If you’re using a regular cell phone but have some concerns about mobile security the last few months should have convinced you to take the leap to an ultra-secure phone. Indeed, if you’ve cracked open the news at all in the past few months, you may have heard about Apple’s plans to push a new and highly intrusive surveillance system out to nearly all of the one billion iPhones in consumer’s hands. Or maybe you missed that because you’ve been on vacation for the past month (it is late summer, after all). In that case, perhaps you heard about the move by the Whitehouse to monitor vaccine ‘misinformation’ in private text messages. Or, if you missed that one in July, then surely you heard about the Pegasus Project’s exposure of a private sector industry spreading untraceable malware to consumer cell phones with fatal consequences.
If you missed all of these cynicism-inducing headlines that affect your mobile life, I guess I should congratulate you on your hard-earned blissful ignore-ance. I get it… sometimes the head-long momentum towards disaster just isn’t bearable.
But for anyone concerned about any of these headlines, I’m going to:
- Sum up the key points of the current mobile anti-privacy landscape without too much angst, then
- I’ll skip right over the hopelessness and fear and go for the most effective steps for safeguarding your personal privacy and security in 2021.
Sound good? Let’s dive into the maelstrom (read: anti-privacy sh*t-storm) that is summer 2021.
Summer 2021: When Mobile Privacy when to Hell in a Hand Basket
Mid-June, 2021: Google is accused of Force-Installing Covid Tracker Apps on Phones in Massachusetts
Citizens with Android phones in Massachusetts woke up to find the MassNotify app installed on their phones with no authorization or approval. The app is designed to track people’s movements and issues notification alerts if possible exposure to COVID-19 happens.
When Massachusetts citizens found this app installed on their phones, they also found that they couldn’t remove the app, as it was hidden from the app store and the regular method of removal. Furthermore, this app was installed in MILLIONS of phones in the relatively small (population 6.8 million) state of Massachusets, suggesting that this app was tracking the movements of many many Americans without their knowledge or consent.
Source: Summit News
Mid- July 2021: The Whitehouse states they will ask SMS Carriers to Monitor Vaccine ‘Misinformation’ in Private Text Messages
In an article from Politico the Whitehouse and allied groups said they are planning to work with SMS [Short Message Service / i.e. Text Message] carriers to dispel misinformation about vaccines sent over text messages.
At this point, there’s no specification on what the administration meant by “monitoring” of text messages, including if messages would be flagged or if they would be prevented from being delivered. Nor was there any information given on how the administration would determine what exactly constitutes “misinformation.”
So, to rephrase this (in an admittedly 1984-sounding sentence) the government has said that it will monitor your (private) text messages for content that it (vaguely) deems “misinformation” and hasn’t said what they’ll do with said (private) text messages.
Late-July, 2021: The Pegasus Infection is Exposed
The Pegasus Infection created and sold by the NSO Group (a private company in Israel that hides behind a mask of legitimacy) to willing government actors is uncovered. Says security advocate Edward Snowden, there’s a “Trojan Horse” infection named “Pegasus” that basically turns the phone in your pocket into an all-powerful tracking device that can be turned on or off, remotely, unbeknownst to you, the pocket’s owner.
So, your phone is perpetually insecure, waiting to be turned into a tracking device should someone who has the money be interested in making it so. This is scary for everyone, but especially journalists, activists, and reporters. Just in case that’s you, here’s how to use Amnesty International’s Tool to see if your phone has been infected by this spyware.
Source: Continuing Ed Substack
August 2021: Apple releases plans to make your phone (yes, yours) spy on your photos
Apple plans to push a new and highly intrusive surveillance system out to many of the more than one billion iPhones it has sold. This system will be installed with the launch of iOS 15 (probably by mid-September). Apple has couched this system in noble terms, as a way to solve a problem we all want to be solved but it doesn’t really matter how they frame this move. Regardless of how anyone tries to justify the new security intrusion, Apple’s new system will permanently redefine what belongs to you, and what belongs to them.
Under the new design, your phone will now perform a search for digital contraband on Apple’s behalf. This is before your photos have gone anywhere (been shared, been uploaded to iCloud, anything). If enough “forbidden content” is discovered, law enforcement will be notified.
So your phone is being turned into an informant. It doesn’t matter if the information it is informing on is limited right now since that limit is entirely at the discretion of Apple and can be changed at any time. The takeaway is that if you have an iPhone, it WILL be spying on your content.
Source: Continuing Ed Substack
If You’re a Human, Mobile Privacy Should Matter to You
Now I should go ahead and say that it doesn’t matter what political side you’re on, what you believe about Covid-19, or about Apple’s stated reason for this privacy-destroying move. No matter what side you’re on and what issues you care about, this summer has been a truly bad one for our right to privacy. Since history has taught us that the rights we don’t protect are the ones we lose, we should take these moves seriously and respond accordingly.
Ultra Secure Phones – Steps to Get There
So let’s skip right past the opportunity for complaints or accusations and get to what you should do about it. To be clear, you should do this today, not tomorrow. Also, to make things easy, I’ve put these in order of difficulty/investment.
- Review granted app permissions.
Whenever you download an app, it requests various permissions from you, like being able to access your locations or your camera. In most cases, these permissions are generally required for the app to function as it should. However, some apps request broader permissions than are strictly needed for their functioning. However, you can select which of these permissions to allow based on your comfort level, which features you actually use, and personal preference. Now, changing the app permissions won’t turn regular phones into ultra secure phones, but it’s the first step to take to control what information is being gathered. To find out how to change app permissions on your phone, use your favorite privacy-respecting search engine. 🙂
- Review system privacy settings.
This is a very similar step to that above but it starts from the level of your phone’s operating system. Change what type of data can be accessed according to your security preferences.
- Get a VPN for your phone.
A virtual private network (VPN) gives you online privacy and anonymity by creating a private network from a public internet connection. This is especially important if you share your wifi network with other people, or if you work away from home often. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. VPN services also establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot. Browsing with a VPN will hide your browsing history, your IP address and location, your devices, and your current web activity. We like NordVPN and we use them ourselves (that’s an affiliate link). Our favorite free (and open-source) VPN is ProtonVPN. A VPN is a great step to add a layer of security on a regular cell phone (or computer, for that matter). For many people, it might be enough of a solution for their comfort level, but it won’t get a phone to the level of an ultra secure phone.
- Switch to privacy-respecting apps if possible.
Some apps out there (especially open source ones) can do the same or similar work as your current apps but with better privacy policies. Look for words like end-to-end encryption, and “Zero-knowledge”. We like using the Aurora app store because it discloses the permissions that apps will ask for BEFORE you download so that you can make the most privacy-respecting choice. We’ll be publishing a recommended list to help with these decisions soon, so check back shortly.
- Use strong passwords/authentication with your mobile carrier.
This is true across the board, and we recommend a password manager to help you do this (truly, a password manager will change your life, we use Bitwarden but there are many good ones out there). However, strong pins and passwords are especially important for your mobile phone since we often use a mobile phone as a “key” to our other services (ever been texted an authentication code?). Make them at least 20 characters and change them often. For help on how to make strong, memorable passwords, try Diceware.
- Get a security-first cell phone.
Finally, for those of you who are ready to take a significant step and are searching for ultra secure phones, we suggest getting a security-first cellphone like the Rogue phone. What makes Rogue Phone and other phones like it into ultra-secure phones (over and above what you can expect on a regular cell phone) is that they’re built from the ground up with privacy and security as the priority. There are many security first cell phones out there, but we think ours is one of the best (here’s why) and most user-friendly. You can read more about it here.
That’s it for our security news overview and suggested steps. If you haven’t thought about upgrading your mobile device in favor of one of the many ultra-secure phones out there we hope you consider it. The prospects for mobile privacy and security are only getting worse and while we wait for (possible?) improvements through legislation or sheer collective outrage we might as well take steps to protect ourselves, our identities, and our stuff.