• Zerush@lemmy.mlOP
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    edit-2
    11 months ago

    Smartphones by definition are Spyware, at least if you use the OS as is, because in them all aspects are controlled and logged, either by Google on Android or by Apple on iOS. Adding the default apps that cannot be uninstalled on a mobile that is not rooted. As COX alleges, they also use third-party logs and therefore can track and profile the user very well, even without using this technology that they claim to have.

    Although they feel authorized by the user’s consent to the TOS and PP, the legality depends directly on the legislation of each country. TOS and PP itself, to be a legal contract, must comply in all its points with local legislation to be applicable to the user. For this reason, I think that these practices are very different in the EU from those in the US, where legislation regarding privacy is conspicuous by its absence, that is, that US users should take these COX statements very seriously in their devices, although in the EU they must also be clear that Google and Apple know exactly what they do and where users live, although they are limited from selling this data to third parties.

    Basics:

    – READ ALWAYS TOS AND PP

    • Review the permissions of each app, leaving only the most essential ones
    • Desactivate GPS if not used
    • Review in Android every app with Exodus Privacy, maybe Lookout or MyCyberHome in iOS (Freemium apps !!!)
    • Use as less possible apps from the store
    • Be aware of discount apps from the Supermarket or Malls
    • Don’t store important data in the Phone (Banking, Medical…)
    • Septimaeus@infosec.pub
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      11 months ago

      Agreed, though I think it’s possible to use smart devices safely. For Android it can be difficult outside custom roms. The OEM flavors tend to have spyware baked in that takes time and root to fully undo, and even then I’m never sure I got it all. These are the most common phones, however, especially in economy price brackets, which is why I’d agree that for the average user most phones are spyware.

      Flashing is not useful advice to most. “Just root it bro” doesn’t help your nontechnical relatives who can’t stop downloading toolbars and VPN installers. But with OEM variants undermining privacy at the system level, it feels like a losing battle.

      I’d give credit to Apple for their privacy enablement, especially with E2EE, device lockdown, granular access permission control and audits. Unfortunately their devices are not as affordable and I’m not sure how to advise the average Android user beyond general opt-out vigilance.

        • Septimaeus@infosec.pub
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          11 months ago

          Yeah those push token systems need an overhaul. IIRC tokens are specific to app-device combinations, so invalidation that isn’t automatic should be push-button revocation. Users should have control of it like any other API on their device, if only to get apps to stop spamming coupons or whatever.

          It’s funny though: when I first saw those headlines, my first reaction was that it was a positive sign, since this was apparently news worthy even though the magnitude of impact for this sort of systemic breach is demonstrably low. (In particular, it pertains to (1) incidental high-noise data (2) associated with devices and (3) available only by request to (4) governments, who are weak compared to even the smallest data brokers WRT capacity for data mining inference and redistribution, to put it mildly.)

          Regardless, those systems need attention.