Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?

Shared Security Podcast

3 Apr 202240:33

Summary

TLDRIn this episode of the Shared Security Show, co-hosts Scott Wright and Kevin Johnson join Tom to discuss a range of topics focusing on privacy and cybersecurity. They delve into the ongoing debate of Android vs. Apple iOS, examining the strengths and weaknesses of each platform concerning privacy, the app stores, operating system updates, device tracking, and text messaging security. The hosts also touch upon a recent social engineering attack on Apple and Facebook, highlighting the importance of validation and verification processes when dealing with sensitive data requests. The discussion underscores the need for individuals and organizations to be vigilant about data security, advocating for awareness and the use of secure communication platforms like Signal for sensitive information.

Takeaways

🎶 The podcast begins with a humorous discussion about being 'rock stars' and the hosts' musical preferences, setting a light-hearted tone for the show.
📱 The main topic of the episode is a comparison between Android and Apple iOS, focusing on privacy and cybersecurity aspects.
🔒 A significant point made is that Blackberry currently offers the best privacy due to its minimal usage, highlighting the irony of security through obscurity.
📚 The hosts reference the book 'Losing the Signal' for insights into BlackBerry's rise and fall, emphasizing the importance of understanding the past in cybersecurity.
🤔 The discussion touches on a social engineering attack on Apple and Facebook, where forged emergency data requests were used to gain access to sensitive information.
📉 There's a debate on the effectiveness of Apple's and Google's verification processes for apps, and the ongoing need for vigilance despite these measures.
🚀 The hosts praise Apple's control over its ecosystem, including hardware and software updates, as a strength in ensuring security and privacy.
📱 Fragmentation in the Android ecosystem is identified as a challenge, with varying OS versions across devices potentially leading to security vulnerabilities.
🛍️ Google's business model, heavily reliant on advertising, is contrasted with Apple's focus on hardware sales, affecting their respective approaches to user privacy.
📧 The episode covers the importance of secure text messaging, with recommendations for apps like Signal that offer end-to-end encryption.
⚖️ The hosts express concern over political efforts to backdoor encryption, emphasizing the need for a balanced discussion on privacy and security.

Q & A

What is the main topic of discussion in episode 219 of the Shared Security Show?
-The main topic of discussion is a comparison between Android and Apple iOS, focusing on which is better for privacy and cybersecurity.
What is the 'Aware Much' segment about in this episode?
-The 'Aware Much' segment discusses a social engineering attack that targeted Apple and Facebook by impersonating law enforcement to gain access to sensitive information.
What is the significance of the discussion about BlackBerry in the context of privacy?
-The discussion about BlackBerry highlights that it currently has the best privacy because of its low usage, implying that fewer users means fewer hacking attempts.
Why did the hosts mention Microsoft's biggest mistake in the mobile space?
-The hosts mentioned that Microsoft's biggest mistake was not buying BlackBerry when they had the chance, as BlackBerry's enterprise services could have helped Microsoft secure a stronger position in the mobile market.
What book is recommended for understanding the rise and fall of BlackBerry?
-The book recommended is 'Losing the Signal', which provides an in-depth look at BlackBerry's lifecycle, including internal interviews.
What is the primary business model of Google, and how does it affect their approach to privacy?
-Google's primary business model is advertising, which influences their approach to privacy as they need to balance user data collection for ad personalization with growing privacy concerns and regulations.
What is Google's Privacy Sandbox initiative?
-Google's Privacy Sandbox is a proposed solution for enhancing privacy on Android, which aims to change how user data is used for advertising while still maintaining Google's ad revenue streams.
Why is Apple's approach to app store security considered more stringent than Google's?
-Apple's approach is considered more stringent because they have a closed ecosystem (the 'walled garden'), where they control both the hardware and software, enforce strict developer policies, and perform multiple verifications on apps before they are available for download.
What is the difference between Apple's iMessage and Android's default text messaging in terms of security?
-iMessage uses end-to-end encryption by default for messages sent between Apple devices, while Android's default SMS messaging does not offer the same level of security. However, Google Messages can offer end-to-end encryption if both parties are using the app, but not when communicating with non-Google Messages or iMessage users.
What is the recommendation for secure messaging between friends who may not be in the security community?
-The hosts recommend using Signal, an app known for its strong focus on privacy and end-to-end encryption, as it is considered one of the most secure messaging apps available.
What is the stance of some politicians regarding privacy and encryption?
-Some politicians are advocating for privacy while simultaneously pushing for backdoors in encryption, which is a contradiction because backdoors weaken encryption and privacy.

Outlines

00:00

🎶 Introduction to the Shared Security Show 🎶

The script opens with a warm welcome to episode 219 of the Shared Security Show, featuring co-hosts Scott Wright and Kevin Johnson. The hosts, playfully referred to as 'rock stars,' discuss their lack of musical ability and the importance of privacy in technology. They touch upon the decline of BlackBerry and its current focus on cybersecurity. The episode's main topic is a comparison between Android and Apple iOS, focusing on privacy and cybersecurity. There's also a mention of an 'aware much' segment that discusses a social engineering attack on Apple and Facebook.

05:01

🚨 Social Engineering Attacks and Data Compromises 🚨

The discussion delves into a social engineering attack where Apple and Facebook were tricked into granting access to sensitive information by forged emergency data requests. The hosts debate the effectiveness of the emergency process for data access and the need for better validation efforts. They also highlight the critical balance between saving lives through such processes and the potential for misuse, emphasizing the importance of security training and awareness.

10:01

📱 Android vs. Apple: Privacy and Cybersecurity 📱

The hosts compare Android and Apple iOS in terms of privacy and cybersecurity. They discuss the control Apple has over its ecosystem, including app stores and operating system updates, and how this contrasts with Google's approach, which involves collaboration with multiple manufacturers. The conversation touches on device fragmentation in the Android market and the security implications of this diversity. They also mention alternative Android operating systems that allow for greater privacy but may come with their own set of challenges.

15:01

🛡️ The Impact of Device Tracking and Privacy 🛡️

The script addresses the issue of device tracking and privacy, particularly focusing on ad tracking. It contrasts Apple's App Tracking Transparency feature, which has significantly limited ad tracking on iOS, with Google's slower approach to providing users with opt-out features. The hosts discuss the business models of both companies, with Google's reliance on advertising being a key point of discussion. They also mention Google's Privacy Sandbox initiative, which aims to improve privacy on Android.

20:02

💬 Text Messaging Privacy and Security 💬

The final topic of the script is text messaging privacy and security. It outlines the differences between Apple's iMessage, which is encrypted by default, and Android's default messaging, which relies on SMS and is not encrypted. The hosts discuss the limitations of SMS and the potential risks associated with sending sensitive information via unencrypted messages. They also mention the use of Signal as a secure messaging app and the challenges of convincing non-security-focused individuals to adopt such apps.

25:03

📉 The Risks of Defaulting to Unsecured Communications 📉

The hosts wrap up the discussion by emphasizing the importance of being aware of the risks associated with different communication methods. They stress the need for individuals to understand their threat model and make informed decisions about their privacy and security. The conversation also touches on the potential for legislation to impact encryption and the desire to engage with politicians on these topics. The script concludes with a call to action for listeners to join the conversation on Reddit and to follow the show for more insights.

30:05

📢 Closing Remarks and Call to Action 📢

The script concludes with a reminder for listeners to engage with the podcast, subscribe to the channel, and participate in the Shared Security Show's online community. The hosts express their gratitude for the audience's attention and tease the prospect of future episodes, inviting listeners to continue the conversation on Reddit and to follow them on social media.

Mindmap

Keywords

💡Social Engineering

Social engineering is a deceptive strategy used by attackers to manipulate individuals into divulging confidential information or performing certain actions. In the video, it is discussed how Apple and Facebook fell victim to a social engineering attack that impersonated law enforcement to gain access to sensitive information. This highlights the importance of security awareness and the need for robust validation processes to prevent such incidents.

💡Lawful Access

Lawful access refers to the legal process where law enforcement can make formal requests to access data belonging to companies, such as social media platforms. The video mentions that there are normal processes involving subpoenas or warrants, but also emergency processes for situations like potential suicides or threats to safety. The discussion emphasizes the need for strong validation of these requests to prevent exploitation.

💡Privacy Sandbox

Google's Privacy Sandbox is an initiative aimed at improving privacy on the web, particularly within the Android ecosystem. The video discusses how Google, as an advertising company, needs to adapt its business model to comply with increasing privacy regulations and user expectations. Privacy Sandbox represents a significant shift in Google's approach to user data and online advertising.

💡App Tracking Transparency

App Tracking Transparency is a feature introduced by Apple starting with iOS 14.5, which requires apps to obtain user consent before tracking them or accessing their device's advertising identifier. The video highlights the impact of this feature on companies like Facebook, which rely heavily on ad tracking for revenue. It represents a significant move towards user privacy and control over personal data.

💡Device Fragmentation

Device fragmentation in the context of the video refers to the variety of different Android devices and versions that exist in the market, which can make it challenging to provide timely and consistent operating system updates. Fragmentation can lead to security vulnerabilities as not all devices receive critical security patches at the same time. The video contrasts this with Apple's more controlled ecosystem, where updates are uniform across devices.

💡End-to-End Encryption

End-to-end encryption is a method of secure communication where only the communicating users can access the content of the communication. The video discusses the use of end-to-end encryption in messaging apps like Signal, which ensures that messages remain private and secure. The topic is relevant as there are ongoing discussions in various countries about potentially banning or backdooring encryption, which could impact the privacy and security of digital communications.

💡Operating System (OS) Updates

Operating system updates are crucial for the security and functionality of devices. The video emphasizes the difference in update practices between Apple and Android devices. Apple controls both hardware and software, allowing for a more streamlined update process, whereas Android devices, due to fragmentation, may not receive updates as consistently, which can lead to security risks.

💡Jailbreaking

Jailbreaking refers to the process of removing software restrictions imposed by the device manufacturer or operating system, which allows users to install unauthorized apps and make system changes. In the video, jailbreaking is mentioned in the context of Apple devices and the potential security risks it introduces, as well as the comparison to using alternative operating systems on Android devices.

💡Mobile Device Management (MDM)

Mobile Device Management is a strategy that allows organizations to manage and secure mobile devices that are used within the company. The video briefly touches on MDM in the context of how it may restrict the use of jailbroken phones or phones with alternative operating systems, as they could pose security risks to the corporate network.

💡Signal

Signal is a secure messaging app that uses end-to-end encryption to protect messages, calls, and even video chats from being intercepted or read by third parties. The video recommends Signal as a preferred messaging app for privacy-conscious users, noting its strong security features and the trustworthiness of its developers. The discussion also touches on the challenges of convincing non-security-focused individuals to adopt Signal or similar secure messaging apps.

💡SMS vs. iMessage

SMS (Short Message Service) and iMessage are two different messaging protocols. iMessage is Apple's messaging service that provides encryption for messages sent between Apple devices, while SMS is a standard messaging protocol that does not inherently offer the same level of security. The video discusses the visual distinction between the two in terms of color-coding in message threads and the security implications of each.

Highlights

The podcast discusses the comparison between Android and Apple iOS in terms of privacy and cybersecurity.

The hosts mention that BlackBerry currently has the best privacy due to its minimal usage and thus fewer hacks.

Apple's strict developer policy and closed-source ecosystem are highlighted as a strong point for security.

Google's business model, heavily reliant on advertising, is contrasted with Apple's hardware sales focus.

The discussion touches on the importance of OS updates for security, where Apple's control over its ecosystem is seen as advantageous.

Fragmentation in the Android ecosystem is identified as a significant issue affecting update consistency and security.

The concept of 'jailbreaking' and using alternative OS like Lineage OS on Android devices is explored.

Apple's App Tracking Transparency feature is discussed and its impact on Facebook and Instagram's ad tracking capabilities.

Google's slow rollout of opt-out features for ad tracking and its Privacy Sandbox initiative are mentioned.

The hosts debate the lack of interoperability between iMessage and Android's messaging systems and its security implications.

Signal is recommended as a secure messaging app, with a discussion on the potential for it to be banned or outlawed in some regions.

The importance of understanding and accepting the risks associated with personalized ads is emphasized.

The podcast concludes with a call for politicians to discuss the balance between privacy and encryption backdoors.

The hosts encourage listeners to join their Reddit community for further discussion on privacy and cybersecurity.

The podcast stresses the need for individuals to be aware of the privacy decisions they are making with their technology choices.

The episode ends with a reminder for listeners to like, subscribe, and engage with the Shared Security Show's online community.

Transcripts

00:01

[Music]

00:06

welcome to episode 219 of the shared

00:09

security show and joining me this week

00:12

are my rock star co-hosts

00:15

scott wright and kevin johnson

00:20

rock star

00:21

always wanted a rock star i have my foo

00:24

fighters uh shirt oh contribute in

00:26

memory

00:27

yeah

00:31

one of my favorite bands foo fighters so

00:34

uh yeah i am i am definitely sad but uh

00:37

of the situation but um but nonetheless

00:39

you guys are rock stars in my eyes so i

00:42

figured we could never

00:44

no no i'm sorry that's true i'll be

00:47

honest i uh i barely know how to to hold

00:51

an instrument

00:52

um

00:53

playing instruments would not be part of

00:56

my skill set

00:58

and that's okay we can have things

01:00

davey jones holding the tampering yeah

01:03

yeah oh that we see i have no i have no

01:05

sense of uh timing like the beep

01:08

so i'd hold the tambourine but i'd like

01:09

get twitches and stuff and it would make

01:11

random noises it would be bad it would

01:13

just be oh that's fun yeah

01:16

cool well uh we have an exciting show

01:19

for everyone this week um we are

01:22

maybe gonna touch a little bit on the

01:24

news with our aware much segment which

01:27

is actually going to come up first this

01:28

this time um but our main topic today is

01:31

uh android versus apple ios

01:34

and which is better for privacy in cyber

01:37

security

01:39

yeah so the big battle rights between

01:41

the two tech giants

01:43

um and which one is better for you uh

01:46

and your privacy so

01:48

i'm just gonna put out there right now

01:49

before we get started the blackberry has

01:52

the best current privacy out there um

01:55

and that's because nobody uses them

01:57

[Music]

02:00

nothing's getting hacked in their block

02:02

at that point that's right but you know

02:04

i'm gonna admit blackberry was my

02:06

favorite you know and i'm very sad that

02:08

even though it was a canadian company

02:10

but

02:11

not biased that's why that's not my

02:14

favorite it's just i haven't said

02:16

i've said long and hard that microsoft's

02:18

biggest mistake in the mobile space was

02:20

not buying black people yeah yeah

02:22

because if yeah they can yeah blackberry

02:25

uh what was it bb enterprise manager nxt

02:29

offered them to organizations as one

02:31

best you were to lock down this market

02:33

and everything else yep yep

02:35

there's actually a really interesting

02:36

story if you guys want to uh look up at

02:38

some point there's a book called losing

02:40

the signal

02:41

it was written by a couple of

02:43

journalists that followed blackberry

02:44

through the whole life cycle like

02:46

some

02:47

internal

02:48

interviews and stuff really interesting

02:50

to see how they grew and how they

02:52

collapsed

02:54

right now they're a cyber security

02:55

company so yeah

02:57

look how that turned out yeah

03:00

so uh so why don't we jump right into

03:02

our aware much segment with mr scott

03:04

wright

03:07

thanks tom and uh welcome to this

03:09

installment of aware much

03:11

brought to you by click armor the first

03:13

fully gamified security awareness

03:15

training and engagement platform

03:18

so it might be hard to believe but even

03:20

big guys can be tripped into giving

03:23

access to sensitive information through

03:25

social engineering

03:26

uh in mid-2021 like a year ago almost

03:29

now uh apple and facebook both became

03:32

victims of a pretty effective social

03:34

engineering attack that impersonated law

03:36

enforcement um and it could have

03:38

resulted in you know fraud or harassment

03:42

of the victims whose information was

03:44

compromised

03:45

but access to subscriber data for those

03:48

services was

03:49

granted based on forged

03:52

emergency data requests which is

03:54

interesting because

03:55

we i don't know if

03:57

everybody knows this but there's a

03:58

process called i think it's called

04:00

lawful access where

04:02

a law enforcement can make formal

04:03

requests to get access to

04:05

data belonging to companies like social

04:08

media companies and there's a normal

04:10

process where there would be a subpoena

04:12

or a warrant required to to make that

04:14

happen but there apparently are

04:16

emergency processes

04:18

and i guess you know i'm not sure but we

04:21

can guess it might be when somebody

04:23

may be in danger um and they need to

04:25

figure out what's going on so there's

04:28

there's suspicion of suicide uh

04:30

possibilities yeah or counseling

04:33

or stuff like that right yeah so

04:34

um so there you know there's a reason

04:36

why they have this emergency process in

04:38

place which

04:40

theoretically i guess would be a bit of

04:42

a shortcut for how you get through that

04:44

process um yeah but interestingly

04:47

these people seem to have figured out a

04:50

way they're somehow

04:52

knowledgeable enough

04:53

about the process to figure out how to

04:56

exploit that emergency

04:59

uh situation

05:00

that the service provider is supposed to

05:02

handle in a different way and so it's

05:05

interesting that they managed to get

05:08

access to that you guys have any

05:09

thoughts on that

05:11

i i i think i mean

05:14

this

05:16

the stories i've read there are there's

05:19

one point that is brought up in a story

05:22

and then later on in the story they kind

05:24

of contradict it

05:26

at one point they talk about that the

05:28

request came from the law enforcement

05:30

domains

05:31

yes as in the implication there is

05:34

the

05:35

social engineer the attacker actually

05:37

got

05:38

into like a law enforcement email

05:41

address or or system and send it there

05:44

if that's true

05:46

this is a different type of attack right

05:48

we've got a bigger problem yeah right

05:51

but here's the thing that throws my mind

05:53

and i want to be very clear uh allison

05:55

nixon uh

05:56

wonderful person love her to death i i

05:59

find that all right she's with um

06:02

unit221b isn't that yeah they were

06:04

quoted in this yeah yeah yeah allison's

06:06

a great person and what i've always

06:08

found um

06:09

even when i don't agree with what she

06:11

says which which happens sometimes i

06:14

find that her her she always has a good

06:18

reasonable

06:20

to what she is saying that everybody

06:23

should listen to right because she she's

06:25

thought it through she's really

06:26

considered stuff um because she points

06:29

out correctly so

06:30

that yes this is bad that this happened

06:33

but the sheer number of lives saved

06:37

because of these processes are critical

06:40

so i want people to remember that

06:42

because

06:43

it is very easy for us all to say

06:46

well there you go this shouldn't be

06:48

allowed you shouldn't do this you should

06:49

stop this and cut the corners yeah right

06:52

throwing the baby out with the bathwater

06:54

i think what this highlights to me

06:57

is that there is not a good validation

07:00

effort they say

07:02

that sometimes i think it was apple said

07:05

or face or meta i'm sorry meta said

07:08

you know we got 218 000 of these a year

07:11

or something like that or in six months

07:13

and we validated some of them okay that

07:17

there's your gap not the social

07:19

engineering aspect because the social

07:20

engineering aspect yes it's bad but in a

07:23

case like this

07:25

you're not going to change right you

07:27

know from click armor that urgency the

07:31

right the aspects of a phishing attack a

07:33

social engineering attack

07:35

those are used to get somebody to do

07:37

something they're not supposed to in

07:39

this process

07:41

those are part of the process

07:42

it's an emergency situation so it has

07:45

urgency right like all that kind of

07:47

stuff so this is the perfect example

07:49

where the training has to tell these

07:51

people yes

07:53

go verify go validate exactly

07:56

all of the other stuff we tell you to

07:58

watch for all of the other stuff that we

07:59

tell you not to fall for

08:02

are here correctly there there is

08:04

absolutely an urgency there is

08:06

absolutely a time like you have to do it

08:09

now somebody's gonna die

08:11

right like not to yeah play that lightly

08:14

so i think that

08:17

i want us to us right us the world um

08:21

but i want us to keep in mind that

08:25

this is the perfect example of social

08:27

engineering

08:29

that is abusing a system

08:31

that is easily abused

08:34

because the way it's used

08:37

is abusable i think is i'm not sure i'm

08:39

saying that right

08:40

in there exactly how i would put it yeah

08:43

i bet i think there could potentially i

08:45

mean we don't know the process that well

08:47

but there could be

08:48

extra you know what they what we call

08:49

compensating controls right when you

08:51

have to bypass

08:52

you know break glass procedure they call

08:54

it right where you can actually

08:56

compensate later on or or do something

08:59

to

08:59

make sure that if there was any risk

09:02

you've tried to mitigate that so in in

09:04

this case what i got out of this perhaps

09:06

is

09:07

the part of the emergency request

09:09

procedure i think is that the recipient

09:11

like apple or facebook is supposed to

09:13

call back

09:14

to somebody in the other organization

09:17

now

09:19

they may be just relying on an email and

09:21

if that email spoofed like a business

09:23

email compromise um then they may be

09:26

wrongfully trusting that email and and

09:28

not

09:29

doing as much of the authentication or

09:32

verification as they could so maybe the

09:34

process needs to be fixed or whatever

09:36

but this is a perfect you know case

09:38

study i'm sure it's been fixed

09:41

since it happened right

09:42

to some extent

09:45

i don't i don't think you yeah unknown

09:48

but you're right kevin i mean

09:49

it was interesting the stats that came

09:51

out from this which was i think apple

09:52

reported a thousand emergency requests

09:55

in a six month period and they granted

09:57

that 93 of them and facebook received 20

10:00

000 20 times that in a six month period

10:03

in 2021 and they granted 73 of them so

10:07

that's a lot of requests and uh yeah a

10:10

few are probably gonna fall through the

10:12

cracks and like we said you know if it's

10:13

a situation where the person you're

10:15

supposed to reach out to isn't there and

10:17

it's an emergency yeah you're going to

10:18

end up with some

10:20

bad calls on the risk side

10:23

and and

10:24

if i may say so

10:27

if my data is going to be stolen i'd

10:29

rather it be stolen because they were

10:31

trying to save somebody's life

10:33

yeah and i think that's okay i'm not

10:35

saying i'm fine with it happening but

10:36

yeah i mean i'd rather this then well we

10:39

put it on an ftp server and forgot to

10:41

set a password yeah it's kind of a

10:43

fascinating view into this process that

10:46

we kind of really never thought about

10:47

before right you know that there is an

10:49

emergency

10:50

process for getting

10:52

help to people uh

10:54

through that process through the

10:55

platforms anyway really interesting so

10:57

the lesson here really is that

10:59

businesses in general need to be really

11:01

careful about processing where you are

11:03

releasing sensitive information

11:05

and those extra steps that you can take

11:07

i teach courses sometimes to

11:10

business small businesses on cyber

11:12

security and when we get to the part

11:15

about you know uh fake invoices being

11:17

paid and stuff like that you know try to

11:20

stress there should be some

11:21

threshold that you set to say i'll

11:24

accept an email authorization for making

11:26

a payment up to a certain level and

11:28

beyond that it needs a voice or text or

11:31

something to to verify

11:33

so those are the things we like to say

11:36

so you've got to have somebody in the

11:38

process that can verify those things and

11:42

um so this installment of uh aware much

11:44

has been brought to you by click armor

11:46

the first fully gamified security

11:47

awareness training and engagement

11:49

platform and click armor does have a

11:51

course called fakes and frauds that

11:53

helps people learn about different types

11:54

of attacks that can occur by phone or

11:56

email or even text message

11:58

and you can

11:59

sort of choose your own adventure

12:02

choose your own adventure on rails i

12:04

call it where you can practice facing

12:05

scenarios with different potential

12:07

outcomes without wasting too much time

12:09

going into some open world

12:11

so go to clickarmour.ca trial and sign

12:14

up for a free seven-day trial for up to

12:16

five members of your organization

12:18

and that's it for this segment of

12:20

aware much

12:24

all right thank you scott

12:26

very topical because that's just that

12:28

our that is actual news because that

12:30

didn't come out uh just this week so

12:32

um and it's about apple

12:34

so

12:35

and we're trying to talk about that

12:37

and we're going to talk about apple uh

12:39

and google and google uh in this next

12:41

segment which is

12:43

android versus apple ios which is better

12:45

for privacy and cyber security

12:48

so

12:48

there obviously this is a larger topic

12:51

that we could probably have several

12:53

episodes on

12:54

but i i did want to cover three areas

12:58

and i think they're probably the biggest

12:59

three areas when we talk about you know

13:02

which is better um from a privacy and

13:04

cyber security perspective

13:06

and that is essentially the app stores

13:08

themselves and operating system updates

13:12

which we all know and love right

13:14

and we always say patch your devices

13:17

make sure they're updated so we'll talk

13:18

about that then we'll talk about device

13:21

tracking and privacy so specifically

13:23

around ad tracking which has been all

13:26

over the news over the last couple weeks

13:28

and we've even talked about that on the

13:30

show

13:31

and then the last one is around text

13:33

messaging privacy and security because i

13:35

think most people if they're not using

13:37

an app on their phone they're probably

13:39

using it for texting

13:41

right so we want to talk about some of

13:43

the differences there between the

13:44

built-in features and functionality um

13:48

with text messaging so we're not

13:50

necessarily talking about

13:51

messaging apps that you can download but

13:54

what comes with a

13:56

default you know google pixel or an

13:59

apple iphone right

14:01

so so let's get into it and let's talk

14:04

about um apple and google in terms of uh

14:07

operating system updates and the app

14:09

stores so we all know about the apple

14:12

walled garden right

14:14

um where it's proprietary closed source

14:18

right you have to have an apple id to

14:20

download apps

14:22

um and you know apple's been known to

14:24

have a pretty strict uh developer policy

14:28

right so if you want to develop an app

14:29

for

14:30

uh for the apple ecosystem you have to

14:33

go through some things that you know

14:35

uh from you know not quite sure the

14:37

developer verification process but from

14:40

what i've read

14:41

um it's definitely a little more

14:44

invasive especially around what

14:45

they ask you about

14:47

how do you

14:48

handle data from the app yeah i've gone

14:51

through it for some some projects i've

14:53

worked on yeah and it changes i want to

14:55

be very clear like when i went through

14:57

it was a

14:59

couple years ago and it's it's gotten

15:00

stricter

15:02

in many ways but they do a series of

15:05

verifications i will argue that all of

15:08

the verifications they do are bypassable

15:11

um the verifications of who you are to

15:14

validate that you're a rural real

15:15

developer whatever right um and then

15:18

after that you're able to

15:20

to submit apps for consideration and

15:23

they go through another set of

15:24

verifications at that point um which

15:27

which i think is good right um i will

15:30

also say though

15:31

that

15:33

that set of verifications up front apple

15:36

themselves will tell you as does google

15:39

i we're not i'm not picking on apple

15:41

here

15:41

both of them will tell you that in no

15:43

way does that verification tell you that

15:46

this app is secure

15:47

that's correct um yeah so if we if we

15:50

could jump back a little bit to the os i

15:52

think that's an easy

15:54

an easy conversation

15:57

apple wins and the reason apple wins is

15:59

because apple

16:00

is apple

16:01

um

16:03

they produce the hardware they produce

16:05

the devices they ship it out

16:08

they handle the updates they do all this

16:10

kind of stuff and they're the ones who

16:12

decide yep done that device isn't

16:15

supported anymore it's over

16:17

whereas google

16:20

and we can argue whether this is good or

16:21

bad or whatever in either side

16:24

google has instead taken the model of

16:27

other than our devices that we do

16:30

we're going to work with the

16:31

manufacturers and let the manufacturers

16:33

control it right so i have a samsung

16:36

device

16:38

you have a pixel device i don't know

16:40

right right but um

16:42

you have a different version of the

16:44

operating system even available to you

16:47

than i do yeah right and back when i

16:50

first switched over to android

16:52

i was using att uh they were my provider

16:57

i couldn't get

16:59

the latest versions of google android os

17:02

yeah because att didn't even make them

17:04

available

17:05

it was just not possible you you wanted

17:08

to buy a phone you got a phone that had

17:10

a version of android on it that was two

17:12

or three revs back and that's what atmc

17:14

supported and

17:16

i understand

17:18

the benefits there for google

17:21

but but that makes it a very simple

17:23

answer of

17:24

apple is better for security and privacy

17:27

around os updates yeah that's a long

17:30

answer to say simple no it's totally

17:32

right and and device fragmentation in

17:34

the android world is is a huge problem

17:37

because there are so many

17:39

types of android devices that are out

17:41

there and that may never get updates

17:44

because they just you know for whatever

17:46

reason

17:47

um are no longer supported by the

17:50

manufacturer or they're just so out of

17:52

dates

17:53

so you know unless you're getting a

17:55

brand new android phone

17:57

every year

17:58

i mean you risk you know just eventually

18:02

you'll fall into that fragmentation and

18:04

even if you get a new android phone

18:07

you're still falling into the

18:08

fragmentation because i have a samsung

18:10

device so the version of sam the os that

18:14

i'm running

18:15

is different because samsung added stuff

18:18

to it

18:20

i got an unlocked one directly from

18:22

samsung but if i had bought it from

18:24

horizon or whatever when i bought my

18:27

phones from verizon

18:29

and verizon's crud on top of the samsung

18:33

crud on top of the android system right

18:37

i think there's a there's a really

18:39

important fundamental issue here too

18:41

it's not just interoperability it's

18:43

every time you've got different versions

18:45

of things working together there's more

18:47

potential vulnerabilities that you've

18:48

got to keep track of right yep right the

18:50

more complex you make it the easier it

18:52

is for me

18:54

yep to be professionally evil

18:57

yep that's right that's right

18:59

so

19:00

so the other thing i want to mention too

19:02

is on the android side i've been seeing

19:04

more of a movement

19:06

um to d google

19:08

um an android device and um there are

19:12

actual mobile operating systems that are

19:15

out there uh graphene is one uh calyx uh

19:19

lineage os

19:21

um and you can we'll have some links in

19:23

the show notes or if you're interested

19:24

you can explore this where you can you

19:26

know load your own operating system on

19:28

your android phone and that doesn't have

19:30

any google

19:31

google anything right it's an

19:34

interesting idea too because that's

19:36

essentially i think what you're talking

19:37

about is jailbreaking right

19:39

and that would be the equivalence yeah

19:41

kind of right on the apple side is like

19:43

if you want to download apps from

19:46

a third-party app store in the apple

19:47

world you have to jailbreak your device

19:50

to do that and that's harder to do as i

19:51

understand on an apple right

19:53

it varies but it's also not recommended

19:56

because you then are you know you're

19:59

essentially hacking your own device and

20:00

you're then you're making it more

20:02

vulnerable to you and actually

20:05

yeah that's right i will also say that

20:07

on the android side if you replace

20:10

android with a d google flight one

20:12

lineage whatever

20:14

um

20:15

you can run into problems i'm not

20:16

talking secure i'm not saying it's

20:18

insecure or whatever

20:19

but one you got to make sure that what

20:21

you're replacing with is what you think

20:22

you're replacing it with but but

20:24

ignoring that drugs or bad type of

20:27

message because that's what that is

20:29

right like oh my god if you jailbreak it

20:31

you'll be hacked well yeah but you'll

20:33

probably be hacked if you don't

20:34

jailbreak well but um there's also where

20:36

are those are those uh os alternative

20:39

os's are they free or do you buy them

20:41

yeah that's right they're open source so

20:42

you just do it you just search do google

20:44

search and download it and you're good

20:46

does google tell you exactly where those

20:47

are so there's no security issues there

20:50

but but here is here's the issue that

20:53

almost definitely will happen

20:56

you will lose access to certain things

20:59

because they're not supported there

21:01

right right

21:02

my phone

21:04

is managed by my company right we have

21:06

an mdm that mdm

21:09

may not let me in i haven't even looked

21:11

because i haven't considered replacing

21:13

the phone uh but

21:15

the mdm may block me from accessing

21:17

equipment yeah they block me from

21:19

accessing the corporate view

21:21

don't try to jailbreak your employer's

21:22

phone

21:24

but unless you have permission right and

21:26

with me i would have permission to do it

21:28

because i'm who authorizes that kind of

21:29

stuff right like my twitter account says

21:32

my opinions are my employers but um

21:36

you'll lose access to things like that

21:37

you may also lose access to apps yeah

21:40

there are applications

21:42

that when they install they verify that

21:44

the they're installed on a os they

21:47

expect to be yeah yeah and then they

21:49

don't run

21:50

is that a deal breaker for you i don't

21:52

know it's a point great

21:54

different question yeah right

21:56

check your threat model as we always say

21:59

right yeah so

22:01

so the next uh next topic is around

22:03

device tracking and privacy and

22:06

specifically more around ad tracking and

22:08

that's been a big thing that we've

22:10

talked about on the show before

22:12

you know just recently apple has uh

22:15

released their app tracking transparency

22:18

which is a new setting starting with ios

22:22

14.5

22:24

which was in the news because it

22:25

essentially killed um facebook and

22:28

instagram and the meta apps um and a lot

22:30

of their tracking capabilities within

22:32

ios and i think it was there was some

22:35

quote about you know meta losing you

22:37

know potentially

22:38

millions and millions of dollars and

22:40

this year alone dozens of other

22:41

marketing apps right that rely on

22:44

similar technologies for traffic yeah

22:46

that's correct so

22:47

now now on the google side they've kind

22:50

of been slow rolling some opt out

22:52

features in some similar ways to what

22:56

apple did

22:57

um you can right now i know with i think

23:00

the last couple versions of android and

23:02

parkman wrong uh

23:04

kevin but you can reset your ad id

23:07

essentially yes but that's not a

23:09

permanent type of fix of what what apple

23:12

has put in um and of course you can opt

23:14

out of those personalized ads

23:16

um and then google's working on this

23:19

thing called privacy sandbox which is a

23:22

a a larger type of solution for privacy

23:25

on android but that's going to take

23:27

several years to implement from from

23:29

what i've researched so yeah um i think

23:31

the primary differences and this is

23:33

really important to understand is that

23:36

google

23:37

their business is essentially most their

23:39

business is around advertising

23:42

um

23:42

it's just the reality that is how if you

23:45

look at how google started in google

23:47

search and google ads i mean they are

23:50

primarily an advertising company

23:53

and apple um is very different in the

23:56

way that they make money

23:58

um they make money from hardware sales

24:01

essentially

24:02

and then they actually offer you know

24:04

like apple music which is subscription

24:07

yes free

24:08

subscription-based services so

24:11

right i think it's important to kind of

24:12

call that out as the incentives right

24:14

for both and when you hear statements

24:16

like google is working on a privacy

24:18

initiative

24:19

like a sandbox okay what does that mean

24:21

for a business that whose business

24:22

relies on

24:24

not necessarily having complete privacy

24:27

i think it's a life preserver i think uh

24:29

if you look at

24:32

regulation if you look at

24:34

gdpr the eu canada the u.s right more

24:38

and more organizations more and more

24:40

countries more and more

24:42

areas are pushing

24:44

privacy i find it hilarious that the

24:46

same politicians that are pushing

24:48

privacies are also pushing back during

24:50

encryption hypocrisy march yeah that's a

24:53

whole lot yeah yeah we need privacy but

24:55

let us listen in um

25:01

but

25:02

the

25:03

the the regulatory

25:06

bodies are pushing this and so while yes

25:10

google absolutely has made their money

25:11

made their business been an advertising

25:14

behemoth

25:16

they have to adjust right they have to

25:19

not become blockbuster

25:22

right

25:23

blockbuster's whole business was renting

25:25

movies

25:26

and they failed the shift in time yes

25:29

google knows their entire business or

25:31

the majority of their business is

25:34

advertising yeah so they have to figure

25:36

out a way to advertise in a privacy

25:39

aware no and no time like now they've

25:42

got all the money in the world to

25:44

invest in it they got to do it if they

25:46

don't do it if if google doesn't

25:48

transition well

25:51

they will go the route of and it won't

25:53

and it won't be as slow as blockbusters

25:55

no what will happen is

25:57

the regulatory bodies are going to go

26:00

after them right

26:01

and they've already been doing it at a

26:04

certain point it's going to be like look

26:06

this is the death note and that's why i

26:08

think when i look at things like the

26:09

google privacy sandbox

26:11

i'm not saying they're going to be

26:13

perfect i'm not saying they're going to

26:15

be well done

26:16

but they are absolutely going to be a

26:18

seismic shift in what google does

26:21

or they will be huge interesting yeah

26:23

good to know you heard it here folks

26:26

that's right that's right

26:28

i didn't create that from the rockstar

26:30

himself

26:32

that's right so imagine this scenario

26:34

you're out of the office unexpectedly

26:37

and a colleague pings you because they

26:39

need access to some system you have

26:42

credentials for now our listeners would

26:45

never send passwords over email or slack

26:47

right but what about your co-workers how

26:50

many organizations out there are sending

26:52

logins back and forth in plain text

26:56

worse yet how many just store all of

26:58

their logins on a shared spreadsheet we

27:01

all know that human errors are the

27:03

biggest threat to your organization's

27:05

security but did you know that weak or

27:08

stolen passwords account for over 80

27:10

percent of all data breaches now there

27:13

are tools out there that can allow you

27:15

to share credentials set access

27:17

permissions and monitor the dark web for

27:19

stolen logins

27:21

and keeper security's enterprise

27:23

password management platform does just

27:26

that keeper locks down logins payment

27:28

cards confidential documents api keys

27:32

and database passwords in a patented

27:35

zero knowledge encrypted vault

27:37

and it takes less than an hour to deploy

27:40

across your organization

27:42

sign up for a keeper free trial for your

27:44

organization today and get a free 3-year

27:47

personal plan stop sharing emails and

27:50

spreadsheets with the keys to the

27:52

kingdom get started by visiting

27:54

keepersecurity.com

27:57

shared security so the last topic on

28:00

android versus ios we want to talk about

28:02

text messaging

28:04

um and you know because obviously text

28:07

message just call yeah yeah well no one

28:09

makes phone calls can you can you

28:10

actually do that on a mobile phone oh

28:12

yeah you can

28:14

yeah we call it a phone

28:16

and a telephone meant

28:19

calling somebody

28:20

um

28:21

so let's forget calling it a phone but

28:24

anyway

28:25

uh text messaging so i think apple

28:28

everybody knows we have imessage

28:30

which is the blue texts and then android

28:34

is the green

28:35

[Laughter]

28:37

so for those of you in the apple

28:39

ecosystem

28:40

it is a source of large controversy that

28:44

that's my android friends show up as

28:46

green and my apple friend shop is i kind

28:49

of like knowing who's who's green and

28:51

who's do you yeah here's here's my

28:53

question

28:55

did apple pick green to imply that us

28:58

android users are jealous of you i i

29:01

want to know if that was the thought

29:03

process right because if i was doing it

29:04

i would totally do it that way

29:06

it's because all apple users are just

29:08

blue you know we're all down in the

29:09

dumps

29:10

yeah well you know there is i did a

29:13

little bit of research on that and it's

29:15

because there is no interoperability

29:17

between

29:18

the messaging systems um which

29:21

either company could have set some

29:23

standards

29:24

and

29:28

right there is one but and they ruined

29:30

it

29:31

yeah sorry that i'm jumping ahead yeah

29:34

but

29:35

not really a security or privacy related

29:38

topic but it's very interesting and

29:40

we'll have a link to in the show notes

29:41

where you can kind of go down that

29:42

rabbit hole but let's just say that

29:44

there is

29:46

there's just some various reasons for

29:48

not coming together on a standard but um

29:51

regardless from a security perspective

29:54

so imessage um is and encrypted unless

29:59

you back up to icloud

30:02

and only send messages to other

30:04

iphone users because if you don't send

30:07

it yeah that's correct yeah

30:10

it'll default to sms for

30:12

others like android so and to be very

30:15

clear for the people who don't know

30:17

none of the s's in sms stand for

30:19

security

30:21

that is correct that's the message

30:23

there's nothing secure about it no at

30:25

all

30:27

now google um so there is the google

30:29

messages app um which you can enable

30:33

end-to-end encryption

30:35

but it has the same problem right when

30:37

sending messages to those people not

30:40

using the google messages app or an

30:43

iphone user so

30:45

similar in some ways sounds to me like

30:48

there should be an xkcd cartoon for this

30:50

yeah

30:51

yeah now kevin you're an

30:52

android user i was going to ask you if

30:54

you use google messages um

30:57

on your phone yeah

30:58

so i use signal

31:01

which we'll talk about um i believe

31:06

i enabled google messages as one of the

31:08

options if i remember correctly um i i'm

31:11

i say that because i was trying out some

31:13

different messaging

31:15

yeah uh systems right when i had a

31:18

verizon phone

31:19

there was a verizon messages app that

31:21

was pushed down by default um i no

31:24

longer have a verizon phone yeah um but

31:26

yeah i'm 99 now i'm looking at my phone

31:29

like i want to check

31:31

um but i use signal for for lots of

31:33

things um

31:35

as people should in my opinion but um

31:38

i

31:40

i'm the oddball though

31:41

i'm a very firm believer that people are

31:43

going to read my messages anyways so i

31:46

don't use sms for anything that i'd be

31:49

worried about somebody reading over the

31:51

internet right um

31:53

but that's but that's me right like i i

31:55

don't i'm not saying that makes it okay

31:58

i'm just saying

32:00

i use sms as a

32:03

when i s mess somebody it's

32:05

it is not secure it's nonsense yeah

32:07

right yeah yeah you get a little name

32:09

from me or something yeah and that's

32:11

kind of my take too is like i mean

32:13

obviously with all all my friends that

32:15

you know we're chatting in a group text

32:16

or something like that you know there

32:18

are going to be a few android users and

32:20

like i'm not sending anything that you

32:22

know is considered sensitive and if it

32:24

gets intercepted like okay well big deal

32:28

but there are conversations and

32:30

obviously things related to maybe

32:31

business or other stuff that i'm going

32:33

to use signal for

32:35

um

32:36

because you know i just want that extra

32:37

layer of security and to be frank i

32:40

actually like a lot of the features

32:42

within signal

32:43

um a little bit better than what's

32:46

available in imessage

32:47

so

32:48

but again the problem is

32:51

i have friends that probably will never

32:52

use signal

32:54

nor will i'll be able to convince them

32:55

to use here's yet another app you need

32:57

to use for your messaging

33:00

unless they're in this security

33:01

community yeah

33:02

then everybody's using it right but but

33:05

i have friends outside of security that

33:06

i need to talk to what i would love to

33:08

see is i would love to see apple and

33:11

google

33:12

push signal down yeah adopt it into the

33:14

os yeah

33:15

right like not not embedded in the os

33:18

the underlying technology yeah yeah yes

33:20

push down the app as a default like hey

33:23

you buy a new iphone it has signal on

33:26

um they would overnight increase the

33:29

number of people using good stuff of

33:31

course i will tell you that i cringe

33:33

every time i see the ad from

33:36

meta about the whatsapp where they're

33:38

have you seen the new ads they're

33:39

playing where like the

33:41

post office guy comes to the door and he

33:43

hands them

33:44

like why is my mail open and they're

33:46

like i don't know maybe somebody read it

33:48

use whatsapp

33:50

oh

33:58

yeah

33:59

and and we've we've talked about

34:00

messaging secure messaging apps on the

34:02

show before and we've always come back

34:03

to our recommendation as signal um

34:06

you know i know there's telegram

34:08

whatsapp there's wire there's a bunch of

34:10

apps out there um

34:12

you know but just in terms of like

34:15

what's been tested by multiple people

34:18

um plus you know i think the company

34:22

behind moxie marlin spike's company

34:24

behind uh signal

34:26

um

34:27

you know the guy is

34:29

super smart and he talks a lot about

34:33

how he

34:34

develops his apps and so i have one

34:36

question for you on this and that is you

34:38

know is it likely or do you think it's

34:40

likely that uh signal will ever somehow

34:42

be outlawed

34:44

right there's always oh there's

34:45

absolutely places that will outlaw of

34:47

course yeah well let's be very clear

34:49

both in the u.s and in the uk and i

34:53

believe canada as well there are

34:55

serious efforts to back door encryption

34:58

at that point signal will be outlawed

35:01

well not to mention here in the united

35:03

states there are actually active

35:06

discussions going on in u.s congress

35:08

about

35:09

banning end-to-end encryption yeah

35:11

the us i thought i did yeah

35:17

yeah you know what i said was the us and

35:19

the uk and i believe canada is also

35:21

doing it that's uh yeah i'm trying to

35:23

remember

35:24

but yeah no the us is doing i absolutely

35:26

believe that

35:29

i would never support

35:31

insurrection but if you were going to be

35:35

an insurrectionist

35:37

this would be a reason to do it not

35:39

electoral college yeah what

35:42

i'm like sure i don't put this one in

35:44

the uh the uh the show preview

35:47

yeah yeah yeah

35:50

today

35:51

i would not be a nazi i should watch it

35:54

kevin did i hear kevin saying you want

35:56

some interaction

35:58

i just i don't understand i honestly

36:00

don't understand i i wish you never i

36:03

don't know about recently but when i was

36:05

younger when i was a teenager when i was

36:07

a kid

36:08

one of the popular tropes in movies and

36:10

tv shows was

36:12

the parent and the kids swapped bodies

36:15

for the day freaky friday yes yeah yeah

36:18

friday whatever like all of those types

36:19

of shows

36:20

i i would like one day

36:24

just to know

36:26

what

36:27

ignorant

36:28

thoughts

36:30

are going through a politician's mind

36:32

and i want to regret any of the

36:33

politicians practically i i want to know

36:36

how they

36:38

delude themselves into believing

36:42

that they are supporting privacy

36:45

supporting the population supporting

36:48

good

36:49

and supporting breaking encryption yeah

36:52

i like those two i just yeah how do you

36:55

make both of those statements come out

36:57

of the same faithful

36:59

and believe that that is

37:01

yep you know would be fun kevin

37:03

we should get a politician on the show

37:06

so we could have that conversation i'm

37:08

being totally serious yeah yeah i would

37:11

love it if we could find you know

37:13

that's a great idea

37:15

and kevin couldn't actually punch him in

37:16

the throat

37:18

i know because they won't be in the same

37:19

room so there could be no

37:21

there'd be no violence but i want to be

37:22

very clear like i would want to have

37:24

that conversation

37:26

because i don't believe

37:28

that's a political or bipartisan like a

37:32

you're bipartisan i believe that no

37:34

matter what your politics are whether

37:36

you're a republican a democrat a

37:38

communist a libertarian a

37:42

fruitarian i don't know if that's a real

37:43

thing

37:44

doomsday

37:46

right uh a fruitarian is somebody who

37:48

believes that strawberries should be

37:50

illegal um is what i've decided

37:54

i don't know

37:55

but i don't know what your politics are

37:57

i believe that that should be an easily

37:59

answered question

38:01

how do you support privacy and back

38:03

dooring encryption all right

38:06

that's like a call for for politicians

38:08

to reach out yeah yeah i'm i'm going to

38:10

research that one and see who we can get

38:13

i'd love to have like a u.s senator on

38:16

the show wouldn't that be amazing yeah

38:19

i'm in

38:20

okay all right all right well you heard

38:21

it here first folks uh and if you have

38:24

any leads to any uh uh politicians

38:27

ex-presidents anything like that we'd be

38:31

greatly interested in speaking doesn't

38:32

mean we need you to hide wait wait wait

38:34

wait no no no don't hack them you said

38:37

ex-presidents and i want to be very

38:39

clear

38:40

there's one we got no interest in

38:42

talking to you

38:43

no

38:44

not true

38:59

well uh with that um hopefully everybody

39:02

uh got some good uh advice just

39:05

to summarize it goes back to your you

39:08

know personal

39:10

uh threat level your you know risk level

39:13

risk tolerance those types of things um

39:16

there's pros and cons to both obviously

39:19

um kevin even has said you know he likes

39:22

ads personalized ads right yeah um

39:26

and some people do and they're okay with

39:27

that so you just got to make your own uh

39:29

judgment call from a privacy in in cyber

39:32

security perspective but i think the big

39:34

important thing to remember is

39:36

be aware of what you're deciding that's

39:37

it that's right exactly too many people

39:40

make the decision understand the risks

39:42

making the decisions yes right like that

39:44

they just default i that's where i think

39:46

it's the problem is that they're i can

39:48

accept the problem to the personalize

39:50

that so i like them because i'm aware

39:52

i'm accepting it

39:54

and i'll just say if you want to

39:55

continue this conversation check out our

39:57

reddit community um yeah and the shared

39:59

security show subreddit and uh we'd love

40:02

to chat more about this uh i think

40:04

really important topic yes so

40:07

all right everyone well folks

40:09

thanks for listening and we will catch

40:11

everyone next week

40:13

thanks for watching if you enjoyed this

40:15

episode and you'd like to help support

40:17

the podcast hit that like and subscribe

40:20

button to catch all the latest from the

40:22

show visit our website

40:24

sharedsecurity.net

40:25

follow us on twitter at sharedsec and

40:28

join our reddit community on the shared

40:30

security show subreddit

Посмотреть больше похожих видео

YouTube Channels Are Being HACKED! (How to Protect Yourself)

How To Stay Safe On Telegram : The TRUTH About Security On The App

Network Security Model

Encryption Explained Simply | What Is Encryption? | Cryptography And Network Security | Simplilearn

Security Breach Example 2

Can We Trust Artificial Intelligence? | The Daily Aus

Rate This

★

★

★

★

★

5.0 / 5 (0 votes)

Связанные теги

CybersecurityPrivacyAndroidAppleApp StoresOS UpdatesDevice TrackingAd TrackingText MessagingSignal AppEnd-to-End Encryption

Вам нужно краткое изложение на английском?