Oddbean new post about login | logout Are all phones really as vulnerable to malware as Mcafee claimed?
All phones are vulnerable to pegasus...
Yes. Sometimes hidden (Pegasus), sometimes right on your face (Google malware), sometimes lied to you (Apple malware).
Both App Store iOS and Google Play Store don't have the ability for developers to sign builds, meaning whatever software you download from these places may have been modified after the creator submitted it.
So zap.store fixes this?
Yes, this particular part, it's also very ingrained, like older versions of cocoa pods (a dependency management tool) had an attack vector where while building you your app a malicious actor could inject dependencies you didn't even ask for, it's fixed in recent versions, but it was active for years, and developers didn't even know they were shipping malicious apps to their users.
i once made a comment on a politicians post on Twitter some years ago, in reference to China, and how we should not be using their products at sensitive digital access points. 5 minutes later, i got one ring, and a text on my phone. both from Beijing. Never been there, have no connections there. i realized the Chinese didnt like what i said, and in 5 minutes had my phone and probably location from that post, and twitters data. Changed my perspective on phones.
No one thinks about their phone's keyboard, but it seems silly to use a private messenger app in combination with the default keyboard from Google or Samsung. Switching to a private keyboard is pretty easy.
Couldn’t you just disable network permissions on it?
They don't appear in my app list so it's not intuitive how to disable permissions at the OS level like other apps. I've read about people using networking apps to block connection requests, but this seems like a high bar for the average user. It's so much easier to just install a keyboard that doesn't require sketchy permissions.
My keyboard needs two permissions: control vibration and run at startup. That's it.
I like graphene for this. Very easy to set permissions on apps. I don’t know how the default android experience is since I haven’t tried it in a long time
I haven't worked up the nerve to go all-in on graphene but it's on my radar.
A phone is as any computer. If any service on your phone is vulnerable your phone is. You don't need to install an App to get hacked. Vulnerabilities SMS/MMS, the GMS stack and other services are/have been used to infect phone without ppl. noticing. If need to talk *any thing* sensitive, don't bring your phone. Some work places even have shielded "boxes" where you put your phone before going in to any meeting. I have had stuff installed on phone's by "others" without any action hoping I would not "notice". No, you can not trust your phone is secure.
