Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
this post was submitted on 04 Mar 2025
304 points (98.7% liked)
Privacy
34526 readers
968 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Worried I'm getting a bit too paranoid, but...
Why backdoor the messaging apps when you can just monitor the entire OS?
Having control over the OS doesn't help if the OS doesn't understand the app's data.
If only there was an AI that monitors everything going on on the device which they could force onto everyone
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
Applications like signal are encrypted at rest on your device as well - https://security.stackexchange.com/questions/277330/how-does-signal-protect-data-on-the-device-from-unauthorized-access
You're right that the e2ee part is only about protecting the data while in transit, but that is because it's the hardest part. Apps can also store the data in an encrypted format so that other apps won't be able to read it.
If the Apple security decision in the UK is anything to go by as well as the Trump administration in the US pushing hard for government backdoors in cloud storage and messaging apps, which has been asked for for a long time but didn't have much chance of getting past court oversight in the US until the Supreme Court was so corrupted, then likely this is going to be a way that governments can enforce the idea of having encrypted data transmissions to keep data out of the hands of foreign hackers, but still have corporate backdoors that allow governments to access the unencrypted data. That's exactly what the UK said the Apple thing was supposed to help with. Of course data is only as secure as the weakest link and corporations are often much easier targets than individual users anyway. So it has the same result, but it appeases the majority who don't get it.