The differences between Android and iPhone used to be clear, but the lines are blurring. And with Google’s latest update, that gap has narrowed even more…
Updated on 04/08; the first version was published on 04/05.
Google’s mission to bring Android closer to the iPhone continues. Especially when it comes to privacy and security, including fully encrypted WhatsApp calls integrated into your dialer and enhanced protection for the Play Store. The latest Android updates have just been released, and they have very different security and privacy considerations.
The first one, surprisingly, was announced almost a year ago and is only now going live. As Telegram’s GApps Flags & Leaks reported, “Google started rolling out Find My Network in Google Play Services Beta 24.12.14. For me, it was enabled without turning on any flags. I did.”
Android’s new shadow Bluetooth network mirrors Apple’s equivalent network to a large extent. Potentially billions of devices. However, it has been put on hold for security and privacy reasons, and there are concerns it could spark a new wave of electronic stalking.
This delay allowed Google and Apple to collaborate on industry-standard protections against the FindMy network being used to covertly track users without their knowledge. It’s now complete and will run on Apple’s iOS 17.5, paving the way for Google to launch its own network.
Tracking was a major concern for these shadow networks. This shadow network is built by cloud-linking smartphones, allowing lost devices and tracked tags to return home without accessing your own cellular network. This is done through Bluetooth, allowing many different types of devices to participate in the shadow network.
This update allows Apple’s iOS FindMy to alert you that a non-Apple certified device may be tracking you, and vice versa. This cross-platform alerting feature addresses serious privacy concerns that are emerging, especially with the popularity of AirTags and AirTag-like devices that make tracking easier.
Like Apple, Google also guarantees: “The Find My Device network was built with user privacy as our top priority. Location data crowdsourced from the network is end-to-end encrypted and cannot be viewed by Google or used for any other purpose. You cannot do that.”
That said, privacy concerns will remain, and a new service of this size will likely allow malicious actors to research and exploit vulnerabilities they find. Overall, it’s worth using given the benefits in case you lose your device, but be aware of reports of potential problems as this is rolled out at scale.
The second Android network update has its own security and privacy concerns. As we previously reported, Google has surpassed Apple’s SOS satellite feature with an update to Android that will allow you to send messages to anyone, not just emergency services, if your phone plan has a satellite connectivity add-on.
Satellite connectivity is not well known among mobile phone users. They relied on expensive devices and expensive calling plans. This limited them to special use cases such as remote exploration, dangerous off-grid locations, sailing, and ghosts.
Compared to the complex matrix of cellular radios, the concept of a direct link to a satellite is relatively crude and therefore easy to attack. We have seen this situation when trying to deal with denial of service (or jamming) when Starlink is being used in conflict areas. Such attacks and counterattacks are normal in the world of defense communications, but not in mainstream mobile phones.
One former special forces member with extensive first-hand experience told me: Unlike 5G, the attack surface is much wider, as it is like attacking a corporate network, where the attack target could be the actual terminal, ground station, or the satellite itself. Other vulnerabilities such as denial of service and eavesdropping should also be considered. ”
Obviously, this is not a big problem for niche applications where satellites are used for emergency messages or home communications from very remote locations, but the hope is that this could become more widespread. It doesn’t affect occasional users in commonplace locations, but if, for example, there are multiple satellite users in one location, the equation changes.
“Geostationary and low-orbit satellite handsets are often issued to the military for emergency communications. Unfortunately, many organizations have come to rely on them, creating many security challenges. In addition to being susceptible to cyber and denial-of-service attacks, these phones also pose security challenges given that they rely on GPS to function. It’s a huge risk for companies that use them.”
From a content perspective, anything properly encrypted is secure as long as you can prove the integrity of the connection. “If your data is encrypted in transit, do you really need to worry about your communications?” says CISO Ian Thornton-Trump. However, data wraparound has vulnerabilities. The ability to capture device identity, location, and unencrypted traffic (such as basic messaging) still carries risks.
ESET’s Jame Moore explains: “Used purely as a backup service, it can be very important for people in remote locations or when needed. However, satellite communications are typically more vulnerable to security threats, so Satellite communications should not be used as a default messaging service when a secure, privacy-focused service exists.”
This is fine if only for emergencies, but with the proliferation of LEO-based Wi-Fi and partnerships with movie network operators, this will become more widespread. So if your company plans to rely on such devices and networks as an extension of your normal business, you’ll need to catch up.
Apple handles the security of its satellite communications service by limiting it to a managed service, which encrypts messages from iPhones and then decrypts them and provides them to emergency services. User location information is also shared.
Obviously, Android offers a broader range of messaging services via satellite, so it’s unlikely there will be a comparable, cherry-picked security wrap. Ultimately, if Android Satellite is expanded to be more versatile, all the usual security and privacy considerations should apply.
Cybersecurity analyst Mike Thompson warns. It’s one thing for users to be in the dark, but the security industry is another. It’s not that expertise doesn’t exist, but I wonder how mainstream it is. ”
That’s the key. Industries with remote locations and the requirement to centralize mobile connectivity rather than roaming across different types of host networks are driving new policies and options. When mobile devices extend the corporate network, additional security must be implemented.
Updated 04/08: Not all of Google’s efforts to match the iPhone will follow Apple’s lead in Android feature releases, but the tech giant has made some very welcome advances on security and privacy in recent weeks. shows leadership.
I report Last month, we reported on pre-release leaks of Android defenses against IMSI catches and network location pings. Both of these take Android beyond the current capabilities of the iPhone, and IMSI Catch Alerts is especially game-changing.
Now, we’ve seen it again in a pre-release leak of Google’s “call finder” feature in its phone dialer. This allows users to search for unknown numbers with just one click. As is often the case these days, software tips are provided by AssembleDebug and are published courtesy of: piunica web:
“Phone app[最近]Tap on the unknown number on the tab.[検索]A button will appear. Tapping the button will display a list of apps on your device that can handle the ‘web search intent’. . ” The Google Search app is one of them, so it appeared. This started a Google search for that number. ”
This is clearly just a web search, so it doesn’t identify you personally. However, in addition to potentially taking the number from a publicly available list of fraudulent caller IDs, it also immediately verifies whether the number is associated with a legitimate company.
This is the real point. Voice call specialist Hiya says “call status“Threats to the security and reliability of voice calls are also as prevalent as ever and have only gotten worse over the past year. Over 14% of all calls were unwanted calls in the past 12 months. , the average financial loss reported by consumers who fell victim to a scam call amounted to $2,257. Meanwhile, businesses are more concerned about answering unidentified calls or calls labeled as spam or fraud. Issues reaching our cautious customers continue to result in lost revenue, increased operating costs, and a negative impact on our brand reputation.”
Hiya analyzed 221 billion calls and surveyed a wide range of consumers and businesses and found that “unsolicited calls may be labeled as spam or fraud on a consumer’s mobile device, but Many of the calls that consumers consider unwanted are not labeled at all.” 92% of consumers believe that anonymous calls are scams. Almost half (46%) of these calls go unanswered. For the other half of unidentified calls, those taken by consumers, the recipient usually only answers reluctantly out of concern that it may be a call they can’t miss. ”
This is interesting. Because while Google’s new Call Lookup feature is billed as an anti-spam measure, it’s easy for consumers and business users to see unknown numbers after a call and dial back the call they expected, or at least the call they called. Because you can. An organization they recognize and can relate to.
Unsurprisingly, this new feature comes as Hiya promotes calls as the preferred medium for consumers over texts and emails, and this report was released just before Google’s latest breach. It may be more important to the currently stigmatized average consumer on the street than people immediately think. These include phishing emails, smishing texts, and unwanted AI-powered phone calls.
Sure, it’s just copying and pasting a number into a search query, but it significantly increases your chances of being used with just one click. Since this feature has already been introduced in Japan, it seems likely that we will see a more complete Android release in the near future. Move over to iPhone to do something similar…