SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 154: Should you put a Ring on it?

Posted on September 12, 2019

On this week’s Checklist, we’ll talk about why you might get sick of hearing about your Facebook app on iOS 13. We’ll take a look at Amazon’s version of a neighborhood watch. And finally, we’ll discuss what happens when smart things go dumb—as well as what that means for anyone thinking about buying one.

Here’s the Checklist for this week: 

  • Warnings from Facebook about warnings about Facebook
  • Amazon, your neighbors, and the police wanna put a Ring on it
  • When smart things turn dumb

iOS gets annoying. Facebook gets annoyed. 

What happens when an unstoppable force meets an immovable object? 

People who use the iOS Facebook app are about to find out. 

Next week, Apple rolls out iOS 13—and all signs indicate that Cupertino is doubling down on its commitment to privacy: Users will now be notified by pop-up of how often an app has been accessing their location in the background.

This doesn’t seem to sit well with Facebook, a company that seems as dedicated to data harvesting as Apple is to privacy. In a recent blog post, the social media giant defended the way its app used location data, saying that their motivation was to help users have better experiences with the app and (perhaps more importantly) to serve them more relevant ads.

It’s important to note that iOS 13 will give users several options for how they want to allow an app to access their data: when the app is in use, a one-time permission, never, or always. If you grant an app regular access to your location data, you’ll begin receiving more frequent notifications about how many times it has been trying to track you.

And since Facebook seems to want as much of your location data as they can get, that means that anyone who gives the app permission to track will start seeing, well, lots and lots of notifications.

While this probably won’t render the app unusable, it will likely get a bit annoying for some users—but Apple doesn’t show any signs of backing down on this one.

You could almost feel sorry for Facebook…except, well, they’re Facebook. They’ve been called before Congress to testify about privacy violations and scrutinized by EU watchdog agencies. Perhaps the chickens are finally coming home to roost.

It should also be pointed out that Apple’s new policies don’t just apply to the Facebook app, but across the board to every app in the App Store, including Apple’s own products. And Apple isn’t alone in taking app privacy more seriously: Android is also making it easier to opt out of location tracking when using apps on their platform.

It will be interesting to see how this plays out. If Apple does eventually make it possible to allow background tracking with fewer notifications, we suspect that many folks will go along with it. After all, people love the apps and social media platforms that they spend time on, and are often willing to sacrifice privacy as a part of the deal.

But perhaps Apple’s tougher stance on privacy will lead to changes in Facebook’s app—or in people’s perception of when it’s acceptable to allow an app to gather their location data.

Our advice? Don’t share your location with Facebook. Their protestations about community safety aside, the most plausible explanation for their constant attempts to collect user data is that it’s central to their business model (and the ad revenues that drive their profits). Given their somewhat checkered past with respect to privacy violations and data breaches, the risks just don’t justify the benefits.  

The Amazon panopticon: Coming to a suburb near you!

The neighborhood busybody who watches you from behind their curtains has received an upgrade: Amazon’s Ring.

Ring is an Internet-connected doorbell and security camera. Together with its companion Neighbors app, it promises to keep a watchful eye over your community—recording the comings and goings of both upstanding citizens and shady characters alike.

The Neighbors app is where Ring’s true power lies. The app allows users and law enforcement to share messages, information, and even security camera videos.

So is this merely neighborhood watch 2.0, or shades of Fahrenheit 451?

Without wanting to seem paranoid, there are some good reasons to be wary of Ring and Neighbors.

For one thing, although Ring’s creators say that it will help make communities safer, they don’t seem to offer any statistics to back that claim up. And while they insist that the app is designed to respect neighbor privacy, that doesn’t really square with the overall project of pointing as many cameras as possible at the block. 

Secondly, sharing recorded video with law enforcement raises some serious civil liberties concerns. For one thing, Ring and Amazon are both deeply involved in developing facial recognition technology—and Amazon is actively marketing it to police departments. But this technology is far from perfect. Among its more serious flaws is that it has been shown to return false matches for people of color at disproportionately high rates. All of this has caught the attention of at least one high-level lawmaker: U.S. Senator Ed Markey (D – MA). Senator Markey wrote a letter to Amazon’s Jeff Bezos outlining his concerns, and included a list of pointed questions about how Ring and police departments plan to use security camera footage.

So is this cause for alarm? Amazon’s terms of service allow users to opt out of various forms of data and video sharing, or even using the Neighbors app at all. But terms of service change—as do governments. And that’s reason enough for us to keep an eye on what Amazon and Ring do in the near future, and how (or if) they respond to Markey’s letter.

When smart things go dumb

Last week on the Checklist we had a bit of fun with a story about smart sneakers—and wondered whether or not we weren’t all just better off buying the dumb version of certain products.

This week we have another story which bears on this question. Electronics retailer Best Buy has announced that they will be discontinuing Insignia Connect, the app platform which powers their line of Insignia smart home devices. Sadly, that smart light switch, plug, camera, or freezer (yes, freezer) that you bought from Best Buy is about to turn dumb.

The good news is that the devices will still continue to perform their basic functions—so not to worry, you won’t be sitting in the dark with a tub of melted ice cream. But all of the “smart” functionality that was once supported by the Connect app will no longer work. To their credit, Best Buy will be offering reimbursements to qualifying customers.

The story raises an interesting question: Should you ever buy a smart device, if they can be hacked, bricked, or simply abandoned by the manufacturer?

In our opinion, it’s all about what you consider an acceptable risk.

Anything that you see on Kickstarter or similar places, for example, is essentially a roll of the dice: There’s just no way of knowing if the product will ever see the light of day. Even if you do end up owning it, there’s no guarantee that the manufacturer will continue to exist for more than a year or two.

This isn’t to say that you should never buy a smart device from a small manufacturer, but you do need to be prepared for the worst. If your device isn’t self-contained, and will require back-end cloud services in order to function properly, you need to assess whether or not you’re willing to run the risk that your product will stop working after a while.

Bigger companies may be somewhat less of a gamble, but are no guarantee of long-term support—as this Best Buy story demonstrates. Devices built for compatibility with HomeKit may be a better bet, given the amount of resources Apple has poured into the platform. But nothing is 100% certain, even with huge companies like Apple and Google. After all, they can hardly be expected to throw good money after bad, and will discontinue services and products if they prove unprofitable.

While we wouldn’t want to tell people to avoid smart devices altogether, we’ll reiterate our basic advice on the subject: Ask yourself if you really need a smart version of whatever you’re thinking of buying. If the answer is yes, remember to do your due diligence and take a closer look at the manufacturer. In the end, if it’s something you’re really dead set on getting, and is made by a company that seems to be in it for the long haul, then go for it. Just remember to follow best practices for IoT security to lock down your new smart freezer!

Join our mailing list for the latest security news and deals