Now that Facebook has pushed their new Messenger app on the public, some semi-scary info has come out in the form of what the app actually has access to. It also highlights iOS’ security model vs. Android’s security model.
I won’t cover each item in great detail, as that can already be found here.
Also, before I loudly proclaim what I already assumed, I checked with my friend Bill, an Android enthusiast with no bias toward or against iOS. I can always count on him to tell me like it is with Android, without the bashing. *I* may bash things I don’t like about Android, but I also don’t want to turn into a typical Windows user who bashes the Mac’s made-up faults (or faults that might have existed in 1995).
So, let’s start with the easy part – Android. Android’s security model is simple. When you go to download something, you’re provided with a list of items the app wants access to. You have to agree to that. It’s an “umbrella” agreement, meaning a yes is a yes to all. It now can do many of the things in that scary Huffington Post list. The end. The way to avoid the problem is to not download the app.
I can give much more detail for iOS because I downloaded Messenger for it to see how scary it is.
iOS has a much more piecemeal or à la carte security model. There’s no warning of what the app may want during the download process (and that’s ok). When Messenger starts up, it tells you what it needs access to, defaulting itself on the “ok” button, but providing you a smaller “not now” button. So, as the app begins, you get a choice for each thing the app wants. So far, what I have described isn’t even iOS keeping you safe, but Messenger itself. So, by tapping “not now,” you have declined the things it is asking for.
iOS comes into play if you tap ok to something in Messenger (or any new app you install, for that matter). You are presented with a dialog box that Messenger wants access to your *whatever*. You then have to explicitly give an ok there, or you can deny it if you accidentally hit ok in the Messenger app. So, Messenger can only access things IF you have given it access TWICE.
Things that Facebook generally wants access to include photos (can’t submit a photo if it can’t get to them), contacts, etc. If you’re like me, you say yes to the photos, but no to the contacts. I like that level of control to my security. There’s an article somewhere that says iOS won’t ask about photos until iOS8, but this is incorrect. Every new app on iOS7 that wants my photos needs permission.
Finally, there are some things in that list I provided which just aren’t possible on a regular, non-jailbroken iPhone. No app can change your wi-fi or network settings. That has not happened in the history of the iPhone. I have no idea if Android can/would allow such a thing to be done by an app.
I’ll close with the old argument. Android is more like openness and freedom, whereas iOS is more like a walled-garden or gated community. Last time I checked, however, many people actually want to be, and pay for, a safer, gated community. I’m in the latter camp AND I’m an IT guy.
“Don’t ever invite a vampire into your house, you silly boy. It renders you powerless.” – Max (The Lost Boys)