If you’ve already downloaded the latest Apple iOS update, you’re undoubtedly loving the new interactive Home widget, customizable app icons, Picture-in-Picture mode, and similarly adorable new features. But as is always the case with Apple iOS rollouts, the star of the show should really be all the security and privacy enhancements packed into the latest release.
Yet even these innovative new features can’t keep users from wondering whether App Messengers and encrypted communications are truly as safe as they think. Recent events that saw the FBI intercepting plans of criminal activity do expose some uncomfortable truths. One organization that’s looking to bolster its credibility with users is Zoom, with the long-awaited release of end-to-end video encryption.
Before we dive into encryption concerns, let’s look at privacy improvements such as how iOS14 enhances your ability to prevent specific apps from tracking your exact location, as well as having access to your entire photo library. Previously, users were limited to giving apps access to their specific location or blocking their location altogether. Location requests now include a Precise: toggle.
While easy to overlook, this addition is huge. When switched on, apps will have access to your precise location just as before. But tap it to switch off, and the app will only have access to your general location. This allows you to enjoy the benefits of seeing stores and restaurants near you without having to compromise your precise location. If you go into your iPhone Settings and choose Privacy > Location Services, you can make these specifications with every single one of your apps.
Apple seems to be moving in a direction that rejects an “all or nothing” approach with app access. Up until now, users were forced to grant apps access to their entire photo library just to upload a handful of pictures. A new privacy feature of iOS14 grants the ability to handpick specific photos and videos to give an app access to, while protecting the rest.
iOS14 also introduces a new password monitoring system. Under Settings > Passwords > Security Recommendations users can view all passwords that Apple has deemed too easy to guess, possibly compromised in a data breach, used too many times, or otherwise unsafe.
Recently, the FBI arrested a group of men for conspiring to kidnap the Governor of Michigan. It’s a total relief that this plot was avoided and nobody was hurt, but the manner in which it was thwarted has raised some eyebrows. A confidential informant gave the FBI access to a messaging thread where the men made their plans, and this allowed the FBI to stay in the loop even after the group switched messaging apps.
Encrypted messaging works to “scramble up your messages as they travel across cellular communications systems and the internet to get to the intended recipient” (cnet). This means, in theory, the only parties that should have access to an encrypted message are the sender and the receiver. But as the incident with the Michigan Governor demonstrates, there are plenty of loopholes that users must take into consideration.
Messages sent on an encrypted service can be widely distributed once shared with a third-party, which is how the FBI foiled the kidnapping conspiracy. For all the positive updates that come with iOS14, the information stores on iPhones are only encrypted when the device is locked. If someone is able to guess your password, or if you don’t keep your iPhone locked, it’s essentially exposed. Another common form of malware called stalkerware has become dangerously popular for people wanting to spy on partners, spouses or exes.
Loopholes for accessing secure communications may be a good thing when it comes to law enforcement stopping criminal activity in its tracks, but they may be worrisome to a public that generally relies on the encryption and security of their devices to keep private communications private. Luckily, there are some steps you can take to bolster your security.
iPhone users should always keep it locked, and take advantage of Apple’s 6-digit passcode. Android phones do require the additional step to manually enable disk encryption, but this option combined with a locked phone should keep things secure.
Always opt for unique, hard-to-guess passwords. If you currently use your pet’s name or mom’s birthday, yes, we are talking to you. Additionally, you can regularly run checks for malware that may have infected your phone behind the scenes.
Protecting enterprise devices? See how Venafi Endpoint Protect can help you install and protect machine identities on mobile devices.