Protecting your private data is a lottery Posted by Damien Biddulph on Wed 12th Apr 2017
Just because you're paranoid doesn't mean you can't, or won't be, pwned
Rarely a day that goes by without a new security threat, vulnerability or successfully executed hack hitting the headlines, bringing bad news for the affected companies and their users. Android has a particularly tough time, and there are increasing numbers of attacks aimed at vulnerabilities in Apple iOS, too
While, in this case, that's a problem for both Android and iOS users, it's more frequently an issue for Google's OS. The price of its relative openness is vulnerabilities, whereas Apple's more locked down, end-to-end approach provides more security. Not perfect security, but widely regarded as ‘better'.
At risk, in most of these instances, is your personal data, the financial details you enter on your device without thinking twice, and your privacy. Security and privacy aren't synonymous, but they're pretty closely related and, for the purposes of the person on the receiving end of a breach, whether that breach is by a malicious actor or some government agency doesn't really make a lot of difference.
That's not to pick on LastPass in particular - many other widely used password managers were found to have vulnerabilities too, including one I've paid for and used for several years.
Sometimes it's not vulnerabilities and weaknesses that present confusion and concern for users; take ant-virus software, for example. If you use anti-virus, a firewall or other anti-malware software, you might choose your Android anti-virus based on features, price or reviews.
What you won't really have much of an idea about is how effective each option really is - you pretty much have to take the company's word for it.
Again, however, the average user is shooting in the dark in picking one from the Google Play store, or anywhere else, for that matter.
Think your VPN is safe? It's probably not, at best, and may even come with malware-like properties, especially if it's free. But how should we choose a VPN? How can people achieve the not unreasonable task of keeping their private data private, other than without trusting the claims of services they'll probably never be able to verify.
It's a wide-ranging issue - and not one specific to Android, or smartphones. You're making decisions about what can access your device and data every time you install an app.
"These companies are selling products that claim to securely store your most intimate pieces of data, yet are at most snake oil," Sawyer said in the post. "You would have near equal protection just by changing the file extension and renaming the photos."
This, ultimately, isn't a new problem for computing in any form but with more data about every part of our lives being generated every day, it's one that will continue to be a growing concern.
Unfortunately, it's not one with an easy answer. That password manager that I pay for that was hacked? I still pay for it, and will continue to do so. In fact, it's due for renewal next month.
Preventing security vulnerabilities entirely is all but impossible, so the only viable option for security-conscious users is to stick with companies that respond quickly with fixes and disclosure when these inevitable problems.
With well over one billion Android devices in use, a similar number of PCs and laptops, security disclosures, anti-virus benchmarks and VPN tear-downs aren't on most normal people's reading lists, and potential threats to personal information won't even occur to many people.
And if it does, protecting it remains a total lottery for all but the most tech savvy of users.