Why we can’t trust smartphones anymore
Credit to Author: Mike Elgan| Date: Sat, 25 Nov 2017 02:00:00 -0800
Your smartphone may contain secret “features” that leave you vulnerable.
I’m not talking about accidental design flaws that hackers might exploit. Security issues have always existed. They represent a cat-and-mouse game between malicious actors, who try to break smartphone security, and the smartphone industry, which tries to identify and fix the accidental vulnerabilities that make phones susceptible to hackers. Nothing new about that.
What I’m talking about is a new phenomenon — a trend we’ve learned about only in the past few weeks.
I’m talking about design decisions made by smartphone companies that cause phones to do things invisibly, behind the scenes and behind your back, that make phones potentially less secure.
Google, Apple and OnePlus have recently been caught sneaking intentional vulnerabilities into phones in ways no user would ever suspect. Phones running software installed by those three companies do potentially insecure things even when users take actions to prevent those very things from happening.
Smartphone industry motives are partially well intentioned. The purpose of these decisions is to improve performance or ease of use. But the decision to do these things without clearly informing users belies a new type of customer disrespect.
Here’s what we’ve learned in the past few weeks.
Quartz reported this week that for the past 11 months, Android has been sending user location data back to Google, even if location services are off, no apps have been used and the phone is without a SIM card. The location data is based on proximity to cell towers, something called “Cell ID.”
A Google spokesperson told me that in January, Google “began looking into using Cell ID codes as an additional signal to improve the speed and performance of message delivery.”
Google never used or even stored this data, and the data had no connection to location services, targeted advertising or other functions. The company basically turned it on with the intention of exploring performance tweaks later.
Google plans to remotely terminate this location function over the next month for all users as a result of the controversy. The termination does not require a software patch or download.
The company hasn’t announced the fate of the feature. It’s possible that the company could use it in the future to speed up messaging, either universally or as a user option.
To experiment with Cell ID as a way to speed up messaging was the right thing for Google to do.
To implement Cell ID on all Android phones without telling users that location data was being transmitted even with all location services off was the wrong thing to do.
The iOS Settings app has always enabled users to turn Wi-Fi and Bluetooth on or off.
When you turn off Wi-Fi and Bluetooth in Settings, iOS disconnects the phone from whatever Wi-Fi networks or Bluetooth devices that phone happens to be connected to, then turns off the Wi-Fi and Bluetooth radios inside the phone to prevent any possible use of Wi-Fi or Bluetooth with that phone. Wi-Fi and Bluetooth stay off until the user turns them back on.
This is how users expect it to work, and how it in fact does work.
As a convenience, Apple four years ago rolled out the Control Center for iOS 7. Available today with a swipe up from the bottom of the phone (on all phones except the new iPhone X, which conjures the Control Center with a swipe down on the right side of the screen), Control Center lets users more quickly toggle Wi-Fi and Bluetooth on or off, among other functions.
Apple wisely placed this wireless toggling on the Control Center because there are many reasons to turn them on or off quickly and frequently. For example, turning off Wi-Fi and Bluetooth saves battery life.
There’s just one problem: While the Control Center controls disconnect the phone from Wi-Fi networks and Bluetooth devices, it doesn’t turn off Wi-Fi or Bluetooth.
When Wi-Fi or Bluetooth are turned off from the Control Center, iOS 11 automatically reconnects to new hotspots or Bluetooth devices if they appear within range. Or if the phone is restarted. Or if 5 a.m. happens. (That’s right. At 5 a.m., the phone will automatically reconnect to the very Wi-Fi and Bluetooth resources the user actively disconnected from.)
Turning off Wi-Fi and Bluetooth in Settings is absolute and persistent. But “turning off” Wi-Fi and Bluetooth in Control Center is an illusion. Wi-Fi and Bluetooth remain on and functioning.
(Apple didn’t respond to my request for comment.)
Users naturally assume that Wi-Fi and Bluetooth toggling in Control Center is identical to the same action in Settings, when in fact they’re completely different. (Apple informed users of this difference only on an obscure Help page, which Apple knows the vast majority of iPhone users will never see or know about.)
Apple’s Control Center behavior exists to enable fast disconnection from networks and resources while continuing to enable features such as AirDrop, Personal Hotspot and Handoff and to favor Apple peripherals such as Apple Pencil and Apple Watch. It exists for ease of use and convenience and was the right thing to do.
But failing to very clearly inform users that the Control Center Wi-Fi and Bluetooth toggling doesn’t do what Settings does was the wrong thing to do.
The smartphone company OnePlus this month was found to have shipped phones with an app installed that could root the phones.
The app is called “EngineerMode,” and it’s the kind of diagnostic software often installed on prototype or pre-shipping phones but removed or never installed on phones to be shipped to the public.
There are three ways to activate “EngineerMode”: with a dialer command, the Android activity launcher or the command line.
The feature of the app that enables root access is password-protected, but it was a bad password quickly discovered and shared online. Exploiting the app requires physical access to the phone.
(OnePlus didn’t respond to my request for comment.)
OnePlus said in a blog post that the company doesn’t “see this as a major security issue” because of the unlikely combination of factors required to exploit it, but that the company will remove the app in an upcoming software update.
EngineerMode was a modified Qualcomm app, and there’s some evidence that other phones, including phones from Asus and Xiaomi, may contain similar apps.
While it’s possible that a major smartphone company might ship a phone without knowing exactly what software is installed, that possibility seems unlikely to me.
It’s more likely that OnePlus decided on purpose to include EngineerMode on the phone to speed manufacturing — skipping the time-consuming process of doing an uninstall on every phone.
If OnePlus’s assurances that EngineerMode doesn’t represent a “major security issue” are accurate, then including the software was the right thing to do.
But including it secretly without explicitly informing users and telling them how to uninstall it was the wrong thing to do.
Deliberately installing features that create potential security risks (or even features that users believe create such risks) and then not even informing customers about those features reveals a new dismissive, condescending and cavalier attitude toward buyers.
In all three cases, these smartphone companies have taken control away from the users by hiding activity.
In all three cases, the companies are saying, in effect, “We trust ourselves, so users don’t need the information to make their own decisions on these features.”
Android phones secretly transmitted location data after users specifically turned off location services.
iOS 11 phones’ Wi-Fi and Bluetooth radios secretly remained on and functioning after users specifically turned off Wi-Fi and Bluetooth.
OnePlus phones contained a secret app capable of rooting the phone.
Neither the Google Cell ID behavior nor the OnePlus EngineerMode app were disclosed by the companies, but addressed and remedied only once discovered by researchers.
That fact makes me wonder what else is happening on our phones we don’t know about.
Transparency engenders trust. Obfuscation engenders mistrust.
We now have reason to mistrust our smartphones and the companies that make them.
Worse, these decisions by Google, Apple and OnePlus show a lack of respect for customers.
Industry: It’s time to earn back our trust by showing respect.
Work harder to inform us about what smartphones are doing — especially on issues that involve the transmission of location data, the functioning of wireless networking and the ability to root our phones.