[freshhawk]

> which is frankly the most secure device you own

Really? That's not how I treat my security at all. My phone seems to clearly be the least secure computer I own. Admittedly I run all linux on my non-phone computers, but I'm not totally sure I'd agree with you even if I ran Windows or OSX.

Am I that wrong?

[superuser2]

If it's an iPhone, then yes, it is far and away the most secure device you own. Everything is encrypted all the time through an HSM which will perform decryption only if given the device PIN. The key is never in memory and any attempt to extract it from the HSM will result in its self-destruction. It is impossible to recover data from the phone without the PIN. You can only erase the device and restore from a backup. While the device can be lost, the only threat is that a thief will erase and resell it. With iOS 7 and Find My iPhone turned on, even that is not possible. An attacker would not get your data in any case.

This is orders of magnitude safer than a full-disk-encrypted laptop because people hardly ever shut down their laptops, so keys remain in memory. There is also the possibility of cold-boot attacks, and of course the (retrospectively) insane design wherein any program you run can access all of your data.

iOS applications are always code-signed in a way that is tied to a real person or corporation, thoroughly sandboxed, and subject to review, making malware essentially non-existent. If discovered, it can be yanked at any time. What few remote exploits there have been were national news - and quickly resolved.

iMessage is end-to-end encrypted 100% of the time using a keybag - each device on your iCloud account has its own private key that never leaves the device. You get notified when a key is added to the keybag. This is really incredible, because without even knowing it, huge swaths of the population are using properly end-to-end encrypted messaging just by owning iPhones.

iOS is a tight ship and its attack surface is minuscule compared to that of a commodity computer.

[freshhawk]

Ah, that makes a lot of sense. If you are discounting Apple themselves (and people using social engineering techniques to gain access to Apples backdoors) and the large list of States and Corporate actors who have access as potential attackers then you are absolutely correct.

I didn't know about keybag, that's very interesting.

[superuser2]

Please provide evidence (other "Apple hates my freedom so they must be doing it!") of Apple having granted access to iPhones to other corporations.

[freshhawk]

Ah, I was unclear. I meant the Governmental to private intelligence contractors path, not Apple selling data to data brokers or something like that - that seems very unlikely.

[lifeisstillgood]

Where do I read more about this - it sounds fantastic and yet I just assume "proprietary = lazily implemented and they can read my keys cos it's on their server"

[e12e]

There was a talk at passwords^10 (2010) about security of pins/keys in iphone/android/windows phone (IIRC). Don't recall who the speaker was, and all the links to talks/programs etc have gone to bitrot (might be possible to find on archive.org, I've yet to try that).

If I remember correctly an encrypted iphone (4 I guess?) was the most secure, but with a bit of hackery one could use the device itself to bruteforce the pin (and thus access the key, and then the data). Not sure if that's actually been patched in later iterations of the iphone.

If you find this stuff interesting, consider going to passwords^14 (August 5th-6th, Las Vegas): https://passwordscon.org/

[lifeisstillgood]

Thank you - looks interesting

[pbreit]

Considering how locked down they are (iPhone, at least), yes, they are likely substantially more secure than PCs for most people.

[sj4nz]

You have to be more specific: Secure from what kind of threat? There are many threats ranging from service providers deciding to uninstall "unpopular" applications that threaten antiquated revenue models to State threats used against activists and dissidents.

[MBCook]

I assume he means "threats that would allow another app or actor to read your private key".

[Retric]

And ignores the threat of a stolen device.

[pbreit]

Unlike most stolen PCs, a stolen phone can be locked or erased remotely.