Cyber security risk for sending texts between iPhone and Android

I honestly would be shocked if they could technically read the messages. WhatsApp make such a point about the encryption. I'm not an expert on these things though so I'm not sure.
Not very many people take the time to read all the legalese stuff in the EULA for an app before they install it. I give the Apple App Store credit for including a privacy summary with every app, which sums up their data handling and privacy practices, such as this one for WhatsApp:

IMG_6709.jpg

It's not as comprehensive as a EULA, but it at least gives you an idea of what you're giving up to the app when you install/use it on your device. If there's something in there that bothers you, you can either go read the full EULA for the details or choose not to install the app.
 
Not very many people take the time to read all the legalese stuff in the EULA for an app before they install it. I give the Apple App Store credit for including a privacy summary with every app, which sums up their data handling and privacy practices, such as this one for WhatsApp:

View attachment 9313544

It's not as comprehensive as a EULA, but it at least gives you an idea of what you're giving up to the app when you install/use it on your device. If there's something in there that bothers you, you can either go read the full EULA for the details or choose not to install the app.
Does User Content mean the actual content of the message? This is wild. What's the point of end-to-end encryption if Meta can read the messages?
 
Does User Content mean the actual content of the message? This is wild. What's the point of end-to-end encryption if Meta can read the messages?
I don't know, I never read the EULA before I installed it on my phone. :ROFLMAO:

I can tell you that it asked for access to all my contacts and my photos, which I denied. When I want to share pics on WhatsApp, I go in and grant access to them one by one, not just give them blanket access to every photo I have stored on my device. And it doesn't need to know about all my contacts - everybody I want to communicate with in the app is already in the group, you don't need to know all the information about everybody else in my contact list.
 
Does User Content mean the actual content of the message? This is wild. What's the point of end-to-end encryption if Meta can read the messages?
User content usually refers to stuff you create like videos and stuff like that. Nothing to do with the messages themselves. My guess because it’s Meta, it’s a blanket EULA from the other platforms they have

The definition of user content in an EULA can vary, but it generally refers to any content that a user can create, upload, or make available. For example, an EULA might state that the user owns all rights to their user content, but grants the developer a license to use, reproduce, and distribute it
 
User content usually refers to stuff you create like videos and stuff like that. Nothing to do with the messages themselves. My guess because it’s Meta, it’s a blanket EULA from the other platforms they have

The definition of user content in an EULA can vary, but it generally refers to any content that a user can create, upload, or make available. For example, an EULA might state that the user owns all rights to their user content, but grants the developer a license to use, reproduce, and distribute it
Understood.

I have no evidence for this but I don't think Meta can read WhatsApp message content. I can see why folk might think they have a back door but I personally don't think so.
 
So the messages aren't end-to-end encrypted and Meta can read all the messages?
It is my understanding they cannot. In fact: I believe they're using the same E2EE SPM uses. (SPM is open source.)

At least for now, but...

Messaging_Data_Linked_To_You.png


Then, as I noted, there's Meta's questionable history. E.g.: When Apple said they were going to lock-down iOS to stop app creators from abusing features of iOS forbidden to them by their TOS with Apple, Meta threatened to pull their apps off iOS/iPadOS.

Yes: You read that right: Meta was threatening Apple for stopping them from doing things they'd promised they wouldn't do.

It also recently came to light Meta (along with some other big tech actors) cooperated "off the record" with certain requests by the U.S. Government that were of highly-questionable Constitutionality.
 
I guess my wife can't send me a shopping list now. I will make that sacrifice
Mine will have to stop sending those photos. Of the dog.
 
yes, this is much about nothing unless people are sending things in text they should not like credit card info, personal ID's, or info on who some famous person is sleeping with. Phones used for business should be company issued/controlled such that infosec exeperts can ensure employees are not doing something that is insecure.

oh, and just about anything can and has been hacked. Generally govt's don't go after us worthless fish but rather high value prizes
 
yes, this is much about nothing unless people are sending things in text they should not like credit card info, personal ID's, or info on who some famous person is sleeping with. Phones used for business should be company issued/controlled such that infosec exeperts can ensure employees are not doing something that is insecure.

oh, and just about anything can and has been hacked. Generally govt's don't go after us worthless fish but rather high value prizes
That's pretty much how I look at it as well. Unless you're conducting criminal business on your phone or are a high threat profile of some sort (political activist, member of a subversive group, gov't whistleblower, engaged in espionage, etc.), the worry is pretty minimal. You have a much bigger chance of becoming a victim of malware or a phishing scam, or your info being poached because you were using insecure apps over public wi-fi.

It is still a good general infosec practice to avoid sending sensitive information over unencrypted messaging protocols whenever possible, but for most of us it's not something worth lying awake at night over, IMO.
 
+1 vote for Signal
 
Me and the boys in the group chat after having our texts exposed thanks for the one android user

Season 1 Episode 6 GIF by The Fresh Prince of Bel-Air
 
+1 vote for Signal
Signal is fine, as long as you can get everybody you text with to download and use it. That’s the hard part though.
 
Another great reason to ditch Apple!! :ROFLMAO:

Hate to pass on bad news its " the FBI warned iPhone and Android users to stop texting and to use an encrypted messaging platform instead".
 
yes, this is much about nothing unless people are sending things in text they should not like ...
You might be surprised at how useful some of the most mundane of communications might be.

Bear with me for a moment, if you will.

I'm sure you're aware of the "Loose lips sink ships" trope from WWII. That warning was meant to apply not to just sailors, but their friends, families, people who worked in shipyards, their friends and families, etc. Pretty much just about everybody.

Why? Because with enough disparate information from enough sources a sharp analyst with a good memory could piece them together and create a whole.

In this day-and-age, with the advent of AI (which isn't really intelligence, per se, but that's another discussion), it's trivial to do the same--inputting essentially everything one can and letting the AI make associations.

The point being: While your domestic habits, taken in isolation, may be mind-numbingly mundane, when pieced-together with millions-upon-millions of other bits of mundane, and maybe not so mundane information, could be useful to somebody, somewhere, at some time.

Phones used for business should be company issued/controlled such that infosec exeperts can ensure employees are not doing something that is insecure.
You just neatly illustrated another reason for encrypting everything, all the time: If you can frustrate eavesdropping, you should do so just on General Principles. Every bit of effort bad actors have to spend on discovering anything, no matter how useless, takes that much more away from their efforts to discover something useful.

Put more simply: If the only people to encrypt their communications are people who need to encrypt their communications, the bad guys know upon whom to concentrate their efforts.

Secondly: As a retired IT guy I can tell you issuing company phones is no guarantee private phones won't be used inadvisedly. We examined this issue in great detail at my ex-employer's and decided there was little to be gained by doing so. YMMV.

oh, and just about anything can and has been hacked. Generally govt's don't go after us worthless fish but rather high value prizes
That's a poor argument. It's like saying that just because you can't keep burglars out of your home you shouldn't bother locking your doors.
 
No one will will argue that encryption by default is not great and I was not making an arguement to the contrary. Just the things my friends and family actually text about are minor and not cyber criminal worthy. Also, everyone in my circle now has an iphone so true texting is limited. by the way, I'm retired IT as well.
 
Back
Top