Blog

Android = Google?

If you ever booted an Android phone the very first time you know that you have to:

• accept (often multiple) License Agreements ((almost) no one ever reads)
• accept (often multiple) Privacy Agreements ((almost) no one ever reads)
• add or setup a Google account

So let’s say you do not want to get spied by Samsung/LG/…. and mostly not by Google itself. Is that even possible?

It is .. and it becomes more and more practical as you can even buy phones with Android pre-installed which respects your privacy (scroll down for examples).

Is that real or just paranoid?

Well it is all about one thing: trust. So if you trust: ….

• … that your hardware vendor is really just taken the data he needs and protect it correctly according to law
• … that Google is just using your data anonymously (did you know that they really had read your mails? .. and even when they stopped the ad-personalized progress they still process your data and email content!
• … that all your data regardless where is accessed by persons allowed to – and only when needed

Then you might do not care. But do you know why your privacy is that important? .. and why that is the case not just for yourself but also for the people around you?

Nothing to hide (?)

I read the following in almost every discussion when it comes to data privacy & protection

If you have nothing to hide, then you have nothing to worry about!

This is the worst statement I can think of… and usually means the Autor has no idea what he is talking about. … but this is understandable, because most people do not even know why protecting your privacy is so important which then leads to a statement like the above.

I am doing IT-Security since 2002 and even though the attacks became different over the years there is one thing you really should worry about: your privacy.
Number 1 gateway for Malware was and will be always: you – I mean not literally you but the human itself. In 9 of 10 cases a network can be hacked, exploited because a human had opened an infected attachment, visited a bad website etc. Often enough these attacks are completely hidden for days, months and even years.

.. and I do not talk about the regular spam/scam we all get every day! No. When you are so careless about your data I (the attacker) am really happy.

As you have nothing to hide I get easily the following:

• your full name (e.g. John Doe)
• your address or parts of it (e.g. El Paso , TX , USA)
• your girl/boy-friends name (e.g. Jane Doe)
• your mom’s mail (e.g. alice@doe.com)

So I could write you an Email like that:

from: alice@doe.com
subject: need your help ..
Dear John,

I would like to make Jane a pleasure and therefore I have thought about what I could give her. My neighbour has designed a swimming voucher for me, could you have a look at it and tell me what you think of it?

ATTACHED: ShawverPool.pdf (contains a simple looking voucher for swimming nearby your address. ofc, containing malware)

Seriously, would you open that attachment if you were John?
I mean it is obviously from your Mom (from mail address) and speaking to you directly (knowing your name), containing things only Mom could know (haha, i.e. here the girlfriend’s name).. And last but not least that Shawver Pools (see attachment name) is nearby your address.

The point is: if you think you have no important things to hide you actually have. If you are careless about your data (or your Mom/friend is) then these information can be used to hack you – or other persons and so .. even companies.

This also means that if you do everything to keep your personal information secret, if your mothers/fathers/friends/colleagues do not care, your personal information could be disclosed by them. So privacy is important for all of us.

My data is not interesting! (?)

Hacking is not where it ends though.
Being social hacked is the most efficient way of getting into a company or your bank account but you should take care about your personal data not “just” because of the security risks. Companies around the globe actually pay to get your personal data because they can make profiles out of that information.

Why you should care about being tracked or what your personal interests are? Just think about if you would like every neighbor knows what your political preferences are, what videos you like to watch, where you buy and what you buy. Even your very private conversations like intimate text messages, pictures or calls is nothing you want to keep private?

These information is not just used to offer you personalized advertisements (did you ever clicked on a personal ad in Facebook? .. be serious..) no it can be even used to send you misinformation to change your mind e.g to vote another political party or just to let you buy other cookies or a smartphone from a different brand next time. Not because these are better, no because they tricked you in thinking these are better.

Apple says: “Privacy. That’s iPhone.”

The people knowing me are aware that I would never buy an iPhone but the Apple advertising is awful disinformation to make people think that Apple is taken care of your privacy.
Don’t get me wrong the phone itself is secure in terms of hardware security but that is not the same thing than privacy. Just 3 examples why an iPhone is not private:

• Watch Rob Braxman’s statement about the current Apple advertising: “Privacy. That’s iPhone.”
• Watch Apple doesn’t actually care about your privacy
• Watch The Truth About Apple and Privacy (catches Android as well)

Privacy. That’s not iPhone nor the classic Android phones you can buy.
The difference here is that on Android you have at least the choice to flash a different OS like:

• GrapheneOS
• CalyxOS
• /e/ OS

and/or even buying a phone like those from

• Copperhead
• /e/ foundation
• the Librem 5 by Purism or the community driven PinePhone are other good Open Source choices – while not running Android but Linux.

TL;DR

Just to be crystal clear here: the above scenarios are not fiction or theoretical but real, seen in the wild and affected a lot of people out there already.

Your privacy matters as personal data is power and this power can be used to trick and redirect you and even influence your decisions.
You really say you do not care about your own freedom? You really do not care about making your own choices without being tricked?

If you are aware of all these above and still saying

If you have nothing to hide, then you have nothing to worry about!

Then I do not understand why but I respect your choice, of course… (wait is that really you speaking or did you get tricked in thinking that ;) ? Think about it..)

Last but not least and in the words of Edward Snowden:

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”