The iPhone 6 is apparently the only "secure" smartphone available currently.

[dagamer34]

Not a smart idea. A local police may lack a sophisticated expertise to hack encryption, there surely are policemen using iPhones with fingerprint scanner, which means they know how it works. You are likely to add obstruction of justice to your charge.


Well put. I would go further and say no biometric data can be considered a secure password.

The can compel you to use your finger, I don't think they can compel you to use the "correct" finger any more than you have to tell them the pin code to your phone. Of course, you will still suffer the consequences as they may hold you in contempt, but that does not mean you are guilty.

In reality, the police have at most 3 tries to get it right and you have 10 fingers. Plus, fingerprint readers are not fool proof. I think you can get away with it, especially if touch ID is only keyed to non-obvious fingers (any but thumb and index) but you use those anyway.

 

[oobydoobydoo]

Not a smart idea. A local police may lack a sophisticated expertise to hack encryption, there surely are policemen using iPhones with fingerprint scanner, which means they know how it works. You are likely to add obstruction of justice to your charge.

Are you kidding me? Come on man, this is totally ridiculous now. "Fingerprint hackers"? Obstruction of justice would be an absurd charge considering the information is protected by the 5th amendment. It's stupid that they can force you to use your finger, but they can't force you to use the right finger because it violates your 5th amendment rights. The information on which finger to use is in your head and therefore protected. If they charge you with anything, you will have a huge civil rights lawsuit against them, and probably come out a few thousand richer. Look it up.


You heard OP. They can't crack the iphone, they can easily crack your google spy phone.

 

[Graze]

You heard OP. They can't crack the iphone, they can easily crack your google spy phone.

LOL!

 

[oobydoobydoo]

The can compel you to use your finger, I don't think they can compel you to use the "correct" finger any more than you have to tell them the pin code to your phone. Of course, you will still suffer the consequences as they may hold you in contempt, but that does not mean you are guilty.

In reality, the police have at most 3 tries to get it right and you have 10 fingers. Plus, fingerprint readers are not fool proof. I think you can get away with it, especially if touch ID is only keyed to non-obvious fingers (any but thumb and index) but you use those anyway.

Haha thank you! I should've read the whole thread. This is exactly correct.

 

[lopri]

In reality, the police have at most 3 tries to get it right and you have 10 fingers. Plus, fingerprint readers are not fool proof. I think you can get away with it, especially if touch ID is only keyed to non-obvious fingers (any but thumb and index) but you use those anyway.

There is no timer to error-counter throughout the phone's life? (unless/until factory reset?) Perhaps I was wrong but I thought the scanner ID would reset the error count after a certain time period. If the police can try two fingers a day without triggering the lock then they need 5 days, for example. But if in fact the three-try limit is for the phone's lifetime, then my understanding was wrong. (in this context)

Although your other paragraph makes it sound like like Samsung's crappy finger-print reader is the best way to evade law-enforcement in some ironical sense.

 

[zerogear]

Sad thing is that this is probably true for all major smartphones. I remember a news story not too long ago about Congress report in which Hwawei and ZTE were alleged to be security threats to the U.S. I did not read the report but I am guessing they are a threat because:

1) They work for the Chinese government, or
2) They do not cooperate with the U.S. government.

There were some rumors about Intel chips containing some micro-logic that can be used to remotely wake the host system up without user's knowledge. People laughed at the idea but it does not seem like a far-fetched idea any more.

I'm 99% sure it's the case in all platforms, which is why I think comparing "secure"-ness of different platforms is moot. Although I tend to trust AOSP a little bit more since there are constantly people vetting the code, but unless you're compiling it yourself, you never know.

As for ZTE and Huawei -- they were alleged to be security threats because they are state/government sponsored companies.

 

[lopri]

But they are hardware companies. It used to be the case that hardware is out of the manufacturers' control once sold to consumers.

 

[shortylickens]

The best strategy is just to operate on the assumption that nothing is secure. I certainly wouldn't rely on apple "security" to keep me out of trouble.

Yeah apparently everyone forgot about the thousands of leaked pics last year.

 

[mmntech]

I think there may be some 5th amendment issues with forcing you to unlock the phone, but I'm not too familiar with how things work down there, and it's quite obvious there are a lot of loopholes.

Besides, they can still collect any data on you that leaves the phone. They can snoop at the ISP level, track your location, or compel Apple to hand over data stored on their servers.

The people who really benefit from this level of encryption are not consumers, but big business and government agencies who are trying to protect themselves from espionage. That was always BlackBerry's big selling point.

 

[Dari]

I am more annoyed and concerned by Apple + Google + NSA + carriers peeking at my stuff ALL THE TIME than someone else checking out my phone which is a highly unlikely scenario to begin with.

As to law enforcement, you will have to commit something quite serious if your phone is subject to brute-force cracking by court order. A chance of your local police being able to hack your encrypted smartphone is close to zero. Ironically, it would be much easier to simply force your hand to scan fingerprints than to force you to spell out passwords.

Security is only as good as it is practical.

Police rarely do that stuff in-house. They outsource it to relevant firms or the FBI.

 

[Platypus]

As much as I love Android, iOS devices offer better security options for data encryption across the board. Apple has many significant advantages in this space by controlling the entire platform, for better or worse.

That is not to say the Apple ecosystem is immune to problems, I literally earn my living finding vulnerabilities in it (and other mobile platforms), but all things equal, there are much more granular and robust encryption options available to devs in the iOS space.

Until Google can mandate more strict control over the boot routines and boot firmware architecture on the myriad of available OEM devices in their ecosystem, and offer more options than 'all or nothing' volume encryption, they will just not be as strong.

I think it's important to distinguish the fact that no one is suggesting Android's userdata encryption is weak, there are just a ton of other ways into the device that don't involve touching that singly protected partition and due to the design of it, much easier ways to crack passwords off the device itself, unlike iOS's implementation which requires actually using the device to this end. People need to stop thinking about the idea that most attacks against encryption are from dumb brute forcing of passwords or the encryption itself, it's *far* easier and more realistic to attack other weak implementations in order to access that data.

FWIW I'm work in infosec with a focus on mobile security and research as well as an avid Android hacker and cyanogenmod team member.

It should go without saying though that you should absolutely not be doing anything remotely sketchy from a modern smartphone... make no mistake about the level of protection this stuff offers you.

 

[oobydoobydoo]

I think there may be some 5th amendment issues with forcing you to unlock the phone, but I'm not too familiar with how things work down there, and it's quite obvious there are a lot of loopholes.

Besides, they can still collect any data on you that leaves the phone. They can snoop at the ISP level, track your location, or compel Apple to hand over data stored on their servers.

The people who really benefit from this level of encryption are not consumers, but big business and government agencies who are trying to protect themselves from espionage. That was always BlackBerry's big selling point.

You're spot on about blackberry, and you're right that security is very important and helpful in a business setting but I think encryption is a benefit to consumers also. Apple specifically encrypts everything... obviously that is causing a lot of headaches at the US DoJ, but that's their problem and frankly to all of our benefit given the way our justice system treats civilians. Who is to say these cyber-police don't have an equal penchant for lying as the beat cops?


Encryption is necessary to give humans back a tiny bit of the privacy that we've lost as video, audio, and cyber-surveillance has inundated our society. If we are going to have cameras on us 24/7/365 we at least should be able to keep our thoughts and writings to ourselves, right?

 

[WelshBloke]

Encryption is necessary to give humans back a tiny bit of the privacy that we've lost as video, audio, and cyber-surveillance has inundated our society. If we are going to have cameras on us 24/7/365 we at least should be able to keep our thoughts and writings to ourselves, right?

Yeah.

Given that smartphones just seem to be enablers to let people live blog all their comings and goings on Facebook/twitter/whateverthesocialmediathingofthemomentis I'd say most people couldn't give a s**t about, or need, encryption capable of defeating the .gov.

I'm betting that most people 'leak' a butt ton of personal data all over the place. Encrypting your selfies only works if you don't send them to anyone.

 

[lxskllr]

Encryption is necessary to give humans back a tiny bit of the privacy that we've lost as video, audio, and cyber-surveillance has inundated our society. If we are going to have cameras on us 24/7/365 we at least should be able to keep our thoughts and writings to ourselves, right?

There is a reason that cities have always been engines of economic growth. It isn't because bankers live there. Bankers live there because cities are engines of economic growth. The reason cities have been engines of economic growth since Sumer, is that young people move to them, to make new ways of being. Taking advantage of the fact that the city is where you escape the surveillance of the village, and the social control of the farm. "How you gonna keep them down on the farm after they've seen Paris?" was a fair question in 1919 and it had a lot do with the way the 20th century worked in the United States. The city is the historical system for the production of anonymity and the ability to experiment autonomously in ways of living. We are closing it.

https://www.youtube.com/watch?v=G2VHf5vpBy8

 

[Dari]

If it's on your phone there's a very good chance it's on a server somewhere else in the world. Any smart individual wanting to get access to that information would know they have options. At that point encryption is meaningless.

 

[dainthomas]

So because you might not have security with Apple, you instead will 100% guarantee you have no security and go with Android? Sounds like android user logic to me, lol. How are so many fans of that operating system are willing to throw their security to the wind and "wing it"? It's a remarkable phenomenon. Who better to be the US government's secret online spy agency than the best search engine company in the world?



Yes I am saying Google is spying on every single thing you android users do, and sending ALL of it to the the US government. Google is not a friendly company. At least go with Microsoft and have some sembelence of security from the mere fact that nobody would ever expect you to be crazy and use Windows Phone.

So because you might not have security with Apple, you instead will 100% guarantee you have no security and go with Android? Sounds like android user logic to me, lol. How are so many fans of that operating system are willing to throw their security to the wind and "wing it"? It's a remarkable phenomenon. Who better to be the US government's secret online spy agency than the best search engine company in the world?



Yes I am saying Google is spying on every single thing you android users do, and sending ALL of it to the the US government. Google is not a friendly company. At least go with Microsoft and have some sembelence of security from the mere fact that nobody would ever expect you to be crazy and use Windows Phone.

People sure are self important when they think the government gives two shits about what kind of pizza they ordered or the dick pics they sent to their girlfriend.

If someone is looking up how to make a pipe bomb or downloading kiddie porn I HOPE Google sends it to the government.

 

[lxskllr]

People sure are self important when they think the government gives two shits about what kind of pizza they ordered or the dick pics they sent to their girlfriend.

If someone is looking up how to make a pipe bomb or downloading kiddie porn I HOPE Google sends it to the government.

Yea, because fsck my fourth amendment rights, right? I don't care what the government thinks about me, and/or what I'm doing. If they want to find out, they can get a warrant; full stop. Whether it's as trivial as my pizza, or learning how to make a bomb(knowledge isn't criminal). Those are *MY* rights, and I want every single one of them.

 

[kyrax12]

If it's on your phone there's a very good chance it's on a server somewhere else in the world. Any smart individual wanting to get access to that information would know they have options. At that point encryption is meaningless.

HOw would it be on a server somewhere?

 

[lxskllr]

HOw would it be on a server somewhere?

Phones/services encourage you to backup your data to the "cloud". Even if you don't do that, there's still call records, and location data companies keep for some amount of time.

 

[lucia]

http://www.theguardian.com/technolo...rejects-concern-over-orwellian-privacy-policy

Samsung privacy policy warns: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition.”

 

[WelshBloke]

http://www.theguardian.com/technolo...rejects-concern-over-orwellian-privacy-policy

I'm not sure why Samsung are getting it in the neck for that.

The third party that's mentioned is the same one that Apple sends the same stuff to isn't it?

Everyone that has voice recognition does it that way.

 

[sm625]

There is no need to crack your iphone when everything on it is backed up at the NSA.

 

[zerogear]

There is no need to crack your iphone when everything on it is backed up at the NSA.

iCloud... Just as easy

 

[lucia]

I'm not sure why Samsung are getting it in the neck for that.

The third party that's mentioned is the same one that Apple sends the same stuff to isn't it?

Everyone that has voice recognition does it that way.

Did you happen to catch the story that LG was monitoring the viewing habits of customers using their smart TVs? Sending data to LG on what channels they were watching and what apps they used. When they were caught, LG claimed that it was an accident, that the site to which the data was sent was non-functional. But somebody else turned up a web page where LG was at one time trying to market such data to third parties. Again LG claimed that it was unrelated and the idea never went anywhere. But who knows? Maybe they just get caught with their hand in the cookie jar.

 

[Rakehellion]

i dont understand. if they have a court order, then they can force your fingerprint onto the phone right?

So don't use the fingerprint unlock? Also, many people steal data without a court order.