previous spates of iOS-targeted malware, many of those victims hadn’t jailbroken their phones to install unauthorized apps. The two back-to-back attacks—one far more sophisticated than the other but both unprecedented in iOS’s history—suggest that complacent iPhone users around the world could be in for the same nasty shock“, the issue has now become the fact regarding ‘non jailbroken systems’, which implies that either a flaw has popped up in the Apple device, or overall a new level of access has become a worry. It is the quote that follows which now is centre in all this “Apple has said that only iOS 8.3 and earlier were left open to the attack. Later versions limited access to the APIs it exploited to plant its ads“, so we can accept that we all install the latest versions, yet what happens to those who have an older device (like the iPhone 4)? There are plenty of things people can do that prevent these issues, and in all this ‘Common Cyber Sense’ remains the big issue. So is China hindered by a massive lack of Common Cyber Sense?
Here we now see the evolution that is the danger. It is the assumption of the user. The laziness of their usage and the ignorance of the effects that they easily embrace. The quote “Don’t install strange apps that appear in pop-ups online and aren’t found in Apple’s App Store” is the big part we must adhere too (well Apple users anyway), for most people like you and me, we use the Google Play Store sources only! Both Google and Apple have their methods in place. Would a three pronged app remain the issue as implied in the article? That is hard to state, but what is clear is that 99% of the dangers can be averted by using the reliable source and that reliable source only. The application of ‘Common Cyber Sense’ can aid you in averting another 0.9999%, which means that if you install 10,000 apps, there is a one in 10,000 chance of you ending up having a chance of being in danger.
Yet in all this, we should never relax about the technology we use and the danger it could bring. It is that fear that is driving people in all kinds of corners they never need to be in. When you have sex, not the committed relationship one, but the quickie with that girl next door for some slap and tickle. In that case do you practice safe sex? When you live in the city, do you go to work leaving the front door to your apartment wide open? In that same sense, when you use any technology that has your personal information, you use more than the minimum safety. That last part requires Common Cyber Sense. To the previous generation it is a harder thing to do, but it can still be done, to my generation it is an additional side to my workflow. It is the next generation that is now the part that matters. Many are taking the casual approach their parents (or bigger siblings) have, whilst not realising that Common Cyber Sense will be at the foundation of their lives. So, any OS will come with its own perils. Be it Windows, LINUX, Android, IOS or any other OS. They will face a new area that is on the move with such high speed that there is no way to predict where they will be in 7 years’ time. The dangers of a complete rewrite in an iterative world. You see until 2000, both hardware and software remained highly innovative, it was after 2003 that the iterative world was set in high gear. First Hardware and now to a larger extent Software has been in iterative mode. Yet the world behind all this, the security part has made leaps and bounds and to some extent not in a good way. Here we can make a connection to an article by Tarleton Gillespie from 2014 called ‘Facebook’s algorithm — why our assumptions are wrong, and our concerns are right‘. The quote “I will say that social science has moved into uncharted waters in the last decade, from the embrace of computational social scientific techniques, to the use of social media as experimental data stations, to new kinds of collaborations between university researchers and the information technology industry“. In addition there is “Those who are upset about this research are, according to its defenders, just ignorant of the realities of Facebook and its algorithm. More and more of our culture is curated algorithmically“. This is not upsetting or ground breaking, but it is the next part that links to all this. It is a blog article called ‘Analytic Suspicions‘ (at https://analyticsuspicions.wordpress.com/2013/02/25/metric-failures-and-data-assumptions-4-myths-of-social-analytics/), he is looking at a few myths in social media, in all this (it is a nice read and well written), I personally see one point that is not a myth, it is a worry and it seems to me that many remain ignorant on that danger. You see, the myths whether all Social Media is analysed, that Social Media data is clean enough to Analyse, Influencers should be targeted and sentiments analyses works. In all this we forget the 5th issue (this being the non-myth). The interaction of apps and data. The dangers that we interact our apps and the data that is linked to all this that is now becoming the true issue. You see, even with all the common cyber sense no matter how safe our mobile is, the data is still somewhere and that data becomes available, more data than we agreed on. Yet in all this is the mobile OS Android/IOS the weak link?
That is the part that is not addressed by many speakers in this realm. Some get scared by places like ‘life hacker’ and some are ignoring the woeful text that passes us by, yet when places like Forbes report that ‘Report: 97% Of Mobile Malware Is On Android‘ (at http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/) people get worried (even though the article is more than a year old). Yet the article enlightens us in many ways. The most important quote here is “here’s the part Google’s rivals don’t want you to know: the figures are misleading“, which is one side of the foundation. The second on is the part I already discussed “stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period“, the word ‘may’ is essential and ‘brief period’ is also essential, in the end, the chance of you getting the winning lottery ticket could be slightly higher, odds I’ll take any day.
Yet in all this, with all the protection these providers offer, the number one danger is you!
Common Cyber Sense is the essential step of reducing that danger to almost zero (like 0.0001% chance).
In the end the danger of Android is almost the same as the danger to IOS, both large players presenting into the margins, which is where the mobile phone user (you know that pesky consumer) does not tend to be. Which takes us to the final part in all this. It was my blog article from the 4th of October (at https://lawlordtobe.com/2015/10/04/cisa-and-privacy-are-not-opposites/) ‘CISA and Privacy are not opposites‘, we get confronted with Silent Circle and their Blackphone 2. I have no doubt that Phil Zimmermann and Mike Janke are men of knowledge, determination and possibly even innovation. Yet, these skills do in my humble opinion not match up to the killer skills of the Google engineers with their keyboards. So when we see the quote in the Guardian (see previous blog link) “Google didn’t support the initial software build, something that probably helped make the phone more popular, rather than less“, do you think that this was done in envy by Google, or because their build did not hold up to scrutiny? That last part is speculation because I have no data or any evidence going one way or another. The Blackphone is marketed by intelligent people with skills, no one will doubt that, and it is also clear that Silent Circle is now tapping into a direction that is gaining traction, which means the market will most definitely grow in this direction. Yet in all this, considering all the facts, in how much danger is your data?
Sit in a quiet corner and let that questions sink in for a minute. I have been in the data field since 1989, in all that time the biggest threat was ‘data at rest’ (data saved on a device), meaning that this implies that you have strong passwords on your hotspot and Bluetooth capabilities, or just switch these options to ‘off’, not data that is moving from point A to Point B. Today both areas are a ‘threat’ and the second one only since very recent.
Since November 2012 I have had 2 phones, the second one I got this year because only now, my Android needs had grown beyond a 1 GB RAM phone. As far as I can tell I have only faced one issue and that was due to an ignorant third party developer and their dim witted approach to synchronisation. The simple use of Common Cyber Sense is all I needed. Basic steps that nearly anyone can adhere to. The threat of criminals and organised crime will not go away. Common Cyber Sense will keep them at bay and common sense should do the rest.
Which now takes us back to the title, you see, the dangers of Android are largely between your ears. The only dangers you face are the ones you open yourself up to! You should never stop asking questions on where things are and what you sign up to, that is common sense, but also feel free to question what certain things mean, it is in the comprehension that you find the answer. If there is one conundrum to leave you with then it is not android or IOS, consider the idea that a Facebook game wants you to give them access to your religious views, whatever for?
To pray for ammunition?
Well, so be it: ‘halleluiah’, now die you zombie master and give me my 10 points towards a high score!