iPhone Security & Privacy : The Truth Is Out There


Security isn't something to be taken lightly in the Internet age. From day one, we've always been concerned about it. Whether it be the security of a computer (Macintosh computers in particular), securing a website, securing your content, the privacy of your photos or protecting just about anything else you can possibly imagine. Front and back doors included.

The words "privacy" and "security" pretty much go hand in hand nowadays. And since we recently jumped on the iPhone bandwagon, you'd be amazed at what we've discovered over the past few weeks. More about that in a bit.

One of the best things you can do right now if you're concerned about these topics is to log on to the Sophos Anti-Virus website and look for the link to the Naked Security Blog. Kind of a "daring" name for a blog, I know, but Sophos won the IT Security Blog of the Year Award in 2010 and the company has continued to impress organizations around the world with its sharp eyes and ears ever since. Subscribe to their RSS feed and stay informed. It's one of the best blogs around which you'll gain a lot of insight (and help) from. You can also download their free Sophos Security Monitor iPhone app which will help you to stay on top of things.

As we mentioned back in November of 2010, download a free copy of BitDefender Virus Scanner for Mac. It's simply the best and most unobtrusive anti-virus and malware detection application for Macs we've ever used. And it doesn't cost a cent (I know, I know — there are no viruses for Macs right now but there's a bit of malware floating around and it won't be long before the "big one" hits us Mac users).

So let's get down to business. If you have an iPhone (or any smartphone for that matter), there are lots of things you need to be aware of. Below, you'll find a collection of articles we've researched on the Internet from respectable websites which contain information you'll really benefit from as far as your privacy and security are concerned. We've put them together all in one place for you to read with our own comments included. This is really important stuff for iPhone users — important enough for us to feel the need to pass it on to you since it's doubtful that many of you are even aware of it.

"...the truth is out there..."

1) From the New York Times — can hackers read your text messages, listen to your calls and follow your Internet browsing activities while zeroing in on your geographical location? Find out here:

2) From the LA Times — did you know that the Twitter mobile app downloads your address book (telephone numbers and e-mail addresses with the exception of names) after you tap the "Find Friends" feature? Your data is then stored on its servers for 18 months. Having reviewed the Twitter Privacy Policy ourselves, their data collection policies are as clear as mud. We're not real keen on the social networking scene just yet and this is one app that we, ourselves, have been very careful with along with other, similar apps:

Sophos added their own two cents worth this morning, explaining how it works along with some great commentary including a link which allows you to remove your contact database from Twitter's servers.

3) Do you use Path? We downloaded the app a few weeks ago and just before clicking on it for the first time, we read this Sophos article and deleted the app. Thank God they caught it but it makes you wonder how many other apps are doing the same thing:

Path was apparently uploading your entire iPhone address book to their servers. Below is Path's response to the "mistake":

Note that as of February 8th, 2012, the company deleted their entire collection of user-uploaded contact information from their servers. Path 2.0.6 now prompts you to opt in or out of sharing your phone's contacts with their servers. A fine time to find this all out, isn't it? After your whole address book has been given away.

Another app named Hipster was apparently doing a similar thing but the company has not issued any statement. In all fairness, the Hipster app does offer an option to deselect the "Contacts" button when adding friends but it's confusing for the average user.

Nevertheless, it's truly unbelievable that this kind of thing is happening. It's really starting to look like Big Brother is watching us now. Read on...

4) From the Wall Street Journal — an interactive database showing the behavior of 101 popular apps for the iPhone describing what each app tells users about the information it gathers (this makes for an excellent and most "enlightening" read):

5) From Sophos — most of us don't think twice about iPhone apps. We just download them and install them. Think again:

6) From Sophos — if you downloaded a stock market monitoring tool called InstaStock, you would have been unaware of the fact that after it was installed, the iPhone app proceeded to download malicious code. A "payload" which gathered data, sending it to the developer's server. Note that this wasn't actually a real app. It was a "proof of concept" app designed to expose a security flaw in iOS and although Apple (surprisingly) initially approved it, they soon removed it from the App Store and terminated the developer's license:

7) Another one from the New York Times — about the security of your Wi-Fi connection. We added this as an update to a previous blog a year ago but for those of you who missed it, here it is again with some great recommendations and advice:

8) From Sophos — simple, common-sense tips on protecting your iPhone (stay away from jailbreaking your device at all costs):

9) Yet another from Sophos — many people don't realize that the System Preferences Security pane in Mac OS X 10.6.8 (Snow Leopard) and Mac OS X 10.7 (Lion) has a "safe downloads list" which can help protect you from malware. This feature was introduced not long after Mac Defender made its debut:

10) And one last entry from Sophos — an oldie but a goodie about the first worm for the iPhone which began changing owner's wallpaper in Australia in 2009:

11) From Collin Mulliner — if you'd like to know if your smartphone reveals your telephone number when you visit a website using your mobile phone's browser, find out by visiting this page (this has to be done through a cellular connection, not a Wi-Fi connection):

12) We stumbled across this one shortly before posting — research indicates that 15% of iPhone owners use one of ten easy-to-guess passcodes on their lock screen:

13) And finally, although this is old news, we still run into the odd person every now and again who's still concerned about last year's big hoopla regarding Apple iPhone Tracking. Never fear — Apple has it all "covered" (the problem was long gone as of iOS 4.3.3):

"...always download from trusted sources..."

How many times have we heard this phrase? Is Apple not a trusted source? Exactly what is Apple doing to police the App Store these days? Not enough, it seems. For those of you who are interested, here's a partial look at Apple's standards for considering and approving iPhone applications (pay close attention to Question 6). This was posted in response to an FCC Inquiry dated July 31st, 2009:

From the Apple Developer website, here are the official guidelines — "we review every app on the App Store based on a set of technical, content and design criteria":

Apple clearly needs to put a stop to this nonsense and protect the privacy of its iPhone customers, despite the fact that Apple themselves didn't develop any of the apps mentioned above. Third-party developers should be required to provide written statements about exactly which data is transmitted by a mobile app and exactly how the data is used (a little bit of extra testing on Apple's behalf would certainly help, too). If this is not made clear by the developer (and to the customer), then the app should be rejected. If Apple doesn't do this soon, the problem is only going to get worse and some of us are going to end up in serious trouble for simply having downloaded a seemingly "innocent" app.

One last thing here for you Mac folks. If you're concerned about apps calling home on your computer (not on your iPhone but on your Mac itself), you should consider adding Little Snitch to your software arsenal (it's not available for the iPhone since the iOS works in a much different way than the Mac OS). You'd be surprised to see how many applications attempt to connect to a server once you have this little gem installed on your Mac. In fact, I wouldn't be the slightest bit surprised if a few select shareware and freeware titles out there are actually programmed to look for the presence of Little Snitch on your system first before they call home so that nobody can cry foul when they're caught red handed.

 if ( userInstalledLittleSnitch ) { doNotCallHome; } else { callHome; } 

I can't honestly say that I completely trust the iOS anywhere near as much as I've come to trust the Mac OS at this point since it's all still so relatively new. One suggestion for Apple — how about adding your own "Little Snitch" to the iOS, even if happens to be a human being sitting in a review department? I think the ball is finally starting to roll — Apple received a letter from US Congress yesterday, asking for answers about how app developers handle privacy for iPhone users. Apple has been asked to respond by February 29th, 2012.

Don't be frightened by anything you've read on this page and don't be afraid to download apps. Get wise to all that's going on out there right now. Whenever and wherever possible, take time out to read a company's privacy policy before downloading anything. If developers can't explain things clearly enough or if you can't understand five pages of legal jargon, don't use their software. You taught your kids not to accept candy from strangers, right? Why should it be any different with iPhone candy? Just be careful and let's hope that Apple will soon put stricter policies in place which we will all benefit from.

Be sure to bookmark this page as we'll be updating it frequently.

Note: Special thanks to MacInTouch for posting a link to AdiOS this morning — a brand new Mac OS X application which allows Mac users to see which iPhone apps have potential privacy problems.

[Updated 02.22.12] California Attorney General Kamala D. Harris has announced an agreement committing the leaders of mobile application platforms to improve consumer privacy protection for those accessing the Internet using apps designed for mobile devices. To quote Attorney General Harris — "your personal privacy should not be the cost of using mobile apps, but all too often it is".

[Updated 02.28.12] From the New York Times today — not only are your address books vulnerable, so are your photos:

[Updated 03.16.12] Two more articles of worthy mention — another one from the New York Times and a new one from PCWorld:

Blog Articles


Sites Recently Completed Or Updated

Move your mouse over a link below for a web site design preview. Click on a link to visit a web site: