iPhone and Ipad iOS Privacy violations

[plib]

Quote:

Originally Posted by Andrew H.

I know some people who work with classified information; they're not allowed to bring their phones to the office, much less connect them to the network and use them calendaring or e-mail. (For that matter, their work computers are not connected to the outside world, either.)

I agree. Seriously classified information or locations wouldn't, or shouldn't. The list above was a bit tongue-in-cheek obviously. However there are government and many corporate environments that aren't so restricted and electronic industrial espionage is commonplace. The Chinese have been doing it for years. Chinese IP's even hammer my router on a routine basis.

[drofgnal]

Its the same with cookies in your computer browser. I see ads sometimes for the exact product whose website I visited. Not a big deal to me.

What I found more alarming was facebook. I connected with an old friend from high school. We exchanged several messages via facebook. She told me about a bavarian vacation her family had taken and behold, I start getting ads in facebook for a bavarian vacation.

I don't care if they use cookies and browsing history to target ads to me, but when the content of private messages is used to target ads, I get a little angry. I've since quite visiting facebook at all.

[JoeD]

This particular issue may not be of concern to people handling classified information if the policy in use prohibits mobiles/own devices. However, that doesn't make the concerns any less valid for regular business, government and individuals when the issue is apps/privacy leaks in general and not just this one specific instance.

There's a lot of highly valuable information that can cause a lot of damage on an individual or even national level that isn't classified and would be found used on mobiles. The data may be confidential enough that devices are required to be encrypted to safeguard against loss/theft, but when the apps running on the device itself are pinching the data, it's a problem.

You could argue that people shouldn't download/install apps they don't trust, but that's not really feasible for anyone that wants to actually use their phone. Especially when you consider the "trusted" companies can just as likely be the ones responsible due to the money gains targetted ads bring. There's nothing to say pre-installed apps arn't also up to no good (in terms of privacy leaking, rather than maliciousness)

Re android and the permissions. I agree most don't care/take notice of the warnings, but that's their choice. If I downloaded an app that was only supposed to be used to read content on my device and it wants location/phone/internet access, I'd question why, google it and see if anyone knows what it wants to do. Whether that would turn up useful information is a different matter

That wouldn't have helped in the case of the linked in app though, as you know it needs net access and will check contacts etc in many cases, desired behaviour, but there's no way to know that the data they're sending encompasses more than you're willing to give.

Not sure how that problem can be tackled, there's not really anything that can be done on an OS level, which leaves it up to the platform holders to require a public disclosure of what info is accessed/used/transmitted and a promise to ban any developers who go beyond that that. A burden I'm sure apple don't want and there's going to be the fine line between honest mistakes where apps pull more than needed and claiming it's a mistake when it was really intended.

If I know exactly what data is accessed/transmitte, it's then up to me to decide whether I care enough to look it up and decide to use that app based on that. Majority of people probably won't care, that's fine. Busiesses though could vet (legit) apps that are deemed to access too much information or details they don't want to share.

It won't stop malicious apps that lie deliberatly then try to steal info, but that's not the goal, it's to stop legit apps accessing data that they deem is fine where as the users sometimes deem that as not acceptable. For example, this whole linked in mess, wouldn't have occurred had linkedin declared up front what data their apps transmit back to their servers and the reasons. People could decide to trust linkedin to delete the data as they claim to do, or decide not to use the app. They could make an _informed_ decision.

[Penforhire]

Why you think there is nothing that can be done on an OS level?

Make the device default to anonymized browing and all-hidden device ID's. That is within the power of a non-jailbroken OS. If you want them to go the extra mile they can provide VPN service by default. Siri has to be more of a big deal (expense) to provide than a simple anonymizing VPN.

Let us opt-in if we want the benefit of cookies, targeted ads, speedier VPN bypass or whatever.

[JoeD]

Quote:

Originally Posted by Penforhire

Why you think there is nothing that can be done on an OS level?

Make the device default to anonymized browing and all-hidden device ID's. That is within the power of a non-jailbroken OS. If you want them to go the extra mile they can provide VPN service by default. Siri has to be more of a big deal (expense) to provide than a simple anonymizing VPN.

Let us opt-in if we want the benefit of cookies, targeted ads, speedier VPN bypass or whatever.

What I mean by there not being an OS level solution is that apps will require a certain level of access to user data. Whilst the OS can have security in place to ensure apps do not gain access to various functions without your permission e.g contact list, calendar, location services, phone/mic/camera, at some point you use apps that do require some access. Once granted, the OS does not know how much access the app is making, what it's doing with that info (whilst it could track that, it couldn't really know if that usage is inline with the permission you've granted)

Sure, really really fine grained permissions could be added, but it would never cover all cases.

The only feasible solution imo is that if an app needs access to any of your data, that access is made clear by the app maker along with what data and how it's used.

I'm not saying it's technically impossible. I just don't think it's feasible for the OS to handle it to the extent that would be needed. High level protection can and in some cases already is provided for things like contact access, location services but the problem is when apps have a legitimate need for limited access and then go beyond what the user expected or store/use the information for reasons the user wasn't made aware of.

[murraypaul]

Looks like Apple is adding more fine-grained access control by application to things like contacts, similar to how access to location services is already controlled:

http://appadvice.com/appnn/2012/06/a...s-app-in-ios-6

[JoeD]

Quote:

Originally Posted by murraypaul

Looks like Apple is adding more fine-grained access control by application to things like contacts, similar to how access to location services is already controlled:

http://appadvice.com/appnn/2012/06/a...s-app-in-ios-6

Yep, a welcomed change that will at least allow you to recognise apps that are trying to access data they have no business touching.

I doubt it would have helped avoid the linkedin issue though, since people would have granted contact access thinking it's only sending name/email for matching purposes whilst it was transfering everything behind the scenes.

I do wonder why they didn't pre-process the contact info on the iphone and only send hashes of names/emails back to their servers. That way any email address/contact who is not a member of linked-in would not have their details exposed to linked in, yet those hashes could be compared against their current member list to find matches. Not that it's perfect nor secure by any means.

If they wanted to do it properly though they'd implement some form of secure computation such as garbled circuits. Considering they didn't hash/salt their password db though, security wasn't their highest priority :P