I’ve got a feeling this is more a “Look, we can do it too” or a “Here’s some security options without having to void your warranty with custom ROMs” kinda thing. Either way, it’ll keep the Apple camp happy.
JavaScript optimisations like JIT require being able to mark sections of memory as executable, and this has historically been a source of security vulnerabilities
So being able to completely disable these optimisations is great from a defence-in-depth perspective
It’s very possible for a browser app on Android to implement the same safety switch, but I don’t believe any have to date
That Privacy Browser app you have linked uses the built-in webview in Android, which uses V8, and I’m not sure it even has such a switch
People who are at especially high risk will likely know who they are and just leave Lockdown mode enabled 24/7
If you’re a journalist, a lawyer, an activist, a refugee, a whistleblower, or a woman trying to get healthcare, then I’d recommend keeping Lockdown mode enabled as much as possible
I think this mode is meant to protect journalists and other common targets of high profile attacks from zero day exploits. The most common vulnerabilities used for such attacks are in exotic file types, browser bugs, voice/video calls, and of course USB when physical access is possible. This mode vastly reduces the attack surface.
Installing Android custom roms may be good for privacy, but unless you pay a lot of attention to the details you will not be very safe with the above mentioned threat model. After flashing, many people keep the bootloader open, have root, maybe USB debugging, possibly didn’t encrypt the filesystem (I think Android does that by default now though). And depending on your device you can be lucky if your ROM is maintained at all, keeping up with security updates on top of that is a lot of work for a handful of volunteers.
And common targets of high profile attacks are often not very tech savvy. A single magic button that turns off many risky features is really useful. I want it in Android too
There are lots of governments and their capabilities vary wildly. Of course there’s the big trust issue with Apple itself, the US government, most of Apples supply chain, and the governments of those suppliers. But this still leaves out many groups who really want to get into peoples phones, and their only option is finding zero day exploits to get in. This mode vastly reduces the attack surface for them.
I wouldn’t touch an iPhone if I had to do something with US government secrets though.
And who knows which government sellers of hardened phones belong to.
Many targets probably don’t even think they are important enough to be targeted, so they wouldn’t put in the money and effort for tinfoil hat security anyway. But maybe they feel important enough to just enable this mode.
Saying this mode is useless because there might still be ways to get in is like saying seatbelts are useless because you can still die in car crashes.
deleted by creator
I’ve got a feeling this is more a “Look, we can do it too” or a “Here’s some security options without having to void your warranty with custom ROMs” kinda thing. Either way, it’ll keep the Apple camp happy.
deleted by creator
JavaScript optimisations like JIT require being able to mark sections of memory as executable, and this has historically been a source of security vulnerabilities
So being able to completely disable these optimisations is great from a defence-in-depth perspective
It’s very possible for a browser app on Android to implement the same safety switch, but I don’t believe any have to date
That Privacy Browser app you have linked uses the built-in webview in Android, which uses V8, and I’m not sure it even has such a switch
deleted by creator
People who are at especially high risk will likely know who they are and just leave Lockdown mode enabled 24/7
If you’re a journalist, a lawyer, an activist, a refugee, a whistleblower, or a woman trying to get healthcare, then I’d recommend keeping Lockdown mode enabled as much as possible
deleted by creator
I think this mode is meant to protect journalists and other common targets of high profile attacks from zero day exploits. The most common vulnerabilities used for such attacks are in exotic file types, browser bugs, voice/video calls, and of course USB when physical access is possible. This mode vastly reduces the attack surface.
Installing Android custom roms may be good for privacy, but unless you pay a lot of attention to the details you will not be very safe with the above mentioned threat model. After flashing, many people keep the bootloader open, have root, maybe USB debugging, possibly didn’t encrypt the filesystem (I think Android does that by default now though). And depending on your device you can be lucky if your ROM is maintained at all, keeping up with security updates on top of that is a lot of work for a handful of volunteers.
And common targets of high profile attacks are often not very tech savvy. A single magic button that turns off many risky features is really useful. I want it in Android too
deleted by creator
There are lots of governments and their capabilities vary wildly. Of course there’s the big trust issue with Apple itself, the US government, most of Apples supply chain, and the governments of those suppliers. But this still leaves out many groups who really want to get into peoples phones, and their only option is finding zero day exploits to get in. This mode vastly reduces the attack surface for them.
I wouldn’t touch an iPhone if I had to do something with US government secrets though.
And who knows which government sellers of hardened phones belong to.
Many targets probably don’t even think they are important enough to be targeted, so they wouldn’t put in the money and effort for tinfoil hat security anyway. But maybe they feel important enough to just enable this mode.
Saying this mode is useless because there might still be ways to get in is like saying seatbelts are useless because you can still die in car crashes.
deleted by creator