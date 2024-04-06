



The differences between Android and iPhone used to be clear, but the lines are blurring. And with Google's latest update, that gap has narrowed even more…

Google's new advances narrow the gap with the iPhone

Google's mission to bring Android closer to iPhone continues to put privacy and security above all else, with features like fully encrypted WhatsApp calling integrated into the dialer and enhanced protections for the Play Store. The latest Android updates have just been released, and they have very different security and privacy considerations.

The first one, surprisingly, was announced almost a year ago and is only now going live. As reported by Telegram's GApps Flags & Leaks, Google has started rolling out Find My Network with Google Play Services beta 24.12.14. This is enabled without turning on the flag.

Android's new shadow, Bluetooth-powered networking mirrors its Apple equivalent at scale. Potentially billions of devices. However, it has been put on hold for security and privacy reasons, with concerns that it could spark a new wave of electronic stalking.

This delay allowed Google and Apple to collaborate on industry-standard protections against the FindMy network being used to covertly track users without their knowledge. It's now complete and will run on Apple's iOS 17.5, paving the way for Google to launch its own network.

Tracking was a major concern for these shadow networks. This shadow network is built by cloud-linking smartphones, allowing lost devices and tracked tags to return home without accessing your own cellular network. This is done through Bluetooth, allowing many different types of devices to participate in the shadow network.

With this update, Apple's iOS FindMy will be able to alert you that a non-Apple certified device may be tracking you, and vice versa. This cross-platform alerting feature addresses serious privacy concerns that are emerging, especially with the popularity of AirTags and AirTag-like devices that make tracking easier.

Like Apple, Google ensures that its Find My Device network is built with user privacy as a top priority. Location data crowdsourced from the network is end-to-end encrypted and cannot be viewed or used for any other purpose by Google.

That said, privacy concerns will remain, and a new service of this size will likely allow malicious actors to research and exploit vulnerabilities they find. All in all, considering the benefits of Lost Devices, it's worth using, but be aware of reports of potential problems as this is rolled out at scale.

The second Android network update has its own security and privacy concerns. As I previously reported, Google has surpassed Apple's SOS satellite feature with an update to Android, allowing you to send messages to anyone, not just emergency services, if your phone plan has a satellite connectivity add-on.

Satellite connectivity is not well known among mobile phone users. They relied on expensive devices and expensive calling plans. This limits it to special use cases such as remote exploration, dangerous off-grid locations, sailing, and ghosting.

Compared to the complex matrix of cellular radios, the concept of a direct link to a satellite is relatively crude and therefore easy to attack. This was seen when Starlink sought to address denial of service and sabotage when used in conflict zones. Such attacks and counterattacks are normal in the world of defense communications, but not in mainstream mobile phones.

A former special forces officer with extensive experience said there are several factors that reduce the safety of satellite systems, especially low-orbit systems. Unlike 5G, the attack surface is much wider as it resembles an attack on a corporate network where the target location can be the actual terminal, ground station, or satellite itself. Other vulnerabilities such as denial of service and interception should also be considered.

Obviously, this is not a big problem for niche applications where satellites are used for emergency messages or home communications from very remote locations, but the hope is that this could become more widespread. It doesn't affect occasional users in commonplace locations, but if, for example, there are multiple satellite users in one location, the equation changes.

Geostationary low orbit satellite handsets are often issued to the military for emergency communications. Unfortunately, many organizations have come to rely on them, creating many security challenges. Not only are these phones more susceptible to cyber-attacks and denial-of-service attacks, but given that these phones rely on GPS to function, these phones have poses a risk. using them.

From a content perspective, anything properly encrypted is secure as long as you can prove the integrity of the connection. If your data is encrypted in transit, do you really need to worry about your communications? says CISO Ian Thornton-Trump. However, data wraparound has vulnerabilities. The ability to capture things like device ID, location, and basic messaging for unencrypted traffic still carries risks.

As ESET's Jame Moore explains, if used purely as a backup service, it can be very important for people in remote locations or when needed. However, satellite communications is typically more vulnerable to security threats and should not be used as the default messaging service when more privacy-oriented and secure services exist.

This is fine if only for emergencies, but with the proliferation of LEO-based Wi-Fi and partnerships with movie network operators, this will become more widespread. So if your company plans to rely on such devices and networks as an extension of your normal business, you'll need to catch up.

Apple handles the security of its satellite communications service by limiting it to a managed service, which encrypts messages from iPhones and then decrypts them and provides them to emergency services. User location information is also shared.

Obviously, Android offers a broader range of messaging services via satellite, so it's unlikely there will be a comparable, cherry-picked security wrap. Ultimately, if Android Satellite is expanded to be more versatile, all the usual security and privacy considerations should apply.

As cybersecurity analyst Mike Thompson warns, how many people in the cyber world fully understand the nuances and have an intelligent opinion? Users are in the dark, and the security industry is another story. It's not that expertise doesn't exist, but I question how mainstream it is.

That's the key. Industries with remote locations and the requirement to centralize mobile connectivity rather than roaming across different types of host networks are driving new policies and options. When mobile devices extend the corporate network, additional security must be implemented.

