Mobile Security

From Wired Wiki
Jump to navigation Jump to search

Graphene OS vs iOS Lockdown Mode

Generally Graphene OS has a better track record than iOS. [1] Most exploits for iOS are however mitigated by Lockdown mode. Graphene OS is recommended by Whonix Developers. [2] iOS will still require an Apple ID where Graphene OS does not require play services, Graphene is more private in that regard. Safari under iOS lockdown is much more hardened [3] than Vanadium under Graphene OS. [4]

Apple

Although Apple prides itself on it's privacy features, users have found that Apple is not as private as they may think. Here are some examples of Apple's foul play:

Mysk Tracking Research – November 2022

"Farley v Apple" class action lawsuit, filed 1/13/23. [5]

"Robinson v Apple"[3] class action lawsuit, filed 2/2/23. [6]

"Libman v Apple"[4] class action lawsuit, filed 11/10/22. [7]

Independent researchers at software company Mysk found that when Apple consumers turn off the "Allow Apps to Request to Track" feature in settings, their information is still sent to Apple while using first-party apps. This was also found true in other settings, such as disabling "Share iPad Analytics" on an iPad. The three class action lawsuits above are all based on Mysk's finding, stating that Apple users have the right to privacy, especially when Apple's recent ad campaigns have been bragging about that fact.

Further reading - https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558

Government Cooperation

Apple is transparent about it's cooperation with government officials, and will willingly hand over user data if asked. According to Apple's own website [8], in the last six months of 2021 they received 4,855 device requests ("requests asking for customer data related to device identifiers such as serial numbers or IMEI numbers") and honored 82%, or 3,990 of those said requests.

"ATT" and Apple's Distinction Between First and Third Party Data Gathering

In April of 2022 Apple released a statement regarding their ATT policy on data collection from third party apps. In this statement Apple says that it looks to limit the amount of amount of third party data collection that occurs on Apple devices, while retaining Apples ability to conduct their own data collection. From my gathering it appears that Apple looks to limit third party app tracking while continuing to gather data themselves via their first party apps.

You can read the statement yourself here: https://www.apple.com/privacy/docs/...p_Tracking_Transparency_Policy_April_2022.pdf

Linux Phones

There is no Pinephone/Postmarket hardening guide, but the Debianand Arch hardening guides are effective resources

https://ollieparanoid.github.io/post/security-warning/

Mobile OPSEC

  • Don't use pattern locks. They are insecure. [9] [10] [11]

Sources