App security is so bad that you pretty much need to virtualize the phone and feed it fake sensor data. The whole idea of unrestricted network access is stupid.
Yeah, this is really bizarre to me. I was trying to check on volume levels through walls in my apartment, so I wanted to find some random decibel measuring app and lock it down so I don't have to worry too much about trusting it. But somehow Apple's permission model, which provides a whole pile of privilege switches including mobile data, has no way to completely revoke Internet privileges for an app.
Anticipating a question, the best phones IMHO for rooting are the OnePlus phones and Pixel. Motorola had been good in the past but you have to get a code to unlock the bootloader (which I don't like).
Downvoters: so what security features do you lose and gain when you root your phone? You've weighed the pros and cons, right?
There's a fantastic example in my sibling post. Rooting gains you the ability to more tightly control network access. That alone is massive for privacy and security.
Obviously you have to run code with lots of permissions, which means you could be highly compromised by a malicious app. The onus on the user is much higher to vet apps. At the end of the day you have to place some trust, even if you don't root. It's a game of balancing tradeoffs.
It's overly simplistic to say that rooting dramatically decreases security regardless of background or technical expertise.
So yes, that was a bit overly simplistic. I rooted my phones for a number of years before carefully looking at the pros and cons and deciding it was a poor choice for a consumer mobile phone. Obviously, we need root access for our dev machines and servers. But I try to follow the principle of least privilege, and in that case, not clear why root would be needed for a mobile phone.
But I concede that for some use cases, it can be a trade-off.
What other security advantage of rooting can you name besides tighter control of network access? Also, note that there are a few apps that allow some degree of firewall with unrooted phones. I also suspect there's a lot of room for improvement there.
I would ideally want websites to also have a "no more network access after your initial load" mode, but as you say that's fundamentally incompatible with modern web development. So I kinda just accept the loss there.
For instance is there any specific model behind blocking device location, short of just not wanting to share the info ?
I’d see not wanting an app to send anything related to your device nor that it was even opened to be of the same kind.
I've been coming around to a similar idea. I'd like a setup something like this for my desktop:
1. Some devices representing network connections. One or more are "real"; others may be VPNs.
2. Per-application settings governing which network devices, if any, the application may use. Default to none.
For example, the common way to use a VPN is like this:
1. Start your machine. You're connected to the internet, but not yet to the VPN. All of your running software is already using the internet over the unprotected connection.
2. Start the VPN. It will magically do something such that applications wanting to use "the internet" find it instead of the connection they used to find (the one the VPN itself is still using). All of your running software is now using the VPN. Did you want something to use the other connection? Too bad.
I'm sick of the idea that Windows perceives an internet connection somehow, hides it from me, and automatically makes it available to everything that asks for "the internet". But I don't actually know how to do this. Someone is working really, really hard to make sure I don't affect who uses what device.
They secure and compartmentalize at the VM-level so you can setup a VM to work only over Tor or VPN, and others to work directly over your own network. You can also restrict access to hardware per VM.
sudo pflask --netif=macvlan:enp4s0:net0 tmux
You can't just set your vpn connection as the default route? What's even the point if it's not the default route?
Applications (at least on Linux) have no idea what device they are using. They just request a connection to an IP and it's the kernels job to route that request correctly.
In particular this sentence is complete nonsense:
As usual, MS has pretty decent documentation on this: https://docs.microsoft.com/en-us/windows-hardware/drivers/mo...
I don't particularly like the GUI_centric nature of much of it, but the complaint itself is completely ill-informed.
> Applications (at least on Linux) have no idea what device they are using. They just request a connection to an IP and it's the kernels job to route that request correctly.
This is a bad idea. I want to connect the application to the device I think it should use. It shouldn't be able to find anything I don't tell it about.
> This is a bad idea. I want to connect the application to the device I think it should use. It shouldn't be able to find anything I don't tell it about.
Telling applications about resources is literally what the operating system is for. Both Linux and Windows let you do what you want.
In my Android Pie based ROM, in Settings / Network & Internet / Data Usage / App data usage I can select any app and disable WiFi, Cellular data or both.
You can forward your number to a work phone while you're on duty, you don't need to carry a personal device with you.
About once a week security folks wander through the offices looking for phones with some type of detector. God help the person who brought their phone in.
That's when you check the TOTP code on your phone, put it back on the stack of phones, and race as fast as you can back to your desk to enter the code before it expires.
This is a legal and compliance issue. If you made the marketplace share liability for fraudulent apps, and had meaningful law around the ownership of electronic data, this problem would go poof.
In the US, a piece of paper in a locked drawer requires a warrant to access. Electronic data requires as little as an administrative subpoena
There is a legitimate usage for these kinds of apps on some devices. Armed services recruiters tend to use various social media apps to communicate with people they are trying to recruit.
Is that not fair?
Does your grandma have the same legitimate use case?
The recruiter should get a waiver, a use case like that isn't a good reason to default to allowing.
 I don't see job-recruiting being a reason to allow this app. IMO any device that is used by a public servant paid with tax-$$ should be limited to what it runs and I'd be surprised if they don't have a very strict BYOD policy for this reason. Never mind TikTok they shouldn't be running any social media apps on their phones. There are other problems with this use such as what data ends up being leaked to social media companies (regardless of where they are).
Anything less than such ridiculous methods would be insecure. You can literally embed chips in the fabric of your clothing. https://www.rfidjournal.com/articles/view?11587
I'd assume they give them new clothes & microwave said new clothes. along with other precautions.
Government should have full control over government issued devices and only whitelisted modifications should be allowed.
If it's not this way - someone at government should be held accountable for jeopardizing the security of the nation.
Apps for non-sensitive emails, schedules, maps, org directories, etc.
If the government is putting sensitive military data on an Android or iOS phone, you should be concerned. A whitelist would not be a sufficient safeguard.
True, and contributes to the discussion by pointing out that morale is a tricky thing.
> if you deny them their God given right, you are racist, sexist, and otherwise despicable person
This is _at best_ hyperbole. It has no insights, adds nothing of intellectual interest to the conversation, and falsely equates "I'm not getting what I want" with "Accusing other people of being racist and/or sexist."
That last bit is not only way off-topic for this, but it's an ugly and false smear that drags the level of conversation into the mud.
Should the Navy whitelist Ebay and Amazon? What about the Walmart app? If Target has one should they then apply to get whitelisted? What about navy personal in other countries with their apps? What about popular app/game xyz? There are a million apps?
If all that has to be whitelisted the buerocratic overhead would be either really cumbersome or the value of an issued device so small, that people would buy and use their own devices anyways.
But eBay? Amazon? Walmart? Popular apps and games? Sure, get those whitelisted. Or are we thinking about maximizing the value proposition of a work phone at a government job?
If you're arguing that soldiers shouldn't do business with Target or Amazon on their mobile device, blocking an app won't get the job done, agreed.
But if the argument for blocking the app has to do with untrusted native code running on a device used for military purposes, the surface area of a browser is much smaller than the surface area of a plethora of native apps.
Oh, I see you are already familiar with how the U.S. government operates.
Their final conclusion is that using Windows 10, in a data privacy-compliant way, is only possible with a "rest risk" . Too bad that by now Windows 10 is not just in wide use among businesses, but also the de facto government OS, most of these installations running default settings.
Same deal with Intel's ME: The German Federal Office for Information Security, a bit like the IT department for the government, rated Intel ME's risk as high early 2018 . Yet no actual consequences besides that release, government systems still running Windows 10 on Intel platforms.
So while a lot of the threats are known and acknowledged, nobody seems to really act on these findings.
I'd really like to ask "should other nations eject all USA companies products from their governmental systems too?" (because I'm really curious how an apparent ultra-nationalist sees that?), but you've decided we can't explore that avenue.
Sure, if things get perjorative cut it off, but conversations here tend to have a higher standard of discourse and excluding anything that might get touchy , IMO, unnecessarily limits the topics we can [usefully!] address here.
We can't learn to understand one another if we're afraid to enter discourse on the tricky topics. Yes, there are other places, but this is special here somehow; I think we, HN, as a community can explore these ideas intelligently and maturely with perhaps a slightly lighter tiller.
(I'll leave this now as continuing a meta-discussion is something these threads often need less of, and I don't have a lot to add beyond this.)
Every government is looking to angle what they can from other governments. If I were in charge of a government it would be the approach I'd take.
I've posted countless comments explaining this from many angles. If you're interested, there's lots of opportunity to learn what this site is for and why we moderate it the way we do. Here's a recent one: https://news.ycombinator.com/item?id=21832654.
Lots more in places like this:
That's just outright incorrect.
Then they use Google Chrome and hit a phishing-hole site and get their phone owned. But don't worry, they weren't allowed to install Netflix!
The problem here is open-source intelligence because TikTok is very popular among young members who spend all their free time in their bunk on their phone. Limiting the apps might help with that, but I'm highly skeptical. There's already plenty of restrictions on social media use for armed-forces members. I believe that path is the way to go - create restrictions on posting personal information.
Having some paper pusher unit pre-approving millions of potential apps sounds like a giant waste of time. It makes a lot more sense to react to bad stuff (like one-off reactions for a massively popular video sharing app with sketchy Chinese ownership) than pre-emptively ban everything, simply because it won't do much for security beyond what Apple and Google are already doing in the app store.
There's millions of apps and tons come out every year. This nation-wide 'unit' will have to be constantly 'measuring them for security'. This isn't going to accomplish much of anything.
Either have a secure phone with pre-installed apps (ie, just a browser plus encrypted phone/messenger, military mapping tools, etc) and let them install nothing (which means they'll just use their private phone any way for the OPSEC fail stuff). Or let them do whatever and selectively ban the ones like TikTok which are massive surveillance potential just based on its popularity alone. These one-off or watching for bad-stuff and react approach makes far more sense to me.
The question then becomes, which error state is more acceptable for the organization? A system that occasionally misses malicious apps? Or a system that occasionally blocks a non-malicious app?
It doesn't matter if it's a laptop or a phone, you should only be using it for work.
Technology is much cheaper than it was 20 years ago. If you're not willing to purchase your own phone or laptop to do what you personally want to do with a device, you're likely not good at budgeting or decision making.
The meta is more real than most probably realize.
edit: tik tok makes sense for recruiting, and apparently it is currently used in the UK.
There are various stories (the Daily Mail, Reuters, Times, please take your pick) that report that the Army is 'playing with' TikTok to see if it works in recruitment. Those same reports say it is being used by 'The Guards Division'.
The British Army doesn't have a 'Guards Division' 
> ... Naval and Marine personnel who use government issued smart devices are generally allowed to use popular commercial apps, including common social media apps ...
The coverage that Skyhook claims to have for instance is extraordinary considering this is totally reliant on Wifi points and cell towers: https://www.skyhook.com/Coverage-Map
Well I posted Part 1 of Credit Karma stuff please look at https://blog.12security.com