At this point it should come as no surprise to anyone that regardless of what Facebook says about security and privacy, you can almost guarantee they will be caught in a lie, or at the very least, avoiding the truth. The latest boondoggle comes courtesy of a Freedom of Information Act finding made by an organization called Property of the People, a non-profit transparency group who has shared a document from the Federal Bureau of Investigation that details “Lawful Access” to your supposedly private and secure messaging on Facebook’s WhatsApp and Apple’s iMessage platforms, as well as several others.
What this means to you
In a nutshell, the document does indicate that in all cases, Facebook and Apple are true to their word that your conversations – as they happen – are encrypted, and the FBI cannot read them. What’s telling is what Apple and Facebook omitted in all of their marketing and soapboxing about privacy and security. According to the FBI document, which appears to be designed more as an executive summary, WhatsApp seems to be designed to give near real-time access to everything but the content of the user’s messages if they are served with a search warrant. Though not nearly as transparent in real time as WhatsApp, Apple’s iMessage will provide metadata surrounding a targeted user’s messages for up to 25 days.
The real cherry-on-top of this privacy-nightmare sundae is actually Apple’s to own: If the targeted user happens to be backing up their messages (both iMessage and WhatsApp apparently) to iCloud, a search warrant can also return the encryption keys to that supposed secure backup, which will allow authorities to decrypt and reveal the actual contents of the messages.
Of course, if you aren’t doing anything wrong, you should have nothing to worry about if the Feds are reading your messages, right? Let me point you to an article written in 2013 and published by the ACLU:
On top of the privacy issues this latest surprise reveals, I also want to make sure you note my other point: regardless of how much Apple and Facebook preach from their bully pulpits about protecting your privacy, it should be painfully clear this is more marketing ploy than protection of your rights. If a company is for profit, they are not looking out for you, they are looking out for their shareholders whose top priority is staying in business and cooperating with the authorities to make sure those dollars don’t stop. In the end it’s your choice whether you use these platforms, but don’t fool yourself into thinking you are choosing a “secure” platform that “protects your privacy.” At best, Facebook and Apple are being disingenuous about their privacy stances while behind the scenes they are laying the foundations for an Orwellian Nightmare.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
A new app has appeared on Google’s Play store that purportedly offers Android users the ability to chat with iOS users via Apple’s iMessage platform, and it has security eyebrows raised, primarily because it wasn’t released by Apple. Cydia (app store for jailbroken iPhones) developer Jay Freeman delved into the code of “iMessage for Android” and discovered another alarming fact: the app appears to be authenticating not through Apple’s servers, but through some unknown platform in China, even though it requires a legitimate Apple ID to work. Another developer also noted that this app has the ability to silently download code to your Android smartphone, a permission that could lead to a malware infection. The app is very new and these security peculiarities have yet to be widely verified, but it has already been downloaded from the Play store over 10,000 times.
What this means for you:
Firstly, your Apple ID (which may have money and many, many apps, songs, movies, etc. tied to it) is being passed through an unknown server in China. There is no guarantee that the owners of that server aren’t collecting these IDs for nefarious purposes. Add this to the fact that the app can download code without notifying you, and the scales are now dipping alarmingly towards “dangerous” if not outright “malicious”. Also at stake is the trustworthiness of Google’s Play Store app vetting process – how could this app have possibly made it through without raising some red flags. Sure, there is no love lost between Apple and Google, but Google is usually smart enough to not poison its userbase with a dodgy app just so Android users can text chat with iOS users. It remains to be seen whether this app is truly on the up and up, but all signs indicate otherwise at this point. I’d err on the side of caution and avoid installing this app for now. If you really need to talk to that iPhone user, just send them a text!
Image courtesy of Idea go / FreeDigitalPhotos.net.