As we entrust mobile devices with our most private messages, files and photos, they become more and more vulnerable to digital threats and data privacy violations. That’s why mobile security and privacy measures are not just hot topics for users, but also technological challenges that tech companies try to address in different ways.
Recently, Apple announced the rollout of a highly controversial scanning system designed to monitor photos of child sexual abuse material (CSAM) on the user’s device before uploading them to iCloud. While finding means to protect children against online sexual exploitation is highly important, the novel technology introduces much confusion and many privacy concerns regarding it potentially getting misused for surveillance, privacy intrusion and cyberattacks.
Apple’s sophisticated cryptographic system would substitute the widely used method of cloud-based scanning that mainstream providers like Dropbox, Microsoft or Google are relying on for decrypting and monitoring photos on their servers. Instead, Apple is planning to install a client-side hashing technology called NeuralHash that uses cryptographic codes to convert photos into a unique number of characters and match them with the hashed version of the central US CSAM database.
Apple’s allegedly privacy protective technology (that according to experts would allow for later integration into an E2EE environment if Apple decided to encrypt iCloud) is based on a method that cannot “see” the actual photo, only a sort of “digital fingerprint” of it. Yet the fact that it’s meant to work on the user’s device and has the potential to be expanded to any kind of databases raises many concerns among privacy experts. One question, however, which presents one of the biggest dilemmas for privacy-conscious providers, remains unanswered: How can they build E2EE services with privacy by design, while simultaneously preventing them from being misused for criminal purposes such as circulating CSAM?
Apple’s new approach to mobile scanning and the technology’s inherent potential for privacy violations have prompted us to remind users and companies of the importance of mobile privacy and security. Read on for a round-up of the most relevant privacy- and security-enhancing tips and measures for mobile devices in 2021:
1. Use end-to-end-encrypted file storage and sync services for your personal photos and files
While there is a heated discussion about whether Apple’s approach is the proper way to detect child sexual abuse offenders in an end-to-end-encrypted technology setting, the debate is also a reminder that mainstream file storage and syncing services – including Apple’s iCloud – still do not use end-to-end encryption, but do already access user content and scan them for different purposes. These can involve user experience enhancement, research, providing features such as search or personalized ads, and in the majority of cases, detecting CSAM. Learn more about this topic in our blog article.
As opposed to these services, end-to-end-encrypted file sync and sharing apps can create a fully protected space for your highly confidential mobile data, safeguarding them from any kind of data leak or theft. The underlying technology relies on client-side zero-knowledge encryption that provides end-to-end protection, while making it impossible for unauthorized users – even for the provider itself – to access your data.
2. Look out for warning signs of malicious apps
In the age of giveaways, free content and online services, one can easily fall victim to promising apps that seemingly offer a wide range of benefits. Over the last few years, however, we have learnt that no product is truly free of charge.
Don’t take the bait when an app appears too good to be true. Rather check twice via different sources if the new app appears on the list of reviewed apps and what experiences users report. Otherwise, you might end up with a locked device, lost personal data or even money stolen from your bank account.
3. Read the fine print before downloading a new app
It’s not a new revelation that in exchange for using a wide range of services and platforms, you have to allow service providers access to your data. Data collection fuels the new digital business and advertising model of tech giants that can extend to very different data types, including personal data, web activity and geolocation.
Though users have to give their consent to allow the tracking and use of their data, the long-winded privacy policies are often skipped and accepted unwittingly. You will be on the safe side, if you take the time to read the fine print and understand which permissions that you give to providers may be detrimental to your privacy.
4. Avoid public WiFi to protect against Man-in-the-Middle attacks
Smartphones and network connectivity have helped to create a new world of unlimited communication. With WiFi being available almost everywhere, there are no boundaries for us to communicate or work almost anytime, anywhere. However, public accessible WiFi at airports, in hotels or in restaurants also offers a great opportunity for hackers to perform Man-in-the-Middle attacks.
Via an unsecured network, attackers can easily intercept sensitive information like emails, credentials, and personal information. To protect your device when using online banking, working on the go or sending sensitive information, you should connect to a secure network, use VPNs and encrypt your confidential data.
We have also learnt from our interview with EX-NSA engineer Alex White that due to rapid digitalization and a switch to remote work, mobile security can no longer be an afterthought. Since both private and work matters are often handled via mobile devices, they have become a goldmine of data for hackers. Thus security precautions are as important as using keys to lock our doors or wearing safety belts.
Would you like to learn more about how we can help you protect your private and work files?
Check out Tresorit for Individuals.