[pslam]

> Between CarrierIQ and OTA updates/access, there is no such things as end-to-end encryption on a cell phone.

I don't think you understand what end-to-end means.

[kevinsundar]

Even with end to end at some point the information needs to be displayed to the user and especially on Android at that point you can collect anything you'd like. Unless there is some way of encrypting data all the way to the display controller I don't know about. But that will never happen as it would be the end of so many other features.

So he's right theres no such thing as true end to end on common cell phones.

[nitrogen]

Unless there is some way of encrypting data all the way to the display controller I don't know about.

That's kind of what HDCP is, so it could be done on an embedded display too.

[SomeOldThrow]

IIUC you'd have to encrypt the text rendering, not the rendered text, for the message to be e2e encrypted and inaccessible through memory.

[nitrogen]

In theory you could run the decryption and rendering in the GPU (as is done for video), which would re-encrypt for display.

[ska]

> no such thing as true end to end on common cell phones.

Hardly the only application though, is it?

[LinuxBender]

I most certainly do. CarrierIQ (former name) negates it. HTTPS and GPG can't hide anything from it. Any phone app will be entirely transparent. There are other debug apps embeded in different phones that can be triggered to start gathering data in the background. They can even tell the velocity you swiped in what direction and what angle you were holding the phone.

[eitland]

> I most certainly do.

I do not find that this comment proven, neither in your profile, nor in the context of this thread.