Some “media experts” and some consumers and companies believe that because Apple is curating apps you can find in their apps store, they face a lesser chance of being infected with malware or of using badly written apps which don’t perform well or leak information.
Well, once again (remember Instagram?), a security researcher proved that iOS is missing basic privacy protection mechanisms and that pretending to check apps to protect users is only an excuse to make money by taking a cut of the profit. Apple simply can’t control, in detail, what is in every app they release.
So this time, we have the LinkedIn app which is sending users’ calendar meetings to the LinkedIn servers without the user knowing about it… This can be especially dangerous when things such as conference call phone numbers and passcodes are stored in the event itself. Fortunately, there is a way to turn that feature off, by simply refusing to let LinkedIn show the calendars in the app itself.
But it doesn’t solve the big privacy issues plaguing iOS, a 5 year old OS which was never built to be secure, but to look smooth and to be very easy to use in order to kill Nokia’s Symbian. Apple has tried multiple times to implement enterprise features, but most attempts have failed as it’s simply not in Apple’s DNA to build a secure OS. SMEs and corporations usually have to rely on 3rd party solutions to try and make these devices usable in a business environment.
We already know that Siri is to be avoided by privacy concious individuals since everything that you do is sent to Apple through the Internet, but some small business owners who allow their employees to use iPhones may not be aware of leaks taking place through a service like Siri.
Businesses should follow IBM’s footsteps and ban Siri.
Now that Android 4.0 offers a keychain API, address space layout randomization (ASLR) and full device encryption for phones, I’m really hoping that Android phone manufacturers will start taking data/privacy protection issues seriously and offer something as good as what’s available on a BlackBerry.
It’s not just enterprises that need it. We store more and more information on smartphones and their associated cloud services and this data needs to be protected when at rest. Wiping a device after the device is lost or stolen is not enough. The first thing a thief does is to chuck the SIM card out.
iOS gets a mention for trying, but still fails and Android’s security model has been appalling thus far… so let’s hope 2012 will bring a much needed change.
Here is a list of all the new features of Android 4.0:
Just another example of how unsafe “the cloud” can be. What surprises me is how little companies care about security. I often ask cloud providers about their security measures and the typical answer is that they protect the connection to their servers with SSL which is “very secure”. This is probably enough to reassure a novice consumer that heard from his bank that SSL is the way to go to protect online transactions, but what about the data that is stored on the servers? Most don’t encrypt it unless required by law (credit card details).
There are so many stories nowadays about data theft by rogue employees or hackers, that I’m still amazed that people trust their most sensitive data with companies like Dropbox, Apple, Evernote, Google, Facebook, Sugarsync, etc., These guys have your password. They can look at all your most private documents or pictures unless you encrypt them before you send them. Sure, it’s so convenient to be able to have access to everything from everywhere, to share documents with your mates, etc., but just remember that it makes data thieves very happy as well.
Be safe online, provide a minimum of information, use email address aliases, encrypt your data, use services like Jungledisk or Wuala.
It can be daunting to try and make the right changes to one’s privacy settings in Facebook, but thanks to Angela Alcorn, it’s now easier to navigate through the maze of settings with the help of this .
Pour tout ceux qui se sentent intimidés par toutes ces pages de paramètres à régler pour protéger sa vie privée, ce Angela Alcor est pour vous 🙂d’
This guide is not exactly new (October 2010), but you usually have to go through some registration system to get it, so I thought I would just give you the download links right away.