The only thing you're close with is about whether a mobile device (including an iPhone) can be used for spying - baseband software in the cellular modem is a known area of concern for any mobile device.
The rest you're making claims that either directly contradict what is known or have no basis, without any evidence.
> ... the more I think they are unable to track and log information like they can on US(ish) phones.
My first thought was "Why? Can't they snoop on us with those phones?" Then I thought that they snoop at the network level so I don't think they need anything on the handset to listen in. Maybe I'm wrong about that.
> It is as if the communication couldn't be monitored. It's not like the phone conjures the images from thin air
You just contradicted yourself. If the communication can't be monitored, then the phone may as well be conjuring images from the air as you have no way to know what they are, where they come from, where they are being sent.
> What about people who don’t have smartphones or people with old smart phone OSes like Symbian? Doesn’t seem feasible to maintain a dozen apps like WhatsApp used to have.
Well, if you're a company that manufactures a product that can be used for spying on people, and you want to make clear that the intended use isn't for spying on people, then I guess you need to ask how badly you want to make clear that it's not a technology for spying on people.
In the case if your specific questions, if you don't have a phone with BTLE, then your phone probably can't detect it.
> If you are truly worried about spy devices, you should really consider dropping your cell phone in the toilet.
> Honestly, if you're worried about this sort of thing, you shouldn't own a cell phone.
People keep saying this but not owning a cell phone doesn't help against being in the vicinity of a far-field microphone connected to echo?
Then your idea about pcapping 24/7, I'm not sure what this data would look like, but given that the software emitting it is closed-source and auto-updating, wouldn't it change every other update or so? You'd have to re-reverse the data every time to see what it's actually sending, sounds like a lot of work, like keeping an eye on a young child to make sure it's not creating/getting into any trouble.
You can call it "paranoid", but I think by now we have all seen enough reports about these sorts of things going wrong (on purpose or by accident), it's more reasonable to say that you are okay trading convenience for privacy+security than calling the people who aren't, "paranoid". It's 2016.
BTW if you can make sense of the pcapped data sent out, that means it's not encrypted, right?
> You can do those things, but you're not going to.
This is a 100% trash point. I have yet to see an unknown device on my network from a dumb screen, let alone any additional microphones or cameras on said dumb screen. I have also not seen or heard of any reports of it becoming a spying type device. You mean to tell me the dumb panel I bought, which is from a major manufacture with known tear downs and a ton of buyers, managed to sneak this hardware in (even something like a cellular radio) and nobody noticed?
I'll repeat this for you so you perhaps it will impact you this time: Show me a dumb TV that has been wired up to spy on people that has been in the wild before.
Please come equipped with citations, references, and examples before commenting.
> But the actual problem is the baseband processor running completely non-free software
True, and once that one will be made open-source too, there's still the NSA tracking mobile phones worldwide and generating all kinds of privacy-invading data based on it:
> you are arguing about the security deficiencies of modern phones as you've imagined them, rather than as they are
I appreciate the strength of your conviction - but I'm not an phone industry insider, and have no access to the kinds of reading-material I assume you're pointing to - for example, Qualcomm put their docs behind a verify-your-employer-wall (which is outrageous): https://www.qualcomm.com/products/technology/modems/snapdrag...
...if Qualcomm's attitude towards openness and transparency is representative of the mobile comms industry in general then they have little hope of correcting any misinformation or misconceptions other technology folk like ourselves might have, let alone the general public.
> I think putting in Airplane Mode should be a good idea.
And then you still would have to trust this Airplane Mode.
Honestly, I have absolutely no idea what is happening in my phone.
Is it maybe still collecting data while it is in Airplane Mode and sending it somewhere once it is set back to regular mode? Or is it even sending data all the time, because the NSA knows that never a single plane has crashed because of active cellphones? Probably some smart people out there are checking their phone's internals and activities more than I do...
> Perhaps this will make it clearer that controlling things from your phone currently involves somebody in the middle, monitoring what you're doing.
As I mentioned in another comment, part of the original suit (the claims that the app violated wiretapping laws) was based on the fact that when used in a "solo"/"local" siuation, the app had a direct Bluetooth connection between the phone and the controlled device which means there was no reason to think there was "somebody in the middle, monitoring".
> The point is that there is such complexity in your average smartphone, that strictly enforcing radio silence with software from within is practically impossible.
Change is never impossible for something we ourselves design and manufacture.
>The GSM/LTE/whatever radio runs very closed source firmware.
This seems like a problem that could be fixed.
>Your phone could have been "jailbroken" without your knowledge by a 0-day exploit, effectively negating the OS security.
Probably sounds quaint, but run SW from a ROM.
>Make a hardware switch that powers off all radio subsystems. Even if that were possible, your iPhone would not like a subsystem disappearing from existence. It isn't designed to handle that contingency and will surely fail in spectacular ways.
You seem to be saying that the iPhone SW can't be altered to tolerate the disappearance of a subsystem, I just don't believe this is true. It's a poor excuse to do nothing.
If humans are incapable of writing secure SW, then put in one or more physical switches that powers down all transmitters, and write SW that can adapt to this. Don't tell me that's impossible or even all that difficult.
> Similar functionality to an Echo / Google Home / Apple whatever. They'll be listening for "hey siri" or "ok google"
This seems to be a pretty big assumption, without which your whole argument falls apart. In my case, at least, I have no such functionality enabled. You could argue that the manufacturer of my phone could push a software update that enables it without my knowledge (in fact, they likely couldn't, because I don't have automatic updates turned on), but even if this were true we're now arguing about a very different thing - the theoretical ability of MegaCorp to spy on me as opposed to actual known spying.
> Great, it has expensive royalties and it betrays the user.
Your cell phone also sends out photons that can be spied on. Worse yet they're multicast so multiple parties can receive them at the same time.
Seriously though, this is an absurd concern, and I say that as someone who is very privacy minded if not actually paranoid.
I still don't trust that cell phones aren't sending back keywords picked up on the microphone, but I guarantee you that right now no one is listening to your digitizer's rf output, much less that the device itself is somehow "betraying the user" by exfiltrating anything over it.
> .. could be scary. But I disagree that this has anything to do with the iPhone X or its TrueDepth camera.
Well, lets just say there's the kind of scary fact that nobody, trustworthy, has audited this thing.
Like, should a company that didn't run a "doesn't let root login on first-try" test be allowed to be making such wide-ranging decisions as face-scanning?
What if I don't want to have my face scanned, but nevertheless need to pick up somebody's lost-phone/detonation-device? Shall I just wear a mask?
The point is that we have moved beyond a zone where 'disagree/-agree' means anything, any more. Our data is out there.
Not so sure I want my face involved where, preferably, my hands should be..
> The only things in my pocket are my wallet and keys. My phone[1] could probably be used for remote surveillance, but without a warrant, that's a crime.
Sure, a bit naive, but I digress. Even if it's illegal, it would be better if it was simply not possible in the first place. It's optionally having that functionality, rather than building solutions considering privacy in the first place.
> without any type of "voice assistant" app
I don't think you can uninstall Siri or Google Assistant on neither iPhone or Android, so that point is kind of null. Only with root or custom roms you'll be able to do that.
> that is merely a set of flags and directions in the programming not anything inherent to the system.
Parental controls can also be setup to track kids real time position, it’s invasive but that’s what the people buying the phones want.
Anyway, it’s all just code, every device with over the air updates has the exact capacity you fear. As it stands no it doesn’t do what you’re worried about. It could after someone builds as system to do more than just detect porn, but that was true of the original iPhone.
So, I get the concern but if that’s what you’re worried about you should be equally concerned for every other device that can be updated without your consent.
And yet you present no evidence.
The only thing you're close with is about whether a mobile device (including an iPhone) can be used for spying - baseband software in the cellular modem is a known area of concern for any mobile device.
The rest you're making claims that either directly contradict what is known or have no basis, without any evidence.
reply