Google’s Android mobile software also has a voracious appetite for data but may be less vulnerable than the iPhone to broad attacks, such as the recently uncovered one affecting tens of thousands of phones reportedly targeted by NSO Group’s Pegasus software. That’s because Android runs on many different phone types, each with slightly different versions of the software, said Zuk Avraham, the C.E.O. of the cybersecurity firm ZecOps. Pegasus software reportedly collected all manner of personal information, such as emails, voice mail messages, passwords, contacts, call logs, social media posts, web browsing history and photos, and it can remotely activate a user’s phone camera and microphone, according to The Washington Post.
Of course, no software will be invulnerable to every type of hack, but when your marketing states, “What happens on your iPhone stays on your iPhone,” the bar ought to be set higher.
One way to keep prying eyes off your data is to resist putting files into Apple’s iCloud service, but that means potentially choosing another service, with its own privacy concerns. The child pornography scanning project, Apple says, is only for consumers who store their photos in iCloud. Apple also has access to text messages that it says are otherwise encrypted when they are backed up in iCloud, a workaround that’s apparently necessary to aid law enforcement. But for most consumers, it’s a distinction without a difference; photos and text messages are primarily created and accessible on the phones that Apple tells us are sacrosanct.
Apple could take a big lead over its rivals by supporting a single setting at the browser level, known as the Global Privacy Control, to prohibit companies from selling your data to others. That would take the place of prohibiting such actions site by site. (The initiative is supported by a host of privacy and media organizations, including The New York Times, as well as California’s attorney general.)
Tech companies would like users to believe that they hold the keys to their own privacy. But, locked into Apple’s or Google’s ecosystems, our data is as secure as their policies. I’d like to trust that the biggest technology companies have the best intent, but when they have to say out loud that our privacy is paramount, it sure is difficult.