Security

Apple explains why sideloading is harmful for you

It’s safer

Published

on

Installing apps onto an Apple device is both an easy and a difficult experience. It’s easy to have everything in a single app store. Having a single hub for apps can make setting up a phone simple. However, the inability to install apps from outside sources (or sideloading) can leave more dedicated power users from customizing their phones even further. Though a single ecosystem can get on some people’s nerves, Apple has a simple reason why: It’s safer.

Currently, Apple does not allow sideloading. Users can’t access third-party stores or do direct downloads from outside sources. The only way to install third-party apps is to manually alter the device’s software.

In a recently published report, Apple bares the multiple ways that sideloading can harm users. The report persistently reiterates that allowing sideloading can circumvent the strict safety regulations that Apple has carefully instated for the App Store.

Malware often circulates around outside sources where regulations are often lax or even non-existent. In fact, Apple even states that the lax regulations are the reason why malware exists more prevalently on Android systems. The Google-developed operating system only uses prompts and warnings to discourage users from installing third-party apps but does not stop them from doing so. “In a recently published report, Apple bares the multiple ways that sideloading can harm users,” the Apple report states.

Further, Apple’s report states that allowing sideloading will also harm those that don’t participate in sideloading. For example, schools and offices that require sideloaded apps can potentially allow malware to be installed in a plethora of devices. In fact, a single user installing sideloaded malware can compromise an entire network. A child who isn’t familiar with the perils of sideloading can easily stumble upon a harmful app out in the wild.

As such, Apple will keep its stance against sideloading. If you need sideloaded apps, Android (and the vigilance to know dangerous apps) might be the better solution for you.

SEE ALSO: Apple ‘unleashes’ invites for Oct 18 event

News

DuckDuckGo has a new way to protect your emails

Enjoy more private emails

Published

on

The days of zillionaire Nigerian princes are long gone. Instead of blatant scams, malicious (or even non-malicious) emailers have grown savvier, sneakily peppering emails with unseen trackers. If you’re keen to prevent emails from scraping information from you, DuckDuckGo has a new tool to keep your private communiques safe.

Now rolling out in open beta, DuckDuckGo’s Email Protection scrubs trackers from emails and forwards the clean version to a private address set up through the tool. Besides cleaning emails, the tool is also capable of telling users which trackers were detected. According to the company, about 85 percent of trackers were discovered in previous beta tests.

Through clean emails, the tool’s Link Tracking Protection removes trackers from links attached to an email. Additionally, Smarter Encryption replaces the same attached links to HTTPS, adding another layer of security.

Users can easily set up an unlimited number of @duck.com email addresses. They can then reply to any email using any of the created addresses, rather than their personal accounts. Besides unlimited access, users can also easily delete their addresses.

To make use of the new tool, DuckDuckGo users need to install the Privacy Essential extensions on desktop. It is also available through the service’s mobile browser on Android and iOS.

SEE ALSO: Why should you use a VPN?

Continue Reading

Security

Twitter whistleblower reveals security issues on site

Allegedly lying about numbers and international influence

Published

on

Twitter

Compared to rivaling social media networks, Twitter has — or had — successfully navigated away from controversy, leaving everyone else in a mire of privacy issues. However, the platform might have finally run out of luck. This week, an ex-executive has turned into a whistleblower to reveal a litany of issues surrounding the platform.

The story so far

Back in 2020, Twitter suffered one of its biggest attacks in its storied history. The list of victims included major names in American politics, industry, and entertainment like Barack Obama, Joe Biden, Apple, and Kanye West. All of the hacks invited users to deposit money into a Bitcoin wallet for the promise of doubled returns. Though innocuous, the attack represented a critical failure in Twitter’s infrastructure.

To address what happened, Jack Dorsey’s Twitter hired Peiter “Mudge” Zatko, a white-hat hacker, as its new head of security. While he quickly ascended through the company’s ranks, Zatko didn’t stay long in the position. He was fired back in January this year. Of note, Dorsey already left Twitter at this point, leaving the company to now-CEO Parag Agrawal.

Fast forward to a few months later, billionaire Elon Musk made a bold claim that he was going to purchase and privatize Twitter. The deal, sparkling with promise, is currently stuck in limbo, owing to both parties’ issues with the other. Musk, for one, claimed that the company lied about how many bots were on the platform, among other security-focused issues. Now, his concerns do have some precedence: Musk was one of the big names affected during the 2020 hack.

Connecting the dots

What does a Bitcoin scam, a fired executive, and Elon Musk have in common? It sounds like the start of a bad joke, but they’re all connected.

For one, the eventual whistleblower is Zatko. According to the extensive report, obtained by CNN and The Washington Post, the ex-chief discovered a list of security issues during his tenure. However, Agrawal reportedly forced Zatko to stay silent and not provide a full account to the company’s board of directors. Zatko believes that his firing stems from this issue.

Months after his firing, Zatko decided to act as a whistleblower, fulfilling the responsibility initially entrusted to him by Jack Dorsey.

A litany of issues

Most of Zatko’s issues revolve around how lax the company is with security and information. According to the whistleblower, all of the company’s engineers have access to the website’s source code. Further, anyone can easily make changes to the code without logging in what changed. Even worse, an astounding 4 out of 10 devices with this access have poor security standards. If an engineer (or someone close to them) wanted to, they can easily change the website to favor more of their views over others.

Additionally, Twitter allegedly fails to delete a user’s data if they chose to shut their Twitter account down. By regulation, the platform is required to delete all data and not keep a cache for themselves.

Thirdly, Zatko says that the platform does not accurately measure exactly how many bots are on the site. Twitter claims that less than 5 percent of users are verifiably bots. Though Zatko doesn’t estimate how many there actually are, one can easily argue that there are more. In fact, Musk himself argues that there are more. The lack of transparency as to the exact number is actually one reason why the sale hasn’t pushed through yet.

Finally, and arguably most critically, Zatko says that the platform is easily swayable by foreign actors. It’s no secret that some countries are forcing platforms to open up local offices in their home turf. The United States, for example, is pushing TikTok to open an American office to prevent data transfer from the country to China.

While national security presents a good side to opening a local office, others can also use the tactic to further national goals. For example, the report alleges that Agrawal asked Zatko to hire a Russian agent to comply with censorship demands during the early stages of the conflict with Ukraine. Another instance alleges that Twitter hired an agent from the Indian government who had access to a vast amount of user data.

What happens now

Currently, the Securities and Exchange Commission, which received Zatko’s complaint, is investigating the extent of the whistleblower’s claims. If found guilty, Twitter is liable for billions of dollars’ worth in fines.

Twitter is denying the allegations, claiming that the platform maintains the best modicum of security for its users. “While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context,” a spokesperson said to CNN.

On the other hand, the whistleblower has likely piqued Elon Musk’s claim to Twitter. With security concerns part of his original argument, the billionaire might be interested to see what the SEC finds.

Continue Reading

News

Half of Android users think Apple is more secure

According to survey

Published

on

As the demand for more smartphones shrinks by the day, the two major sides in the smartphone world — Apple and Android — have looked towards each other to keep their respective growths alive. In particular, both parties have released easy-to-use tools to help converting users switch to their side. Now, despite the lack of coercive energy from either side, it looks like it’s working.

According to a survey from Beyond Identity (via BGR), almost half of Android users are considering a switch to iOS. Specifically, 49 percent of Android users are perceiving better security over on Apple’s side, resulting in a potential switch.

Of course, the argument is not unheard of. For more than a decade, Apple has celebrated its security over its rivals. Remember the iconic string of Mac versus PC ads featuring John Hodgman and Justin Long? Now, the brand is running ads to both proclaim how easy it is to switch and how secure the platform is.

To dig deeper, the survey also explains how Apple users do feel more secure on the platform. Users have reported fewer digital attacks and data loss on iOS, compared to Android. (Although, to be clear, the difference between the two platforms isn’t that great.)

If you’re worried what this might mean for Android users, there is an important caveat: The survey talks about perceived improvement. This is about what users think safety on each platform is. Therefore, the debate between Apple and Android continues to broil. At most, the survey might spell ups and downs for people switching between brands.

SEE ALSO: Apple might soon display ads on your iPhone

Continue Reading

Trending