Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?
Summary
TLDRIn this episode of the Shared Security Show, co-hosts Scott Wright and Kevin Johnson join Tom to discuss a range of topics focusing on privacy and cybersecurity. They delve into the ongoing debate of Android vs. Apple iOS, examining the strengths and weaknesses of each platform concerning privacy, the app stores, operating system updates, device tracking, and text messaging security. The hosts also touch upon a recent social engineering attack on Apple and Facebook, highlighting the importance of validation and verification processes when dealing with sensitive data requests. The discussion underscores the need for individuals and organizations to be vigilant about data security, advocating for awareness and the use of secure communication platforms like Signal for sensitive information.
Takeaways
- 🎶 The podcast begins with a humorous discussion about being 'rock stars' and the hosts' musical preferences, setting a light-hearted tone for the show.
- 📱 The main topic of the episode is a comparison between Android and Apple iOS, focusing on privacy and cybersecurity aspects.
- 🔒 A significant point made is that Blackberry currently offers the best privacy due to its minimal usage, highlighting the irony of security through obscurity.
- 📚 The hosts reference the book 'Losing the Signal' for insights into BlackBerry's rise and fall, emphasizing the importance of understanding the past in cybersecurity.
- 🤔 The discussion touches on a social engineering attack on Apple and Facebook, where forged emergency data requests were used to gain access to sensitive information.
- 📉 There's a debate on the effectiveness of Apple's and Google's verification processes for apps, and the ongoing need for vigilance despite these measures.
- 🚀 The hosts praise Apple's control over its ecosystem, including hardware and software updates, as a strength in ensuring security and privacy.
- 📱 Fragmentation in the Android ecosystem is identified as a challenge, with varying OS versions across devices potentially leading to security vulnerabilities.
- 🛍️ Google's business model, heavily reliant on advertising, is contrasted with Apple's focus on hardware sales, affecting their respective approaches to user privacy.
- 📧 The episode covers the importance of secure text messaging, with recommendations for apps like Signal that offer end-to-end encryption.
- ⚖️ The hosts express concern over political efforts to backdoor encryption, emphasizing the need for a balanced discussion on privacy and security.
Q & A
What is the main topic of discussion in episode 219 of the Shared Security Show?
-The main topic of discussion is a comparison between Android and Apple iOS, focusing on which is better for privacy and cybersecurity.
What is the 'Aware Much' segment about in this episode?
-The 'Aware Much' segment discusses a social engineering attack that targeted Apple and Facebook by impersonating law enforcement to gain access to sensitive information.
What is the significance of the discussion about BlackBerry in the context of privacy?
-The discussion about BlackBerry highlights that it currently has the best privacy because of its low usage, implying that fewer users means fewer hacking attempts.
Why did the hosts mention Microsoft's biggest mistake in the mobile space?
-The hosts mentioned that Microsoft's biggest mistake was not buying BlackBerry when they had the chance, as BlackBerry's enterprise services could have helped Microsoft secure a stronger position in the mobile market.
What book is recommended for understanding the rise and fall of BlackBerry?
-The book recommended is 'Losing the Signal', which provides an in-depth look at BlackBerry's lifecycle, including internal interviews.
What is the primary business model of Google, and how does it affect their approach to privacy?
-Google's primary business model is advertising, which influences their approach to privacy as they need to balance user data collection for ad personalization with growing privacy concerns and regulations.
What is Google's Privacy Sandbox initiative?
-Google's Privacy Sandbox is a proposed solution for enhancing privacy on Android, which aims to change how user data is used for advertising while still maintaining Google's ad revenue streams.
Why is Apple's approach to app store security considered more stringent than Google's?
-Apple's approach is considered more stringent because they have a closed ecosystem (the 'walled garden'), where they control both the hardware and software, enforce strict developer policies, and perform multiple verifications on apps before they are available for download.
What is the difference between Apple's iMessage and Android's default text messaging in terms of security?
-iMessage uses end-to-end encryption by default for messages sent between Apple devices, while Android's default SMS messaging does not offer the same level of security. However, Google Messages can offer end-to-end encryption if both parties are using the app, but not when communicating with non-Google Messages or iMessage users.
What is the recommendation for secure messaging between friends who may not be in the security community?
-The hosts recommend using Signal, an app known for its strong focus on privacy and end-to-end encryption, as it is considered one of the most secure messaging apps available.
What is the stance of some politicians regarding privacy and encryption?
-Some politicians are advocating for privacy while simultaneously pushing for backdoors in encryption, which is a contradiction because backdoors weaken encryption and privacy.
Outlines
🎶 Introduction to the Shared Security Show 🎶
The script opens with a warm welcome to episode 219 of the Shared Security Show, featuring co-hosts Scott Wright and Kevin Johnson. The hosts, playfully referred to as 'rock stars,' discuss their lack of musical ability and the importance of privacy in technology. They touch upon the decline of BlackBerry and its current focus on cybersecurity. The episode's main topic is a comparison between Android and Apple iOS, focusing on privacy and cybersecurity. There's also a mention of an 'aware much' segment that discusses a social engineering attack on Apple and Facebook.
🚨 Social Engineering Attacks and Data Compromises 🚨
The discussion delves into a social engineering attack where Apple and Facebook were tricked into granting access to sensitive information by forged emergency data requests. The hosts debate the effectiveness of the emergency process for data access and the need for better validation efforts. They also highlight the critical balance between saving lives through such processes and the potential for misuse, emphasizing the importance of security training and awareness.
📱 Android vs. Apple: Privacy and Cybersecurity 📱
The hosts compare Android and Apple iOS in terms of privacy and cybersecurity. They discuss the control Apple has over its ecosystem, including app stores and operating system updates, and how this contrasts with Google's approach, which involves collaboration with multiple manufacturers. The conversation touches on device fragmentation in the Android market and the security implications of this diversity. They also mention alternative Android operating systems that allow for greater privacy but may come with their own set of challenges.
🛡️ The Impact of Device Tracking and Privacy 🛡️
The script addresses the issue of device tracking and privacy, particularly focusing on ad tracking. It contrasts Apple's App Tracking Transparency feature, which has significantly limited ad tracking on iOS, with Google's slower approach to providing users with opt-out features. The hosts discuss the business models of both companies, with Google's reliance on advertising being a key point of discussion. They also mention Google's Privacy Sandbox initiative, which aims to improve privacy on Android.
💬 Text Messaging Privacy and Security 💬
The final topic of the script is text messaging privacy and security. It outlines the differences between Apple's iMessage, which is encrypted by default, and Android's default messaging, which relies on SMS and is not encrypted. The hosts discuss the limitations of SMS and the potential risks associated with sending sensitive information via unencrypted messages. They also mention the use of Signal as a secure messaging app and the challenges of convincing non-security-focused individuals to adopt such apps.
📉 The Risks of Defaulting to Unsecured Communications 📉
The hosts wrap up the discussion by emphasizing the importance of being aware of the risks associated with different communication methods. They stress the need for individuals to understand their threat model and make informed decisions about their privacy and security. The conversation also touches on the potential for legislation to impact encryption and the desire to engage with politicians on these topics. The script concludes with a call to action for listeners to join the conversation on Reddit and to follow the show for more insights.
📢 Closing Remarks and Call to Action 📢
The script concludes with a reminder for listeners to engage with the podcast, subscribe to the channel, and participate in the Shared Security Show's online community. The hosts express their gratitude for the audience's attention and tease the prospect of future episodes, inviting listeners to continue the conversation on Reddit and to follow them on social media.
Mindmap
Keywords
💡Social Engineering
💡Lawful Access
💡Privacy Sandbox
💡App Tracking Transparency
💡Device Fragmentation
💡End-to-End Encryption
💡Operating System (OS) Updates
💡Jailbreaking
💡Mobile Device Management (MDM)
💡Signal
💡SMS vs. iMessage
Highlights
The podcast discusses the comparison between Android and Apple iOS in terms of privacy and cybersecurity.
The hosts mention that BlackBerry currently has the best privacy due to its minimal usage and thus fewer hacks.
Apple's strict developer policy and closed-source ecosystem are highlighted as a strong point for security.
Google's business model, heavily reliant on advertising, is contrasted with Apple's hardware sales focus.
The discussion touches on the importance of OS updates for security, where Apple's control over its ecosystem is seen as advantageous.
Fragmentation in the Android ecosystem is identified as a significant issue affecting update consistency and security.
The concept of 'jailbreaking' and using alternative OS like Lineage OS on Android devices is explored.
Apple's App Tracking Transparency feature is discussed and its impact on Facebook and Instagram's ad tracking capabilities.
Google's slow rollout of opt-out features for ad tracking and its Privacy Sandbox initiative are mentioned.
The hosts debate the lack of interoperability between iMessage and Android's messaging systems and its security implications.
Signal is recommended as a secure messaging app, with a discussion on the potential for it to be banned or outlawed in some regions.
The importance of understanding and accepting the risks associated with personalized ads is emphasized.
The podcast concludes with a call for politicians to discuss the balance between privacy and encryption backdoors.
The hosts encourage listeners to join their Reddit community for further discussion on privacy and cybersecurity.
The podcast stresses the need for individuals to be aware of the privacy decisions they are making with their technology choices.
The episode ends with a reminder for listeners to like, subscribe, and engage with the Shared Security Show's online community.
Transcripts
[Music]
welcome to episode 219 of the shared
security show and joining me this week
are my rock star co-hosts
scott wright and kevin johnson
rock star
always wanted a rock star i have my foo
fighters uh shirt oh contribute in
memory
yeah
one of my favorite bands foo fighters so
uh yeah i am i am definitely sad but uh
of the situation but um but nonetheless
you guys are rock stars in my eyes so i
figured we could never
no no i'm sorry that's true i'll be
honest i uh i barely know how to to hold
an instrument
um
playing instruments would not be part of
my skill set
and that's okay we can have things
davey jones holding the tampering yeah
yeah oh that we see i have no i have no
sense of uh timing like the beep
so i'd hold the tambourine but i'd like
get twitches and stuff and it would make
random noises it would be bad it would
just be oh that's fun yeah
cool well uh we have an exciting show
for everyone this week um we are
maybe gonna touch a little bit on the
news with our aware much segment which
is actually going to come up first this
this time um but our main topic today is
uh android versus apple ios
and which is better for privacy in cyber
security
yeah so the big battle rights between
the two tech giants
um and which one is better for you uh
and your privacy so
i'm just gonna put out there right now
before we get started the blackberry has
the best current privacy out there um
and that's because nobody uses them
[Music]
nothing's getting hacked in their block
at that point that's right but you know
i'm gonna admit blackberry was my
favorite you know and i'm very sad that
even though it was a canadian company
but
not biased that's why that's not my
favorite it's just i haven't said
i've said long and hard that microsoft's
biggest mistake in the mobile space was
not buying black people yeah yeah
because if yeah they can yeah blackberry
uh what was it bb enterprise manager nxt
offered them to organizations as one
best you were to lock down this market
and everything else yep yep
there's actually a really interesting
story if you guys want to uh look up at
some point there's a book called losing
the signal
it was written by a couple of
journalists that followed blackberry
through the whole life cycle like
some
internal
interviews and stuff really interesting
to see how they grew and how they
collapsed
right now they're a cyber security
company so yeah
look how that turned out yeah
so uh so why don't we jump right into
our aware much segment with mr scott
wright
thanks tom and uh welcome to this
installment of aware much
brought to you by click armor the first
fully gamified security awareness
training and engagement platform
so it might be hard to believe but even
big guys can be tripped into giving
access to sensitive information through
social engineering
uh in mid-2021 like a year ago almost
now uh apple and facebook both became
victims of a pretty effective social
engineering attack that impersonated law
enforcement um and it could have
resulted in you know fraud or harassment
of the victims whose information was
compromised
but access to subscriber data for those
services was
granted based on forged
emergency data requests which is
interesting because
we i don't know if
everybody knows this but there's a
process called i think it's called
lawful access where
a law enforcement can make formal
requests to get access to
data belonging to companies like social
media companies and there's a normal
process where there would be a subpoena
or a warrant required to to make that
happen but there apparently are
emergency processes
and i guess you know i'm not sure but we
can guess it might be when somebody
may be in danger um and they need to
figure out what's going on so there's
there's suspicion of suicide uh
possibilities yeah or counseling
or stuff like that right yeah so
um so there you know there's a reason
why they have this emergency process in
place which
theoretically i guess would be a bit of
a shortcut for how you get through that
process um yeah but interestingly
these people seem to have figured out a
way they're somehow
knowledgeable enough
about the process to figure out how to
exploit that emergency
uh situation
that the service provider is supposed to
handle in a different way and so it's
interesting that they managed to get
access to that you guys have any
thoughts on that
i i i think i mean
this
the stories i've read there are there's
one point that is brought up in a story
and then later on in the story they kind
of contradict it
at one point they talk about that the
request came from the law enforcement
domains
yes as in the implication there is
the
social engineer the attacker actually
got
into like a law enforcement email
address or or system and send it there
if that's true
this is a different type of attack right
we've got a bigger problem yeah right
but here's the thing that throws my mind
and i want to be very clear uh allison
nixon uh
wonderful person love her to death i i
find that all right she's with um
unit221b isn't that yeah they were
quoted in this yeah yeah yeah allison's
a great person and what i've always
found um
even when i don't agree with what she
says which which happens sometimes i
find that her her she always has a good
reasonable
to what she is saying that everybody
should listen to right because she she's
thought it through she's really
considered stuff um because she points
out correctly so
that yes this is bad that this happened
but the sheer number of lives saved
because of these processes are critical
so i want people to remember that
because
it is very easy for us all to say
well there you go this shouldn't be
allowed you shouldn't do this you should
stop this and cut the corners yeah right
throwing the baby out with the bathwater
i think what this highlights to me
is that there is not a good validation
effort they say
that sometimes i think it was apple said
or face or meta i'm sorry meta said
you know we got 218 000 of these a year
or something like that or in six months
and we validated some of them okay that
there's your gap not the social
engineering aspect because the social
engineering aspect yes it's bad but in a
case like this
you're not going to change right you
know from click armor that urgency the
right the aspects of a phishing attack a
social engineering attack
those are used to get somebody to do
something they're not supposed to in
this process
those are part of the process
it's an emergency situation so it has
urgency right like all that kind of
stuff so this is the perfect example
where the training has to tell these
people yes
go verify go validate exactly
all of the other stuff we tell you to
watch for all of the other stuff that we
tell you not to fall for
are here correctly there there is
absolutely an urgency there is
absolutely a time like you have to do it
now somebody's gonna die
right like not to yeah play that lightly
so i think that
i want us to us right us the world um
but i want us to keep in mind that
this is the perfect example of social
engineering
that is abusing a system
that is easily abused
because the way it's used
is abusable i think is i'm not sure i'm
saying that right
in there exactly how i would put it yeah
i bet i think there could potentially i
mean we don't know the process that well
but there could be
extra you know what they what we call
compensating controls right when you
have to bypass
you know break glass procedure they call
it right where you can actually
compensate later on or or do something
to
make sure that if there was any risk
you've tried to mitigate that so in in
this case what i got out of this perhaps
is
the part of the emergency request
procedure i think is that the recipient
like apple or facebook is supposed to
call back
to somebody in the other organization
now
they may be just relying on an email and
if that email spoofed like a business
email compromise um then they may be
wrongfully trusting that email and and
not
doing as much of the authentication or
verification as they could so maybe the
process needs to be fixed or whatever
but this is a perfect you know case
study i'm sure it's been fixed
since it happened right
to some extent
i don't i don't think you yeah unknown
but you're right kevin i mean
it was interesting the stats that came
out from this which was i think apple
reported a thousand emergency requests
in a six month period and they granted
that 93 of them and facebook received 20
000 20 times that in a six month period
in 2021 and they granted 73 of them so
that's a lot of requests and uh yeah a
few are probably gonna fall through the
cracks and like we said you know if it's
a situation where the person you're
supposed to reach out to isn't there and
it's an emergency yeah you're going to
end up with some
bad calls on the risk side
and and
if i may say so
if my data is going to be stolen i'd
rather it be stolen because they were
trying to save somebody's life
yeah and i think that's okay i'm not
saying i'm fine with it happening but
yeah i mean i'd rather this then well we
put it on an ftp server and forgot to
set a password yeah it's kind of a
fascinating view into this process that
we kind of really never thought about
before right you know that there is an
emergency
process for getting
help to people uh
through that process through the
platforms anyway really interesting so
the lesson here really is that
businesses in general need to be really
careful about processing where you are
releasing sensitive information
and those extra steps that you can take
i teach courses sometimes to
business small businesses on cyber
security and when we get to the part
about you know uh fake invoices being
paid and stuff like that you know try to
stress there should be some
threshold that you set to say i'll
accept an email authorization for making
a payment up to a certain level and
beyond that it needs a voice or text or
something to to verify
so those are the things we like to say
so you've got to have somebody in the
process that can verify those things and
um so this installment of uh aware much
has been brought to you by click armor
the first fully gamified security
awareness training and engagement
platform and click armor does have a
course called fakes and frauds that
helps people learn about different types
of attacks that can occur by phone or
email or even text message
and you can
sort of choose your own adventure
choose your own adventure on rails i
call it where you can practice facing
scenarios with different potential
outcomes without wasting too much time
going into some open world
so go to clickarmour.ca trial and sign
up for a free seven-day trial for up to
five members of your organization
and that's it for this segment of
aware much
all right thank you scott
very topical because that's just that
our that is actual news because that
didn't come out uh just this week so
um and it's about apple
so
and we're trying to talk about that
and we're going to talk about apple uh
and google and google uh in this next
segment which is
android versus apple ios which is better
for privacy and cyber security
so
there obviously this is a larger topic
that we could probably have several
episodes on
but i i did want to cover three areas
and i think they're probably the biggest
three areas when we talk about you know
which is better um from a privacy and
cyber security perspective
and that is essentially the app stores
themselves and operating system updates
which we all know and love right
and we always say patch your devices
make sure they're updated so we'll talk
about that then we'll talk about device
tracking and privacy so specifically
around ad tracking which has been all
over the news over the last couple weeks
and we've even talked about that on the
show
and then the last one is around text
messaging privacy and security because i
think most people if they're not using
an app on their phone they're probably
using it for texting
right so we want to talk about some of
the differences there between the
built-in features and functionality um
with text messaging so we're not
necessarily talking about
messaging apps that you can download but
what comes with a
default you know google pixel or an
apple iphone right
so so let's get into it and let's talk
about um apple and google in terms of uh
operating system updates and the app
stores so we all know about the apple
walled garden right
um where it's proprietary closed source
right you have to have an apple id to
download apps
um and you know apple's been known to
have a pretty strict uh developer policy
right so if you want to develop an app
for
uh for the apple ecosystem you have to
go through some things that you know
uh from you know not quite sure the
developer verification process but from
what i've read
um it's definitely a little more
invasive especially around what
they ask you about
how do you
handle data from the app yeah i've gone
through it for some some projects i've
worked on yeah and it changes i want to
be very clear like when i went through
it was a
couple years ago and it's it's gotten
stricter
in many ways but they do a series of
verifications i will argue that all of
the verifications they do are bypassable
um the verifications of who you are to
validate that you're a rural real
developer whatever right um and then
after that you're able to
to submit apps for consideration and
they go through another set of
verifications at that point um which
which i think is good right um i will
also say though
that
that set of verifications up front apple
themselves will tell you as does google
i we're not i'm not picking on apple
here
both of them will tell you that in no
way does that verification tell you that
this app is secure
that's correct um yeah so if we if we
could jump back a little bit to the os i
think that's an easy
an easy conversation
apple wins and the reason apple wins is
because apple
is apple
um
they produce the hardware they produce
the devices they ship it out
they handle the updates they do all this
kind of stuff and they're the ones who
decide yep done that device isn't
supported anymore it's over
whereas google
and we can argue whether this is good or
bad or whatever in either side
google has instead taken the model of
other than our devices that we do
we're going to work with the
manufacturers and let the manufacturers
control it right so i have a samsung
device
you have a pixel device i don't know
right right but um
you have a different version of the
operating system even available to you
than i do yeah right and back when i
first switched over to android
i was using att uh they were my provider
i couldn't get
the latest versions of google android os
yeah because att didn't even make them
available
it was just not possible you you wanted
to buy a phone you got a phone that had
a version of android on it that was two
or three revs back and that's what atmc
supported and
i understand
the benefits there for google
but but that makes it a very simple
answer of
apple is better for security and privacy
around os updates yeah that's a long
answer to say simple no it's totally
right and and device fragmentation in
the android world is is a huge problem
because there are so many
types of android devices that are out
there and that may never get updates
because they just you know for whatever
reason
um are no longer supported by the
manufacturer or they're just so out of
dates
so you know unless you're getting a
brand new android phone
every year
i mean you risk you know just eventually
you'll fall into that fragmentation and
even if you get a new android phone
you're still falling into the
fragmentation because i have a samsung
device so the version of sam the os that
i'm running
is different because samsung added stuff
to it
i got an unlocked one directly from
samsung but if i had bought it from
horizon or whatever when i bought my
phones from verizon
and verizon's crud on top of the samsung
crud on top of the android system right
i think there's a there's a really
important fundamental issue here too
it's not just interoperability it's
every time you've got different versions
of things working together there's more
potential vulnerabilities that you've
got to keep track of right yep right the
more complex you make it the easier it
is for me
yep to be professionally evil
yep that's right that's right
so
so the other thing i want to mention too
is on the android side i've been seeing
more of a movement
um to d google
um an android device and um there are
actual mobile operating systems that are
out there uh graphene is one uh calyx uh
lineage os
um and you can we'll have some links in
the show notes or if you're interested
you can explore this where you can you
know load your own operating system on
your android phone and that doesn't have
any google
google anything right it's an
interesting idea too because that's
essentially i think what you're talking
about is jailbreaking right
and that would be the equivalence yeah
kind of right on the apple side is like
if you want to download apps from
a third-party app store in the apple
world you have to jailbreak your device
to do that and that's harder to do as i
understand on an apple right
it varies but it's also not recommended
because you then are you know you're
essentially hacking your own device and
you're then you're making it more
vulnerable to you and actually
yeah that's right i will also say that
on the android side if you replace
android with a d google flight one
lineage whatever
um
you can run into problems i'm not
talking secure i'm not saying it's
insecure or whatever
but one you got to make sure that what
you're replacing with is what you think
you're replacing it with but but
ignoring that drugs or bad type of
message because that's what that is
right like oh my god if you jailbreak it
you'll be hacked well yeah but you'll
probably be hacked if you don't
jailbreak well but um there's also where
are those are those uh os alternative
os's are they free or do you buy them
yeah that's right they're open source so
you just do it you just search do google
search and download it and you're good
does google tell you exactly where those
are so there's no security issues there
but but here is here's the issue that
almost definitely will happen
you will lose access to certain things
because they're not supported there
right right
my phone
is managed by my company right we have
an mdm that mdm
may not let me in i haven't even looked
because i haven't considered replacing
the phone uh but
the mdm may block me from accessing
equipment yeah they block me from
accessing the corporate view
don't try to jailbreak your employer's
phone
but unless you have permission right and
with me i would have permission to do it
because i'm who authorizes that kind of
stuff right like my twitter account says
my opinions are my employers but um
you'll lose access to things like that
you may also lose access to apps yeah
there are applications
that when they install they verify that
the they're installed on a os they
expect to be yeah yeah and then they
don't run
is that a deal breaker for you i don't
know it's a point great
different question yeah right
check your threat model as we always say
right yeah so
so the next uh next topic is around
device tracking and privacy and
specifically more around ad tracking and
that's been a big thing that we've
talked about on the show before
you know just recently apple has uh
released their app tracking transparency
which is a new setting starting with ios
14.5
which was in the news because it
essentially killed um facebook and
instagram and the meta apps um and a lot
of their tracking capabilities within
ios and i think it was there was some
quote about you know meta losing you
know potentially
millions and millions of dollars and
this year alone dozens of other
marketing apps right that rely on
similar technologies for traffic yeah
that's correct so
now now on the google side they've kind
of been slow rolling some opt out
features in some similar ways to what
apple did
um you can right now i know with i think
the last couple versions of android and
parkman wrong uh
kevin but you can reset your ad id
essentially yes but that's not a
permanent type of fix of what what apple
has put in um and of course you can opt
out of those personalized ads
um and then google's working on this
thing called privacy sandbox which is a
a a larger type of solution for privacy
on android but that's going to take
several years to implement from from
what i've researched so yeah um i think
the primary differences and this is
really important to understand is that
their business is essentially most their
business is around advertising
um
it's just the reality that is how if you
look at how google started in google
search and google ads i mean they are
primarily an advertising company
and apple um is very different in the
way that they make money
um they make money from hardware sales
essentially
and then they actually offer you know
like apple music which is subscription
yes free
subscription-based services so
right i think it's important to kind of
call that out as the incentives right
for both and when you hear statements
like google is working on a privacy
initiative
like a sandbox okay what does that mean
for a business that whose business
relies on
not necessarily having complete privacy
i think it's a life preserver i think uh
if you look at
regulation if you look at
gdpr the eu canada the u.s right more
and more organizations more and more
countries more and more
areas are pushing
privacy i find it hilarious that the
same politicians that are pushing
privacies are also pushing back during
encryption hypocrisy march yeah that's a
whole lot yeah yeah we need privacy but
let us listen in um
but
the
the the regulatory
bodies are pushing this and so while yes
google absolutely has made their money
made their business been an advertising
behemoth
they have to adjust right they have to
not become blockbuster
right
blockbuster's whole business was renting
movies
and they failed the shift in time yes
google knows their entire business or
the majority of their business is
advertising yeah so they have to figure
out a way to advertise in a privacy
aware no and no time like now they've
got all the money in the world to
invest in it they got to do it if they
don't do it if if google doesn't
transition well
they will go the route of and it won't
and it won't be as slow as blockbusters
no what will happen is
the regulatory bodies are going to go
after them right
and they've already been doing it at a
certain point it's going to be like look
this is the death note and that's why i
think when i look at things like the
google privacy sandbox
i'm not saying they're going to be
perfect i'm not saying they're going to
be well done
but they are absolutely going to be a
seismic shift in what google does
or they will be huge interesting yeah
good to know you heard it here folks
that's right that's right
i didn't create that from the rockstar
himself
that's right so imagine this scenario
you're out of the office unexpectedly
and a colleague pings you because they
need access to some system you have
credentials for now our listeners would
never send passwords over email or slack
right but what about your co-workers how
many organizations out there are sending
logins back and forth in plain text
worse yet how many just store all of
their logins on a shared spreadsheet we
all know that human errors are the
biggest threat to your organization's
security but did you know that weak or
stolen passwords account for over 80
percent of all data breaches now there
are tools out there that can allow you
to share credentials set access
permissions and monitor the dark web for
stolen logins
and keeper security's enterprise
password management platform does just
that keeper locks down logins payment
cards confidential documents api keys
and database passwords in a patented
zero knowledge encrypted vault
and it takes less than an hour to deploy
across your organization
sign up for a keeper free trial for your
organization today and get a free 3-year
personal plan stop sharing emails and
spreadsheets with the keys to the
kingdom get started by visiting
keepersecurity.com
shared security so the last topic on
android versus ios we want to talk about
text messaging
um and you know because obviously text
message just call yeah yeah well no one
makes phone calls can you can you
actually do that on a mobile phone oh
yeah you can
yeah we call it a phone
and a telephone meant
calling somebody
um
so let's forget calling it a phone but
anyway
uh text messaging so i think apple
everybody knows we have imessage
which is the blue texts and then android
is the green
[Laughter]
so for those of you in the apple
ecosystem
it is a source of large controversy that
that's my android friends show up as
green and my apple friend shop is i kind
of like knowing who's who's green and
who's do you yeah here's here's my
question
did apple pick green to imply that us
android users are jealous of you i i
want to know if that was the thought
process right because if i was doing it
i would totally do it that way
it's because all apple users are just
blue you know we're all down in the
dumps
yeah well you know there is i did a
little bit of research on that and it's
because there is no interoperability
between
the messaging systems um which
either company could have set some
standards
and
right there is one but and they ruined
it
yeah sorry that i'm jumping ahead yeah
but
not really a security or privacy related
topic but it's very interesting and
we'll have a link to in the show notes
where you can kind of go down that
rabbit hole but let's just say that
there is
there's just some various reasons for
not coming together on a standard but um
regardless from a security perspective
so imessage um is and encrypted unless
you back up to icloud
and only send messages to other
iphone users because if you don't send
it yeah that's correct yeah
it'll default to sms for
others like android so and to be very
clear for the people who don't know
none of the s's in sms stand for
security
that is correct that's the message
there's nothing secure about it no at
all
now google um so there is the google
messages app um which you can enable
end-to-end encryption
but it has the same problem right when
sending messages to those people not
using the google messages app or an
iphone user so
similar in some ways sounds to me like
there should be an xkcd cartoon for this
yeah
yeah now kevin you're an
android user i was going to ask you if
you use google messages um
on your phone yeah
so i use signal
which we'll talk about um i believe
i enabled google messages as one of the
options if i remember correctly um i i'm
i say that because i was trying out some
different messaging
yeah uh systems right when i had a
verizon phone
there was a verizon messages app that
was pushed down by default um i no
longer have a verizon phone yeah um but
yeah i'm 99 now i'm looking at my phone
like i want to check
um but i use signal for for lots of
things um
as people should in my opinion but um
i
i'm the oddball though
i'm a very firm believer that people are
going to read my messages anyways so i
don't use sms for anything that i'd be
worried about somebody reading over the
internet right um
but that's but that's me right like i i
don't i'm not saying that makes it okay
i'm just saying
i use sms as a
when i s mess somebody it's
it is not secure it's nonsense yeah
right yeah yeah you get a little name
from me or something yeah and that's
kind of my take too is like i mean
obviously with all all my friends that
you know we're chatting in a group text
or something like that you know there
are going to be a few android users and
like i'm not sending anything that you
know is considered sensitive and if it
gets intercepted like okay well big deal
but there are conversations and
obviously things related to maybe
business or other stuff that i'm going
to use signal for
um
because you know i just want that extra
layer of security and to be frank i
actually like a lot of the features
within signal
um a little bit better than what's
available in imessage
so
but again the problem is
i have friends that probably will never
use signal
nor will i'll be able to convince them
to use here's yet another app you need
to use for your messaging
unless they're in this security
community yeah
then everybody's using it right but but
i have friends outside of security that
i need to talk to what i would love to
see is i would love to see apple and
push signal down yeah adopt it into the
os yeah
right like not not embedded in the os
the underlying technology yeah yeah yes
push down the app as a default like hey
you buy a new iphone it has signal on
um they would overnight increase the
number of people using good stuff of
course i will tell you that i cringe
every time i see the ad from
meta about the whatsapp where they're
have you seen the new ads they're
playing where like the
post office guy comes to the door and he
hands them
like why is my mail open and they're
like i don't know maybe somebody read it
use whatsapp
oh
yeah
and and we've we've talked about
messaging secure messaging apps on the
show before and we've always come back
to our recommendation as signal um
you know i know there's telegram
whatsapp there's wire there's a bunch of
apps out there um
you know but just in terms of like
what's been tested by multiple people
um plus you know i think the company
behind moxie marlin spike's company
behind uh signal
um
you know the guy is
super smart and he talks a lot about
how he
develops his apps and so i have one
question for you on this and that is you
know is it likely or do you think it's
likely that uh signal will ever somehow
be outlawed
right there's always oh there's
absolutely places that will outlaw of
course yeah well let's be very clear
both in the u.s and in the uk and i
believe canada as well there are
serious efforts to back door encryption
at that point signal will be outlawed
well not to mention here in the united
states there are actually active
discussions going on in u.s congress
about
banning end-to-end encryption yeah
the us i thought i did yeah
yeah you know what i said was the us and
the uk and i believe canada is also
doing it that's uh yeah i'm trying to
remember
but yeah no the us is doing i absolutely
believe that
i would never support
insurrection but if you were going to be
an insurrectionist
this would be a reason to do it not
electoral college yeah what
i'm like sure i don't put this one in
the uh the uh the show preview
yeah yeah yeah
today
i would not be a nazi i should watch it
kevin did i hear kevin saying you want
some interaction
i just i don't understand i honestly
don't understand i i wish you never i
don't know about recently but when i was
younger when i was a teenager when i was
a kid
one of the popular tropes in movies and
tv shows was
the parent and the kids swapped bodies
for the day freaky friday yes yeah yeah
friday whatever like all of those types
of shows
i i would like one day
just to know
what
ignorant
thoughts
are going through a politician's mind
and i want to regret any of the
politicians practically i i want to know
how they
delude themselves into believing
that they are supporting privacy
supporting the population supporting
good
and supporting breaking encryption yeah
i like those two i just yeah how do you
make both of those statements come out
of the same faithful
and believe that that is
yep you know would be fun kevin
we should get a politician on the show
so we could have that conversation i'm
being totally serious yeah yeah i would
love it if we could find you know
that's a great idea
and kevin couldn't actually punch him in
the throat
i know because they won't be in the same
room so there could be no
there'd be no violence but i want to be
very clear like i would want to have
that conversation
because i don't believe
that's a political or bipartisan like a
you're bipartisan i believe that no
matter what your politics are whether
you're a republican a democrat a
communist a libertarian a
fruitarian i don't know if that's a real
thing
doomsday
right uh a fruitarian is somebody who
believes that strawberries should be
illegal um is what i've decided
i don't know
but i don't know what your politics are
i believe that that should be an easily
answered question
how do you support privacy and back
dooring encryption all right
that's like a call for for politicians
to reach out yeah yeah i'm i'm going to
research that one and see who we can get
i'd love to have like a u.s senator on
the show wouldn't that be amazing yeah
i'm in
okay all right all right well you heard
it here first folks uh and if you have
any leads to any uh uh politicians
ex-presidents anything like that we'd be
greatly interested in speaking doesn't
mean we need you to hide wait wait wait
wait no no no don't hack them you said
ex-presidents and i want to be very
clear
there's one we got no interest in
talking to you
no
not true
well uh with that um hopefully everybody
uh got some good uh advice just
to summarize it goes back to your you
know personal
uh threat level your you know risk level
risk tolerance those types of things um
there's pros and cons to both obviously
um kevin even has said you know he likes
ads personalized ads right yeah um
and some people do and they're okay with
that so you just got to make your own uh
judgment call from a privacy in in cyber
security perspective but i think the big
important thing to remember is
be aware of what you're deciding that's
it that's right exactly too many people
make the decision understand the risks
making the decisions yes right like that
they just default i that's where i think
it's the problem is that they're i can
accept the problem to the personalize
that so i like them because i'm aware
i'm accepting it
and i'll just say if you want to
continue this conversation check out our
reddit community um yeah and the shared
security show subreddit and uh we'd love
to chat more about this uh i think
really important topic yes so
all right everyone well folks
thanks for listening and we will catch
everyone next week
thanks for watching if you enjoyed this
episode and you'd like to help support
the podcast hit that like and subscribe
button to catch all the latest from the
show visit our website
sharedsecurity.net
follow us on twitter at sharedsec and
join our reddit community on the shared
security show subreddit
Ver Más Videos Relacionados
YouTube Channels Are Being HACKED! (How to Protect Yourself)
How To Stay Safe On Telegram : The TRUTH About Security On The App
Network Security Model
Encryption Explained Simply | What Is Encryption? | Cryptography And Network Security | Simplilearn
Security Breach Example 2
Can We Trust Artificial Intelligence? | The Daily Aus
5.0 / 5 (0 votes)