ACLU: Google is embarrassed by Android security, isn't protecting vulnerable users like Apple's iOS

Posted:
in iPhone edited November 2015
The difference between encryption and security on iOS and Android isn't just a technical issue but a "digital security divide," according to the principal technologist for the American Civil Liberties Union. That's because Apple secures its devices while Google leaves Android open to data collection and surveillance.




Speaking at the EmTech conference hosted in Cambridge, Massachusetts by the MIT Technology Review, the ACLU's Chris Soghioan said that Apple's efforts to protect the privacy of its users, including end-to-end encryption of their communications, effectively separates the company's more affluent iOS users from the poor and disadvantaged forced to use Android.

Given that the cheapest brand new iPhone costs $650, while Android phones can be found for less than $100, Google's efforts to facilitate hardware production as cheaply as possible in order to subsidize it with an advertising business model supported by data collection effectively creates what a Soghioan described as a "digital security divide." "The security people I know at Google are embarrassed by Android" - ACLU

"The phone used by the rich is encrypted by default and cannot be surveilled," Soghioan said, "and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled."

That's because "Apple sells luxury goods and Google gives away services for free in return for access to data," Soghioan said, highlighting that the difference wasn't purely technical but a corporate decision.

"Google has by far the best security team of any company in Silicon Valley," Soghioan said, but added, "the security people I know at Google are embarrassed by Android."

iOS Encryption, Android Surveillance

While Apple's chief executive Tim Cook has repeatedly taken a staunch position on the side of Apple's customers and their rights to privacy, resisting efforts by government agencies or marketing firms to spy on users or collect inappropriate or excessive personally identifiable data for any reason, Google hasn't.

Instead, Google has made tracking users and compiling data about their behaviors and activities a core part of its business model. That leaves encryption and privacy for Android an afterthought or even an obstacle.

At the same time, there's also clear evidence that Google has simply botched its broadly advertised efforts to add full disk encryption to its mobile platform. Android 5.0 Lollipop, released in 2014, was supposed to catch up to iOS in this area, but Android's encryption performance was so bad (due to Google's failure to support hardware accelerated encryption) that the company had to relax the feature's rollout, allowing even high end models like Samsung's Galaxy S6 and Google's own Nexus 6 to ship with encryption turned off.

Three quarters of Google's active users haven't even been able to install Android 5.0 over the last year. In contrast, iPhones have had full disk encryption activated by default since iOS 3 on iPhone 3GS in 2009.

Google Hangouts, the text and video chat service bundled with Android, also lacks end-to-end encryption like Apple's iMessages and FaceTime. Last year, the Electronic Frontier Foundation reported that Google Chat and Hangouts, like BlackBerry Messenger; Facebook's Messenger and WhatsApp; Microsoft's Skype; Secret; SnapChat and Yahoo Messenger all failed to provide end-to-end encryption, while Apple does. That hasn't changed.

Further, the "trivial to exploit" nature of the Android platform has enabled agencies, independent investigators and spies to buy off the shelf tools--like Gamma Group's FinSpy or Android RAT--that provide deep access to Android devices and essentially full control over listening to a user's conversations or even tapping the smartphone mic to listen to everything the user does.

A series of leaks regarding similar tools have consistently revealed that Apple's users have been protected from such surveillance tools unless their device is jailbroken, a process that deliberately switches off iOS security and which has become increasingly rare among the general population.

Surveillance of the poor using Android

Soghioan said this means "someone who uses a cheap Android device is a much easier target for law enforcement or intelligence agencies--which he argues are prone to abusing their surveillance powers," the MIT Technology Review noted.

Soghioan cited the FBI's snooping on Martin Luther King's phone calls in the 1960s, and noted that U.S. and overseas activists of today and tomorrow could be even easier targets.

"The next civil rights movement will use the technology against which surveillance works best," he said, stating that protest movements 'don't typically start in society's upper socioeconomic echelons.'

Apple's affordable luxury

Progress on removing this "digital security divide" have been made mostly on Apple's side, where even as new iPhones keep reaching far higher Average Selling Prices than the industry at large, the company has also worked to facilitate refurbished sales, while an independent, vibrant second hand market has long existed.

Apple's iPhone Upgrade Program, along with increasingly popular leasing programs operated by carriers, help to make expensive technology affordable to a broader market, and recycle working phones to the second hand channel.

The security features of iOS 9, including full disk encryption, continue to work on iPhone 4s, a phone from 2011 that has long been sold for less than $50 by a variety of discount retailers.

Another change that has dramatically affected the affordability of iPhones is Apple's expansion of carrier support beyond AT&T and Verizon to a wide variety of small and regional carriers that offer more affordable, or more flexible, service plans.

In contrast, Google has focused on making Android "affordable" in overseas markets by partnering to hardware makers who add their own spyware and user tracking, or who load Android with additional software that exposes even more vulnerabilities.

Samsung, HTC and Motorola, as well as prominent software vendors in China (including search giant Baidu) have all made headlines for exacerbating the "embarrassing" security profile of Android, even on high end devices such as Samsung's Galaxy S6 Edge.
«1345

Comments

  • Reply 1 of 88
    calicali Posts: 3,495member
    Embarrassing.

    It is a human rights issue and I'm sick of this both not being covered in mainstream media and people being unaware.
  • Reply 2 of 88
    cornchipcornchip Posts: 1,256member

    iPhone 4S = $100

  • Reply 3 of 88

    You couldn't pay me to use Google's spyware phone. Or their services.

  • Reply 4 of 88
    solipsismysolipsismy Posts: 5,099member
    1) If Google is embarrassed it's their own doing. There was no other way their "open" setup was going to work when OEMs keep trying to undercut each other on costs.

    2) Shouldn't we be referring to the parent company as Alphabet, not Google?

    cornchip wrote: »
    iPhone 4S = $100

    I can buy an iPhone 4S for $100 USD without a subsidy? :???:
  • Reply 5 of 88
    maxitmaxit Posts: 212member

    I'm hardly surprised: it's Google after all

  • Reply 6 of 88
    Iphone 4S isn't sold anymore by Apple and if it was it wouldn't be at 100 dollars.
  • Reply 7 of 88
    solipsismy wrote: »
    I can buy an iPhone 4S for $100 USD without a subsidy? :???:

    Well I guess it depends on if you live in an area with Craigslist or not. A 20 second search on Craigslist Chicago area turned up at least 10 iPhone 4s's for sale at $100 or less.
  • Reply 8 of 88
    blastdoorblastdoor Posts: 1,894member

    Yeah, it's nice to have money. 

     

    I guess in some ways this is similar to the difference between a grass-fed organic steak and corn-fed hormone-filled beefazoid. 

  • Reply 9 of 88
    dasanman69dasanman69 Posts: 12,976member
    solipsismy wrote: »
    1) If Google is embarrassed it's their own doing. There was no other way their "open" setup was going to work when OEMs keep trying to undercut each other on costs.

    2) Shouldn't we be referring to the parent company as Alphabet, not Google?

    cornchip wrote: »
    iPhone 4S = $100

    I can buy an iPhone 4S for $100 USD without a subsidy? :???:

    Yes you can. It's a 8GB refrub but it's $100.

    http://www.1sale.com/2015/10/apple-iphone-4s-unlocked-for-gsm-or-verizon-cdma-refurbished/?utm_medium=Email&utm_source=ExactTarget&utm_campaign=M20150106
  • Reply 10 of 88
    solipsismysolipsismy Posts: 5,099member
    noicc1138 wrote: »
    Iphone 4S isn't sold anymore by Apple and if it was it wouldn't be at 100 dollars.

    I think they still officially sell it in some countries.

    edit: Not sure if this page existing, along with the Where to Buy with a limited list of countries that aren't Apple's top selling locations is accurate or not, but here you go anyway…

    Well I guess it depends on if you live in an area with Craigslist or not. A 20 second search on Craigslist Chicago area turned up at least 10 iPhone 4s's for sale at $100 or less.

    dasanman69 wrote: »

    Sure, but that's used. If one is talking about a used phone that qualifier should be presented at that time.
  • Reply 11 of 88

    I have made the case for a while now that google is less secure due to how they decided to handle the marketing of there platform. Microsoft at least pushes out patches system wide for there OS when major holes are found. Google can not even muster that level of security control. I can not abide that in a personal setting for my self, and certainly not in a professional setting. People always argue oh well there is nothing on my phone so what does it matter. This always leads me to trying to explain security is only as good as the weakest point of failure. This used to be the end users and there horrible 1234 password. Now the game has elevated to whole platforms that are insure by the consequence of a a business decision. 

  • Reply 12 of 88
    solipsismy wrote: »
    I think they still officially sell it in some countries.

    Sure, but that's used. If one is talking about a used phone that qualifier should be presented at that time.

    Maybe so, but the article is about the poor supposedly being unable to afford iPhones. If the poor were desperately concerned about security they could buy a used/refurbished iPhone 4, 4s or 5 for very reasonable prices and get most of Apple's best-in-class security features.
  • Reply 13 of 88
    Quote:

    Originally Posted by GregInPrague View Post





    Maybe so, but the article is about the poor supposedly being unable to afford iPhones. If the poor were desperately concerned about security they could buy a used/refurbished iPhone 4, 4s or 5 for very reasonable prices and get most of Apple's best-in-class security features.



    I would say that the article is about the fact that google does not care about security so long as it can sell more user data. 

  • Reply 14 of 88
    sflocalsflocal Posts: 4,502member

    So the Fandroids were right along along.  They mantra their entire time, touting Androids superiority over iOS was that it was an "open" system.  Well... yeah, it's "open" all right... open to all the agencies to snoop on.



    Shameful.  Google is a sham, and it Android supporters are just a pathetic lot of people.  They'll fabricate more lies as to why Android is the better choice.

  • Reply 15 of 88
    blastdoor wrote: »
    Yeah, it's nice to have money. 

    I guess in some ways this is similar to the difference between a grass-fed organic steak and corn-fed hormone-filled beefazoid. 

    Most "organic" stuff is actually more dangerous...
  • Reply 16 of 88
    schlackschlack Posts: 686member
    You can pick up an iPhone 5 in good condition for $200 on eBay or elsewhere.

    I'd do that before I'd buy a $200 new Android phone.
  • Reply 17 of 88
    Google's model is dependent on an open phone so that they can mine the data. It's akin to renting an apartment from Google for free but without any door locks and a policy in which someone can inspect the premises at will to determine my lifestyle to allow for targeted advertising. Maybe Google is benign and will leave my belongings in the "free" apartment untouched and won't use anything they find against me. But it doesn't stop criminals from entering and taking whatever they want. In fact, I'm surprised that Google hasn't attempted that model as it would allow for even better targeted advertising. The government would salivate at the prospect of obtaining my most personal data, not to mention private companies who would love to know how many times I am up at night to the toilet so that they can target me for a BPH drug. And people seem to be okay with that model because they have "nothing to hide." Well, I don't want my notes to my wife exposed to the world. Or photos of my kids. In fact, there are many things that I don't want exposed. They don't make me a criminal, but I simply don't want them shared with the world at large. Google believes differently and that's precisely why I use iOS exclusively.

    It is a sleazy way of doing business. And whenever I put that scenario before others, they nearly universally agree and leave Android eventually.

    I love hardware encryption enabled by default. It gives me a secure feeling that if I lose my phone, after 4 attempts at unlocking my pass code, the phone automatically wipes the memory. None of the data on the device is obtainable to anyone. I don't have that security on Abdroid. And I never will. By the very nature of Google's business model, they are obligated to data mine for targeted advertising. It means android will remain open and unlocked. And even if Google builds in a lock, they will always have a key of their own or an unlocked back door. The data on an Android device is therefore never secure.

    While Steve Jobs was upset at Google for stealing the iOS, I am upset by Google for attempting to profile me and steal my personal data. And yes, I meant what I said when I said steal. I did not know the depths to which they tried to obtain my data. Once I learned why Chrome turned my iPhone into a dog slow device, sucking up CPU cycles and bandwidth, constantly communicating my location, my browsing habits,etc. to Google's headquarters. I removed the application. I removed Google maps and anything that had to do with the company. I purchased iCab and now use Duck Duck go as my default search engine. I want absolutely nothing to with the company. I also minimize my texts to non iOS devices and will always ask for an alternate to gmail.

    I am not invested into seeing Google as a company fail, but I sure do want to see their business model fail spectacularly. It will probably mean the company itself fails also, but so be it. No other company should ever be tempted to go back to Google's business model.

    If Google repents of their ways and stops using Android as a data mining tool, making it into a real OS with reasonable built in security, I might one day consider it as I really like some of Samsung's hardware. But with Android in its current form and Google's current business model, they won't get a single penny of mine. I even despise using Google as an embedded search engine and if a site uses it, I simply go elsewhere.

    I will even make certain a website is not hosted using Google software by going to netcraft.com. If the website is, I leave and never go back to it.

    So much for Google's don't be evil slogan.
  • Reply 18 of 88
    bobschlobbobschlob Posts: 1,074member

    You know…, I was all interested and excited to read this article when I saw the headline. But then I realized it's just a bunch of "class warfare" bullshit, blahblah blah.

    stopped reading. :no:

  • Reply 19 of 88
    bobschlobbobschlob Posts: 1,074member
    Quote:

    Originally Posted by sog35 View Post

     
    Quote:
    Originally Posted by AppleInsider View Post







    Given that the cheapest brand new iPhone costs $650, while Android phones can be found for less than $100....

     

    Nope. Brand new 5s is $450




    Pretty sure they were using the term "brand new" as reference to "brand newest model". Rather than as a distinction from "used".

  • Reply 20 of 88
    bobschlobbobschlob Posts: 1,074member
    Quote:

    Originally Posted by TheWhiteFalcon View Post

     
    Quote:

    Originally Posted by Blastdoor View Post



    Yeah, it's nice to have money. 



    I guess in some ways this is similar to the difference between a grass-fed organic steak and corn-fed hormone-filled beefazoid. 


    Most "organic" stuff is actually more dangerous...

     



    …He said with absolutely nothing to back it up. <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" /> 

Sign In or Register to comment.