Ammo For Sale

« « Gun Porn | Home | Like you and me, only better » »

Making the switch

Working slowly toward dumping Google, but it his proving difficult and probably won’t be complete until October when my phone contract is up. But more reasons to avoid the “don’t be evil” crew:

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.

And this: In June of 2013, I made an interesting discovery about the Android phone (a Motorola Droid X2) which I was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.

Might be looking at a Windows phone.

22 Responses to “Making the switch”

  1. DevsAdvocate Says:

    If you really want to be secure, I suggest using a carrier pigeon…

    Apple, Google, Microsoft… they’re all working to monetize the free use of their products by tracking you somehow.

  2. Casper Says:

    I agree with DevsAdvocate, there isn’t a single mobile platform that gives the security you are looking for. An option that would reduce your exposure however would be to go with a Nexus device from Google and a prepaid plan, at least then you know your data is only going one place, that is unless you install apps that also pull data.

    As for the APK trojan, there are no widespread reports of issues, as long as you were only downloading apps from the app store it’s not an issue.

  3. MattW Says:

    I agree, about the only way to avoid having “sensitive” information – the definition of which varies from person to person – sent to third parties without your express permission is to probably avoid smart phones entirely, which is hard to do these days.

    And this isn’t likely to change while the majority of people would prefer to let app developers have access to information they don’t consider sensitive in return for free or inexpensive apps.

  4. D2k Says:

    If you are worried about surveillance don’t go to Microsoft or Apple, instead install Cyanogenmod on an Android phone, that way you have control over the operating system.
    The manufacturers and the carriers are both doing some underhanded things and I do not trust them, but we still have to buy our hardware from somewhere.

  5. Gregory Morris Says:

    I have been having good luck with Feedly to replace Google Reader. It wires up nicely to NextGen reader and others. Skydrive has completely replaced Google Docs. I still have a gmail account, just because I always have, but it is mostly a place to collect spam (I prefer the interface at outlook.com.) Regardless of the current “wisdom”, Bing is just as good as Google for search, and better in some cases.

    I went from iMac+iPad+iPhone to Win8+SurfaceRT+Lumia920 and do not regret or miss a single thing (except maybe for the fact that I lost the iPhone apps I paid for… so it goes. I found free replacements WP8 for most of them anyway.) The fact is, all of the MS devices/OSes just work better together than the OSX + IOS world. Android is and always will be a big mess.

    As far as tracking/surveillance… it doesn’t matter which software you use. Those bits going across the network are fair game to anyone who wants ’em. I may be slightly biased, but I’ve found Microsoft is a lot less “evil” as far as tracking you. Google straight up reads your email. Apple knows where you are all the time. Microsoft has better data privacy policies in general.

  6. Ben Says:

    My dad keeps saying the same non-sense about going to Windows Phone to get away from Google. People seem to forget that Microsoft invented being evil. Even the previously mostly secure Blackberry OS has been overhauled for easy hacking and cracking. The biggest problem with being unsecure goes up a level from your email account holder. Most email is transmitted over the unsecure SMTP protocol. Clear text. Encrypted transport between SMTP relays can’t be assumed. Further, if you aren’t deleting anything sensitive within 180 days then you’re just shooting yourself in the foot again. Windows Phone OS will be mercilessly attacked by hackers, just like every other mobile OS. The best choice is going to be a rooted Android phone with a custom ROM from a trusted team of developers. The only thing you can truely do to be 100% secure is to completely disconnect. No email, no social media sites, no logins.

  7. 6Kings Says:

    People seem to forget that Microsoft invented being evil.

    Sure they did. And if you have to use a motto of “Don’t be evil” you are definitely evil incarnate. Haven’t you learned anything here? Affordable Care Act = not affordable and not actually Care – example.

    Windows Phone 8 is pretty dang awesome. Haven’t heard any security issues but I am sure there are some. Every platform is dealing with them.

  8. Knitebane Says:

    D2k nails it.

    Cyanogenmod completely replaces the onboard operating system. That gives you an open, auditable software platform on an open, well-documented hardware platform.

    The Android Mod ROMs have their own problems, but spyware built-in isn’t one of them.

    Going to a Windows or Apple phone to get away from Google Evil is like firing your embezzling babysitter and hiring a pedophile instead.

  9. Gregory Morris Says:

    I used Cyanogenmod on my Android tablet… it was pretty decent, as far as Android goes. Y’all are talking about using an auditable open system, which is, technically speaking, the best way to verify your own level of security and privacy. However, and this is a big however, your everyday user wants a system that they can just fire up, use efficiently, and trust it to be secure. They aren’t reading admin logs, or auditing the source code of the apps they install. My grandmother has no clue about phone security, she just expects her phone to work. I think that is true of most folks, other than a handful of hardcore geeks. Hell, I’m a hardcore geek, and I still expect my stuff to JUST WORK.

    As far as encrypted vs. plain text, most modern apps have the ability to choose https, secure smtp, and other encrypted protocols. In fact, it is starting to become the norm (for obvious reasons.) Notice that if you go to http://mail.google.com or http://outlook.com, they both redirect you to https anyway. If you are using an exchange email server and outlook, or an exchange client on a smartphone, encrypted is now the default. That doesn’t mean the NSA can’t still read it, of course… but your neighbor, your ISP, and anyone sniffing anywhere along the route won’t be able to just read anything they want.

  10. Andrew Says:

    Love my Windows Phone, much better than my old Androids… But between Nokia and Microsoft, there are just as many if not more little apps keeping track of everything you do “for your convenience…”

    I have Cyanogenmod on my Tablet, and it’s hard to trust a bunch of hackers any more than the big guys. That said you can control what you install and use it for, but the second you open up a website, check your email, or do anything else useful, your info is out there….

  11. wizardpc Says:

    any you can’t just stick to payphones.

  12. wastme Says:

    No smartphone for me. Don’t need it. I use my phone to make calls and my computer to send email. I don’t want to pay the outrageous price to be able to surf the net anywhere. Considering going to a tracphone.

    I don’t use a cell phone much at all, mine is mostly for emergencies. Personally I don’t want to be available 24 hours a day (and tell people in so many words)and don’t answer it most of the time. If its important, leave a message. If I think its important, I’ll get back to you.

  13. name redacted Says:

    truly paranoid? buy burner phones, like tracfone. $10-$20 for the phone then add minutes using cash. throw away periodically. rince, repeat. of course if you call anybody connected to you, you still go on the list. if you want to screw with traffic analysis you’ll need to use something like tor.

    nb: the cyanogenmod team is working on building encryption into the base os. i run cyanogenmod so i’m biased, but i like it. i’ve run many alternative roms.
    android sucks, but with a little effort it sucks less than the alternatives.

  14. Gregory Morris Says:

    Well, as much as Android sucks, you are correct that Cyanogenmod makes it nearly palatable. But only nearly.

    It is still a huge mess, and you have to fiddle with things to get them to work. I want to open a box with a new piece of hardware, turn it on, and have it always work correctly 100% of the time without me even knowing why it works.

  15. Gregory Morris Says:

    As a corollary to that last statement, I expect to replace that device every ~12-18 months. I also expect the new device to just work without me having to set it up. In fact, I shouldn’t even have to copy files or download any apps. They should just be there.

    I only know of one tech ecosystem that works that way, and it rhymes with Microboft.

  16. shovelDriver Says:

    ” I also expect the new device to just work without me having to set it up. In fact, I shouldn’t even have to copy files or download any apps. They should just be there.”

    Hmm . . . so you are storing your personal private data in the Cloud?

    Thanks for making our job easier!

    (No, not me, but that’s what THEY are saying among themselves. Trust me; I’ve heard them.)

  17. Other Steve Says:

    Dude…. You can’t write post after post mocking Apple’s “closed” system, and then get all pissy when Google’s “open” system suffers the faults of being an open system.

    Just STFU and get an iPhone already 😀

  18. emdfl Says:

    Karl Denniger over at marketticker seems to think the new crackberry Z-10(?) uses a pretty good secure OS.

  19. Gregory Morris Says:

    Blackberry is fine if security is more important than having a smartphone that doesn’t suck. There are some .mil organizations buying Blackberries now, which speaks to their confidence in Blackberry’s secure-ness (a bureaucrat’s confidence, mind you, not necessarily proof.) However, you’d have to give up the ability to do many of the things you are used to having for IOS/Android/WP8.

  20. NotClauswitz Says:

    Do you really HAVE to have such a phone? My dumbphone accomplishes the little I require of it, but my needs are few and it’s just a phone, not anything else.

  21. D2k Says:

    For anyone that thinks their messages aren’t being read because they use the other guy’s system.

    http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

    http://paritynews.com/government/item/1223-blackberry-goi-settle-on-email-bbm-interception

  22. Rabbit Says:

    Instead of spending a good deal of money up front and on monthly services for a new smartphone I realized I have a perfectly good and fully amortized Blackberry Storm2 in a desk drawer. I unlocked it, again (for giggles), wiped it again, got a sim card for it for which I paid ten bucks once, then fifty a month for unlimited talk/text and a decent amount of download (it’s a G3, and a Blackberry, at that. It’s not a pocket entertainment center). Works perfectly for all my needs, and the apps I like are free.