“Now that Facebook has pushed their new Messenger app on the public, some semi-scary info has come out in the form of what the app actually has access to,” Take To Task writes. “It also highlights iOS’ security model vs. Android’s security model”
“Android’s security model is simple. When you go to download something, you’re provided with a list of items the app wants access to. You have to agree to that. It’s an “umbrella” agreement, meaning a yes is a yes to all. It now can do many of the things in that scary Huffington Post list. The end. The way to avoid the problem is to not download the app,” Take To Task explains. “iOS has a much more… à la carte security model. You are presented with a dialog box that Messenger wants access to your *whatever*. You then have to explicitly give an ok there, or you can deny it if you accidentally hit ok in the Messenger app. So, Messenger can only access things IF you have given it access TWICE. Things that Facebook generally wants access to include photos (can’t submit a photo if it can’t get to them), contacts, etc. If you’re like me, you say yes to the photos, but no to the contacts. I like that level of control to my security.”
“Android is more like openness and freedom, whereas iOS is more like a walled-garden or gated community,” Take To Task writes. “Last time I checked, however, many people actually want to be, and pay for, a safer, gated community. I’m in the latter camp AND I’m an IT guy.”
Read more in the full article here.
Of course my android tablets have no contacts, so who cares. My android phone has no apps. Security by specialization.
That’s good advice… If you don’t actually use Android products, they work great!
Hey, you’ve got security by obscurity! No one knows your Android phone exists, so no one can break into it!
I prefer a gated community.
This is a non-story. All apps regardless if platform have to do the same thing to provide the same functionality. The media is blowing this way out of proportion and just looking for web traffic to support their ad habit.
No, it’s not a non-story, particularly when you can’t restrict Android from accessing many, many parts of your phone and data if you want to use the app. Pair that with the fact that 99% of all mobile malware is for Android, and that criminals have already used Android devices to create botnets, and it can be pretty scary to use and Android phone.
I got into an argument with one Android guy who insisted that his phone was more secure than my iPhone because he could install all these apps to protect himself. My response was why should I have to install anything? I shouldn’t need anti-virus software for my phone.
Agree 10000%. Windows/Android guys always pretend “more secure” is safer. I always head back to the neighborhood analogy.
North Philly is more secure. Doors have deadbolts and lots of locks. Windows have bars. Everyone probably has a gun. People still get killed and robbed pretty regularly.
Plumsteadville (yup, a real place) is less secure. Windows have no bars. Far less locks on the door. Most people don’t even lock doors. Yet, nobody feels threatened and nothing happens there.
In the end, common sense SHOULD prevail. That means iOS and Mac users *should* still be wary of something fishy and… you people in Plumsteadville should lock some doors.
I have a Windows 8 (Lumina 520) because it costs just a little more than a flip phone. I am don’t use a mobile phone much. From a security point of view, I find it disturbing that most apps require access to personal data that seems totally unrelated to the apps function. While I try to minimize personal info available on this phone, convenience and human nature trumps security concerns at times. In the long run it is probably cheaper to go back to a flip phone or go iPhone.
I live in North Philly and I can attest to your analogy as accurate.
as the writer says he wanted Facebook to access his photos but not his contacts and he could that with iOS but not Android. It might not be the ‘same functionality’ but with iOS you have control of how much functionality you want to give, with Android it’s just a blanket yes or no for everything.
Surely more choice is better than less?
I just deleted the Messenger app from my iPhone. What they demand access to goes beyond the bounds of reason.
You don’t need to delete the app from your iPhone, you can keep the app and simply deny permission to whatever you don’t want…
This article is exactly about that, geez.
What I keep telling people is that Messenger doesn’t magically have more access than the regular Facebook (on iOS, anyway).
Every time someone new signs up for Facebook, the internet becomes infested with another thousand fleas from the armpit of the ur-camel.
Thanks for posting, MDN! My first “opinion” piece outside of my own ranting blog. 😀
People are actually posting the Android permissions as the reason for giving 1 star for the iOS app, not knowing the difference.
The implication in the very use of “gated community” is complete disinformation bull. Any gated community I’ve ever seen is a relatively small area. The massively large and integrated Apple eco-system is NOT a gated community. It’s more like a large, interesting city, where one can wander indefinitely, finding new and interesting things to do and use… because as fast as you can explore, new capabilities and apps are being added even more quickly.
Agreed. One of those phrases that becomes widely used, as if there were real meaning behind it.
I don’t actually feel like I’m in a gated community. I was kind of using the old “argument” generally thrown around by Android guys. That said, I’d much prefer a gated community to pure chaos.
Facebook is already scary. they didn’t need an app for that.
I even wish I had a finer control on Facebook App in the iPhone.
For example, photo access so I can upload photos. That’s it. I don’t want facebook friend’s photos showing up in my contacts.
If I want to assign a photo to a contact, I sure as he’ll don’t want Facebook doing it.
as fine a control as you can get:
don’t do facebook
there, done, no finer way to control your info
This Android problem is called the Android Pileup Flaw. A company called Arxan has formally defined it and treats it as a serious vulnerability. (I do not work for Arxan.)
“Android is more like openness and freedom”
Openmess?
http://www.theregister.co.uk/2014/07/21/ios_firmware_contains_packet_sniffer_and_host_of_secret_spying_tools/
The reviews on the App Store are astonishingly negative.
Over 1500 reviews and the average is 1 star. Many reviewers wished they could’ve submitted zero stars.
Ouch.
The zero/one star thought process is that Messenger is unnecessary. It’s a Microsoftian move to take something that worked just fine and make it more complex for no reason.
Foursquare just did that. They just changed it so that to check-in, which was the main use for many people, you have to switch over to their new app Swarm. The Foursquare app is now essentially a Yelp competitor. Really angered a lot of people for whom the whole check-in game was the entire point of using Foursquare.
I’d like to see more privacy protection than we have. Consider the Moves app that was bought by Facebook. There was a very good activity tracking app called Moves that promised in their privacy policy not to give away the ($$$ valuable) location information that their app collects. When Facebook bought them up the developer, at first hilariously promised that their privacy policy will not change as a result of the purchase. Yet overnight the privacy policy was updated to allow Facebook access. The only opt-out is to delete the app and wait for another developer to fill the void.