Is Your Private Phone Really Private?

Words like encrypted, private, and secure get thrown around a lot in the mobile phone industry. However, many companies play fast and loose with these terms. In fact, if the mainstream concept of a “secure” phone is accurate, we should all be very worried.

In this post, we’ll take a look at a few of the seemingly misleading claims some of the major players in the phone industry have made recently.

Does Your Phone Really Need to be Private?

Privacy is an interesting concept in today’s day and age. Under the guise of safety, we’ve willingly ceded many of the rights we used to have pertaining to privacy. Now, it’s routine practice for businesses to track individuals’ internet history through their cell phones.

Some people may truly not care whether or not they have privacy. Others may despair and simply believe that it’s a lost cause to try to fight these giant corporations that have access to every single bit of data associated with us.  But for those who won’t stand for these privacy violations, a secure phone is not only a nice thing to have, it’s absolutely essential.

Preferences and beliefs aside, nearly everyone would agree that it would be a very bad thing if their lost or stolen phone was able to be fully accessed by someone with malicious intent. This is where features such as “device hardening” come into play.

The Bigger the App, The Worse the Security

Undoubtedly, services such as WhatsApp have had a largely positive impact on society. These apps enable families and friends to communicate instantly from even the most remote areas of the Earth.

However, these apps, despite what their representatives may say, are particularly vulnerable to hacks and massive data breaches.

The unthinkable number of third-party apps alone is a major indication that there is little regulation or standardization of what is considered secure. Not long ago, Google supplied a “Data Safety Section” pertaining to third party apps. However, this information was provided by the app developers themselves. This is the textbook definition of a conflict of interest. It would be extremely hard to make a case for allowing someone to self-regulate in an area that is so important to so many people, but here we are.

Do Your Due Diligence

Unfortunately, you can’t take an app developer’s word at face value when they say their product is secure or fully encrypted. These companies will market their products as aggressively as they can, and they have absolutely no problem bending the truth when they discuss their security capabilities. However, if you look closely, you can decipher more about this topic than you might initially assume. You should closely review an app’s encryption protocols before making a decision about how much they truly value your privacy.

To be charitable to the app companies themselves: some of them may truly believe that their protocols are secure. They may simply not know that their systems are wildly out of date and that better technology has come along.

For instance, a few companies still use an antiquated system known as OTR, or Off the Record for their messaging service. This protocol seemed strong on the surface, but it doesn’t deliver what it promises. Companies using an OTR strategy claim that messages are not able to be delivered to contacts who are offline. However, it doesn’t work this way: OTR only works when it is online.

Another thing to look for is a warning about energy usage. The service may indicate that you should considered hooking up to WiFi due to the massive energy requirements. Generally, this is because the app is relying on technology that has not stood the test of time. Specifically, these apps are using a style of data acquisition known as polling. In large part, polling has been effectively replaced by push technology. Push technology automatically retrieves data at defined intervals, a few times an hour. Polling technology, on the other hand, attempts to update the current downloads every minute. As you might imagine, this is a huge waste of energy, and WiFi could certainly help to decrease these energy demands.

Thirdly, you should look for the device company’s claims about which apps you can safely download. If the company indicates that you can safely download third-party apps, with no risk of being targeted by Pegasus or similar spyware, you are being lied to. It is not possible to keep a phone safe when it allows third-party app downloads. Plain and simple.

Perhaps worst of all, when it comes to the possibility of spyware entering your device, is the fact that you can spread the software to other users of the same app as well. Pegasus, in particular, can take over an entire device, leaving no stone unturned. Often people don’t even realize this is happening until some time has passed.

Amazingly, some of this spyware can work without the user directly interacting with it at all. A missed call, a seemingly harmless text that isn’t even opened, and other presumably innocuous circumstances can lead to devastating consequences once hackers have taken over your device.

Their Silence Speaks Volumes

The vast majority of people do not have a deep knowledge, or even a rudimentary knowledge of cybersecurity.

These companies can use vague language that can make it seem, to the average consumer, that they truly are providing “end-to-end” encryption and other security perks. But if they can’t demonstrate, step by step, how they actually accomplish these feats, they are almost definitely blowing smoke. Also, they may simply omit information from the public record if it doesn’t reflect positively on their product.

On the other hand, GhostChat makes it clear in every presentation, interaction, and sales pitch we give, that our product is completely encrypted and that your data is safe with us.

We believe that privacy is one of the most important concepts in existence. Therefore, we ensure that all of our users are protected completely, no ifs, ands, or buts. Our product is the best on the market and we would be happy to prove it to you today.