Website/browser security/privacy versus tablet?

Discussion in 'other security issues & news' started by roark37, Mar 22, 2013.

Thread Status:
Not open for further replies.
  1. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    190
    Hi, I have kind of a general question about tablet security/privacy. I don't have a tablet or smartphone but am considering getting a tablet. How does the privacy/security in general compare to using browser/computer. For example I use online banking and do it from the website. I assume using a bank tablet app would be safe also right? But would there be any real difference in security?

    But what about more ordinary security and tracking? I know there is lots of web based tracking and some tools to guard against it but is tablet/app tracking just as common if not more so? And are there any steps you recommend with tablets to give more security/privacy? And for those of you that have tablets are you just as comfortable using apps as you are using computer browser?

    Lastly, if I get a tablet I am not sure yet if it will be Android or Ipad but in terms of privacy/security is there a major difference between the two? Also all of my questions are only for wifi tablets so cellular or any other issues that may involve don't apply.

    Thanks.
     
  2. BrandiCandi

    BrandiCandi Guest

    The issues you face are 1) many apps request access to too many local resources which can compromise your privacy, and 2) if you install apps from untrusted sources then you're more likely to get owned.

    A few general guidelines:

    1. Install apps only from trusted sources. That's simpler on apple, AFAIK no malicious apps have been in the apple store, whereas malicious apps have been uploaded to android stores. For android apps check up on the developers and apps. Read reviews.

    2. Android attracts 112 times more malware than ios. http://tech.fortune.cnn.com/2013/03/07/apple-android-malware/
    That does NOT mean that ios is uncrackable.

    3. Check the resources that each app requests. This is an issue for ios and android. A camera effects app does not need access to your contacts, if it requests it that should be a red flag. Manually remove access where you can. Check that access didn't change after applying updates.

    4. If you root/jailbreak your device you are much more likely to get owned.

    5. A free version of an app that usually costs money is probably malicious.

    6. Don't put the device in promiscuous mode, meaning don't automatically attach to free wifi networks. Obviously you would only bank from your own/ trusted wifi networks.
     
    Last edited by a moderator: Mar 23, 2013
  3. BrandiCandi

    BrandiCandi Guest

    Also location services can be really convenient- it makes interactive maps work. However geo-located photos can leak more private info than you'd like. Make sure to understand whether the photos you take are geo-tagged especially if you upload them to a website somewhere.

    Like for everything else, you have to balance usability/ convenience with privacy / security. They are almost always opposed.
     
  4. BrandiCandi

    BrandiCandi Guest

    I am immensely paranoid. I've got a tin foil hat for each outfit. I would never bank from my phone except through the regular browser. I would positively never trust a bank to implement an app safely, and I would not trust that the rest of my apps wouldn't steal info from the bank app.
     
  5. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    The three primary attack vectors for Tablets/Phablet/Smartphone (to my knowledge):
    - physical access (includes memory, security bypass, etc.)
    - remote access (radios)
    - applications

    These devices are just as susceptible to attack by physical access as desktop computers, but their portability increases the statical odds of these devices being abandoned and/or stolen. With physical access they can do anything from bypass your devices security (lock screen) to conducting forensic analysis on your devices memory. These devices are also susceptible to remote access, based on a report by U.S. Cyber command, which found a critical vulnerability affecting android and iOS platforms. The vulnerability allowed for hackers to remotely access your phones personal data (contacts, etc.) remotely. At the time, it was believed a patch would not be possible on the current platforms, but keep in mind this cold have changed since the introduction of jelly bean for android. I'm still skeptical, and I transport my phone in an ammo can while driving. One way to mitigate remote access would be to shut off unused radios, which also saves battery life. Like routers, the menu settings for your device may not actually turn off the radios. This is evident on my phone, unless I enter airplane mode. Against I'm still skeptical, hence the anti-emf tape and ammo can. Physical and remote access in my honest opinion are probably the biggest threat to your privacy and security followed closely by malicious applications. As for the online banking, I'd strongly urge against this. I don't particularly trust banking on a desktop computer even with a supposedly "clean and secure system". If you absolute have to do online banking, then I usually suggest a dedicated computer for this task and a separate device for casual surfing.

    Some applications start off relatively harmless with few permissions, but then elevate their permissions following future updates. It might seem rational to say yes because they implemented some new feature, but I'm of the mind set that the answer should be no. Sure my social networking app wants to access my contacts list to assist in finding friends and contacting them, but is that something that I want to do? I'd prefer to add people manually, but that is the two-faced nature of convenience. I also chose to keep as few applications my device as possible by uninstalling and reinstalling applications as I need them. Is this mandatory? No, but this comes down to how concerned you are about privacy and security overall. Now, others have pretty much hit the primary concerns for applications, which is: (1) permissions, and (2) application source, but I'd like to focus on another concern that I've seen in some application markets such as Amazons. That is security applications that think white listing and black listing is a valid substitution to full bodied desktop applications. I'm not saying all security applications are bogus, but this is something I'd strongly investigate before you go spending money on a mobile anti-virus or ad blocking application. The poll on mobile security and privacy applications has some really good suggestions on applications that seem legitimate. There is also an android privacy thread that has some application suggestions if your a concerned android user. Just remember that their is a price tag for everything, including free applications. Whether that means they data mine you and/or they severely impair the service they provide you. Even so, I personally value my security and privacy more than I value getting a good deal on an application.

    My final thought on security and privacy is that you remember as security or privacy increases, it becomes fairly easy for the other to decrease. For example, the ability to remotely locate and kill your device via an application is a great way to protect your security. This is also a clear privacy violation, in which location services can be used to track your whereabouts. Ultimately, you the user need to decide what is acceptable (necessary evil) and what is not. I've lived by default deny, and honestly being a no-man has never steered me wrong.
     
  6. er34

    er34 Guest

    There is no such thing as privacy on a tablet. Android is Google and this technology is made to spy you. Apple is less spying but they do it, too. Government and agencies cooperate with these companies for sure. If you want privacy => no tablet.
     
  7. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    True, I seem to remember reading in a thread here that apple will hand over a copy of your data on a disk upon receipt of a warrant from law enforcement. Not sure the validity, but it makes sense. Companies are going to comply because its in their own best interest. No one is going to willing take a fall for a complete strangers unless they can mitigate their own risks. Which is what happened when they tried to shut down pirate bay. It took steps to position itself as a communications service, which did not store the pirated content, but instead allowed people to simply communicate/share that content. Kind of like a middle man. I didn't have the patience to watch the whole thing, so I'm presuming they won the case? Anyways, if you want privacy in today's day and age then you really have to go low tech or no tech, which is for me would be really hard to do. But if your just trying to mitigate that doesn't mean you can't still control what content is shared over that device.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    If you want privacy => no internet. :) and now back to square zero

    Yes, very similar. Take the same caution that you take with your PC.
     
Loading...
Thread Status:
Not open for further replies.