Microsoft Corporation, Android, Vulnerability Why phones are more secure than desktops

This is a hot take, unfortunately still in 2022, but it has been the case for years. The modern phone security models allow for a much greater protection of your sensitive data than any desktop offers. Today, the myth about insecure phones has been so prevalent that i used to ignore secure phone setups entirely, because i consider the mere ownership of a phone unacceptable. There are plenty of problems with phones, many of which are totally unethical, but heres. The thing any issue you can criticize a modern phone for is several times worse on a desktop equivalent of it. So lets tackle some of these myths, real quick Music. You might have heard plenty of times how these mobile devices were designed to track all of our movements and activities and thats all they do. But this is a factually wrong assumption, because the exact opposite is true. If you believe this notion, you probably dont know that android apps have no access to your phones, hardware, identifier, since android 10., you can revoke background location, access or even foreground location access. If you havent noticed any of these ubiquitous ad permissions, prompts you see in the pop up dialogues in your phone. All the time are virtually non existent on any desktop. If you go to your phones, privacy settings, you will find plenty of toggles that allow you to harden your security and limit what data apps can access its amusing and tragic. At the same time, how many people suggest linux as a privacy alternative to phones when no such extensive privacy settings exist on pretty much any linux? Distro even windows has implemented more permission toggles, and that system is a data collection hub Music, both android and ios, were designed with a thorough thread model in mind.

For example, androids threat model assumes your device could be stolen or the police might want to lock it against your consent to mitigate this threat. Android developed a secure, keystore implementation that generates and stores your undevised encryption keys in a temp resistant hardware. This hardware bound key implementation was designed so that it is impossible to extract your cryptographic keys without your lock screen passcode. So not even a full kernel exploit or system compromise can access your secret keys. All modern phones are encrypted by default. Most desktops dont even offer it as an option and those that do have no or limited mitigation against brute force or cold boot attacks. Full disk encryption has been abandoned since android 7, due to its limitation of not being able to protect the encryption keys. There is virtually no protection of your desktop encryption once someone has physical access to it. Music, modern mobile operating systems implement defense in depth, mechanisms that eliminate the ability of malicious software to access your sensitive data. Much of this is done via exploit mitigation attack, surface reduction and isolation. Isolation and containment is where the differences between desktop and mobile security models are most visible to the end user. For instance, when i install a password manager app on my phone, i can reasonably assume no other app is going to be able to access this data or log. The keystrokes during password prompts. This is ensured with the application sandbox that strictly limits how apps can communicate and share data with each other and the system.

If my password manager doesnt allow a certain ipc mechanism, no other app can reach it. This straight permission model enforces this consent. If i use the same password manager on my desktop machine, the only defense mechanism i have is the encryption of the password database, its easy for malicious apps. On my desktop to steal my password database and brute force it locally, there is no permission model that would restrict other apps access to my password manager. Database, Music, privacy, oftentimes balances between anonymity and security, and sometimes trade offs have to be made. For example, the most secure way to install apps is through an official ad repository. This is due to multiple reasons, mainly because of the app sign in requirement which makes sure the app is coming from the developer and not an untrusted party. Various repositories have submission checks or a vetting process that eliminates the presence of malicious knockoffs, for instance. The problem is that the only way google and apple allow you to use their app stores is, after you, sign in with a real phone number at best. This is going to be pseudonymous because its hard or impossible to obtain an anonymous sim card and phone numbers will always be tied to an approximate location. This allows app stores to collect your amp usage data or, by the very least, your app list, which can be used to fingerprint you on linux. On the other hand, you can also install apps from a repository, but youre not required to create an account.

This is beneficial because the only identifier left pretty much is your ip address, which can be obfuscated with a vpn or tor, but thats, where the benefits end, because linux, app stores have no permission, manifests and all linux apps you install, are immediately granted access to all User data based on your logged in account, so while you cant, expect to be anonymous on a stock mobile, app store, youre at least reasonably secure and private, on a desktop repository, you could maintain an animated to a limited extent, but everything else is subject to a Huge amount of trust in every single app you install many zealots in the privacy community. If such a thing even exists, do not make a distinction between services and platforms. Android means a lot of completely unrelated things to a lot of different people, but in reality, android is just a free and open source mobile operating system. It has no google apps or services no pre installed bundles or bloatware. It is a very clean and user friendly operating system thats available for everyone for free its important to make this distinction, because its possible to use an android device without any privacy, invasive apps and services. The androids model allows for it. Android is private and safe. By default, its best, if you can use it without privacy, invasive services such as the google play store, this is best achieved on graphene os, but even if you cant use your phone without them its not all lost, you should still go through the privacy settings of Each of these services and disable all the location, youre not comfortable with whats neat – is that that even stock android allows you to create multiple user profiles.

You can use these profiles to compartmentalize your online identities and have separate profiles for work, personal life and online banking. For instance, much of your privacy depends on how you use the tools at your disposal. Another common misconception, thats extremely damaging, yet too popular is that iphones are just inherently more private and secure than any and all android phones. But this again is not true. There is nothing that iphones do fundamentally differently than android phones when it comes to protecting your private data on your phone, especially protecting them from third party data collection. The what happens on your iphone stays in your iphone is a disgustingly misleading campaign. Android protects their data. Just as well as ios, where iphones generally trade battery security updates, which are important but more and more android vendors are starting to catch up, especially pixel phones. That in many cases, beat iphones in hardware security if youre buying a phone for privacy, pixel phones from google or the latest generation, iphones are going to be your best bet. Pixel phones will let you go miles further than iphones. If you decide to flash graphing os on them that way, your phone will be significantly protected against even unknown vulnerabilities and zero day exploits, and it will completely anonymize your device, but other than that. This whole myth that ios is just infinitely more secure or private than android is just a gross lack of understanding of the security models of these systems.

Music, mobile operating systems are constantly improving their security with every new release. Their ultimate goal is to make individual vulnerabilities impossible to exploit and increase the number of vulnerabilities required to bypass the security model and, to a large extent, they have already achieved this goal. It usually takes a chain of exploits to hack a mobile device both with physical access or remote code execution. The market prices for zero day exploits illustrates vividly how much ahead phones are, as opposed to desktops android exploits are currently the most expensive ones followed by ios. Exploits both costing millions of dollars compare that to desktop, exploits and youll immediately see the difference its night and day more privacy shouldnt come at a cost of security phones, arent going to be perfectly private out of the box. There is still plenty of room for hardening to do, but the base features of mobile security are years, if not decades, ahead of desktop oss its easier to take advantage of mobile security. While understanding where you need to take steps to safeguard your privacy, then blindly trust much more inferior desktop systems that offer no substantial defenses. This channel has an extensive library of videos that will teach you a lot about online privacy, anonymity and security, and i will be updating them with new videos that go even further. On my patreon page, i dedicate two weekly episodes to discussing these issues even further and going even more in depth with my research.

All of my work is free from corporate influence because i dont want sponsorship or affiliate links detained my advice.

What do you think?

Written by freotech


Leave a Reply

Your email address will not be published. Required fields are marked *



Microsoft Corporation, Android, Vulnerability Hack Talks #134 | FBI Warning, Android vulnerability by microsoft, blackcat ransomware, GhostTouch

Microsoft Corporation, Android, Vulnerability HP goes LINUX, Future of BUDGIE, and KDE PLASMA 5.25 beta – Linux and open source news