Would it actually have more resources that say Apple? I think if Apple can not do it, I am unsure if anyone else could. All supposedly secure smart phones are not, but they are at least obscure.
I think that one should probably buy an Apple (at least they control everything rather than the cobbled together android clones) and disable basically everything except exactly what is needed. At least that reduces the surface area. And keep personal stuff on a separate phone.
Apple can do it (create a security focused phone), it just isn't anywhere near what they want to do. The instant security (or privacy for that matter) gets in the way of profit for Apple they will back away.
Apple is actually not in the business of selling the data of their users. They will also risk aggravating large players in favor of improved privacy. A recent example: App Tracking Transparency [1] which makes tracking an opt-in feature to be requested from the user. To no one's surprise users are happily declining when made this offer. Companies like Facebook aren't too happy about it. [2]
Privacy and security are related, but distinct. Apple has been pushing privacy, but we're talking about security here. Typically the tradeoffs around increasing security have to do with user experience, something Apple typically does not like to compromise on.
Well, keeping things private certainly rests on the security of devices and protocols. That being said, Apple investing heavily in making security unobtrusive isn't in itself a sign of weak security. A lot of it is just well engineered and thus unseen. But documented in parts for everyone to see: https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...
If I somehow made it seem as I thought Apple sell data then that wasn't my intent (but neither does Facebook or Google sell their data).
However I do believe that Apple is only doing what you describe as a PR move. At the same time Apple fight other's advertising and tracking they are strengthening their own version of this. That users get something good out of it is strictly a side-effect. Promoting Apple because of this is in my opinion worse than promoting Facebook for their behaviour as they don't try to sell it as "protecting their users" as far as I know. Using an Apple phone is likely better than one Facebook had its hands on but the thinking and ethics behind is worse in an Apple product as they are successfully being extremely disingenuous towards their users about protecting their privacy.
Or maybe it's because they're doing their best to make every iPhone the security-focused phone, while not doing anything that would anger the FBI enough to try to pass legislation. When you are that big of a company, the things you can get away with are much more restricted than a small company.
iOS seems the worst solution, like you are forced to used Apple web engine so a bug or zero day in that engine will own all users. Apple would need to give the users the ability to uninstall preinstalled stuff and replaced them with safer or better alternatives.
The parent post is saying that many of these "secure phones" are, on paper, secure - but that's because companies like the NSO Group don't give them much attention. If they did become the focus of attention, they'd probably burst from a thousand leaks.
I agree. To break apart from the Android/Apple world, surely a team of people could disrupt the ecosystem. It wasn't that long ago that flip phones were state of the art. Somewhere in between then and now, we passed all the barriers to lose privacy.
BlackBerry, blackphone didn't succeed to be profitable, but perhaps that was not the right time. Perhaps privacy was not so completely lost yet, to be relevant to the public. Perhaps there is enough of a market to sustain that model?
Simple solution: just use "dumb phones" or burners
No non-open source "smart" phone is going to be secure enough. If you never store your data on your phone, you are safe from these hacks. Now you have to just protect from physical attacks :)
Except for physical attacks. No root of trust means that if your phone was ever stolen, installing a PIN guessing app is easy. Extracting the encrypted data for attacking it elsewhere is also easy.
These apparently exist in the criminal underworld (see the FBI's recent sting using such a project) and for state security organizations (developed by major defense contractors, afaik).
Those are always targeted extra hard since they tend to be used by criminals. See the recent "encrypted phones" (Encrochat, Anom, ...)
If you really care about security maybe it's better to get a really dumb 4G phone and share it's connection with a Linux small form tablet (but not running Android).
Of course, inconvenient as hell, but much more secure, especially since you are not running the iOS/Android mono-culture, so for anyone to target you it would require customized service.
But then you are vulnerable to physical attacks. You don't have hardware root of trust, so installing a PIN-guessing tool is easy. Extracting the encrypted data for attacking it on a computer outside the phone is also easy.
That's a little silly. The iPhone is a "cyber security focused smartphone" and Apple has billions in R&D money going into its phone. That's a nice thing to say but it doesn't really mean much unless you have some way to achieve that in a way that Apple's vast resources can't.
> ave some way to achieve that in a way that Apple's vast resources can't.
I think "can't" here runs up against "choose not to". So far as we can tell opsec tends to be a pain in the ass in ways that are fundamental, not a problem with tools. Apple, like any other consumer focused company, doesn't lose focus of this.
The silly thing is that Apple advertises their phone as something cyber security focused, when it can be totally pwned in so many ways.
And you don't need Apple's resources to make something better, just a more secure phone would have much worse UX. Just some examples for a much more secure phone, where you dont need Apple's budget:
- Runs some barebones Linux with minimal packages. An SMS app is an SMS app, not something that makes HTTP requests.
- app store is very heavily vetted
- forced updates, you can't dismiss update notifications.
- minimal attack interface, no smart connection features or accessories.
- Forced Updates? The FBI takes over the update server, forcibly sends out an update that sends all messages to the FBI immediately, and there's no way to stop it. That suggestion is idiotic. Or even better, install Pegasus on all the phones, have them be quietly reporting back to home for a few weeks, with journalists having no way to prevent updating.
- You forgot Hardware Root of Trust and Secure Enclave, like on an iPhone. Otherwise, the FBI can install a tool which just guesses PINs over and over while resetting the PIN attempts counter. It is not possible to build this protection in software only. You need chip-level hardware, and only iPhones in Fall 2020 and later have the Enclave set up to block repeated PIN attempts even if Apple-signed code is loaded. No other phone is safe from their own manufacturer like that.
In that case, you would still need to trust the mostly proprietary drivers and hardware. And if you aggressively remove features, I guess the question becomes why you would even need a phone. Maybe for some use cases it would be better to simply use a laptop.
The Iphone have never been a "cyber security focused smartphone" unless you define security being in focus while it is at least a few steps down from profit, design, and usability.
I think that one should probably buy an Apple (at least they control everything rather than the cobbled together android clones) and disable basically everything except exactly what is needed. At least that reduces the surface area. And keep personal stuff on a separate phone.