Nowhere is Google’s ambition to bring Android closer to the iPhone more evident than in the areas of privacy and security, from increased Play Store security to completely encrypted WhatsApp calls included into its dialer. Recently, the most recent Android updates were made public, and they include significantly different security and privacy features.
Surprisingly, the first was announced about a year ago and is only now going live. Google has begun rolling out the Find My Network with Google Play Service beta version 24.12.14, according to GApps Flags & Leaks on Telegram. I have it enabled without any form of flags activated.
The new Bluetooth-enabled Android shadow network closely resembles Apple’s counterpart in terms of scope. Possibly billions of gadgets. However, it has been delayed due to security and privacy concerns—apprehensions that it could lead to a fresh round of online stalking.
Due to the delay, Google and Apple have been able to work together to develop industry-standard safeguards against the use of FindMy networks to monitor users covertly and without their knowledge. Now that it’s finished, it should go live with Apple’s iOS 17.5, making room for Google to introduce its own network.
These shadow networks, which are created by crowd-linking smartphones to allow a lost device or tagged tag to find its way home without its own cellular network connectivity, have raised serious concerns about tracking. Since Bluetooth is used for this, a variety of device kinds can connect to the shadow network.
With this upgrade, Apple’s iOS FindMy will be able to alert users to the possibility that a device that isn’t Apple authorized is tracking them, and vice versa. Cross-platform alerting addresses a significant privacy concern that has surfaced, particularly in light of the widespread use of AirTag and similar devices that provide easy tracking.
Similar to Apple, Google guarantees that “user privacy was a key priority when building the Find My Device network.” End-to-end encryption protects location data that is crowdsourced from the network and prevents Google from seeing it or using it for other purposes.
Having said that, privacy issues will still exist, and as with any new service of this size, dishonest people will look for openings to exploit. Overall, considering the benefits of the lost device, it’s worth utilizing; but, as this is rolled out on a large scale, keep a look out for tales of teething problems.
There are security and privacy issues with the second Android networking update as well. As previously reported, Google has released an Android version that allows users to message anybody—not just emergency services—as long as they have a satellite connectivity add-on for their mobile plan, surpassing Apple’s SOS satellite function.
The usage of satellite communication, which has historically required pricey equipment and costly call plans, is not widely understood among mobile users. This has limited it to specialized use cases, such as spooks, sailing, hazardous off-grid settings, and distant research.
The idea of a direct satellite link is more basic than the intricate network of cellular radios, making it more vulnerable to attack. This has been observed when Starlink attempts to resolve denial of service, also known as jamming, when it is utilized in conflict areas. In the realm of defensive communications, such attacks and counterattacks are commonplace, but not in general cellular.
A former special forces operator with extensive firsthand knowledge informed me that “a number of factors contribute to the decreased security of satellite systems, particularly those in low earth orbit.” In contrast to 5G, the attack surface is far larger because it resembles a corporate network attack, where the target landscape consists of the actual terminals, ground stations, or satellites. Consideration should also be given to other vulnerabilities, such as interception and denial of service.
It is obvious that this is not a big deal for the specialized usage of satellite for communications home from extremely remote regions or emergency messages, but it is anticipated that this will become more common. It won’t affect infrequent users in ordinary settings, but the calculation might alter if, for instance, several satellite users depended on these communications in one place.
“Geo stationary and low earth orbit satellite handsets are often issued to troops for emergency communications. Unfortunately, many organizations have come to rely on these and it presents numerous security challenges, not only are they more susceptible to cyber-attacks and denial of service attacks, but given these handsets rely on GPS to function, they present real a risk to those using them.”
As long as you can verify the integrity of the connection, any content that has been correctly encrypted remains secure. “Do we really care about the communication if the data is encrypted during transit?” Ian Thornton-Trump, CISO, states. However, the data’s wrapping is weak. It is still possible to determine device IDs, locations, and any unencrypted traffic (such as simple text messages).
According to Jame Moore of ESET, “it could be vital for those in remote areas or in times of need if used purely as a backup service.” However, when other more secure and privacy-focused messaging services are available, satellite communication shouldn’t be utilized as the default messaging method because it is typically more susceptible to security risks.
Again, not a problem if this is kept emergency-only, but this will only spread due to the growth of LEO-based Wi-Fi and partnerships with movie network operators. Therefore, if businesses intend to rely on these gadgets and networks as an extension of their regular operations, they must catch up.
In order to maintain security, Apple has restricted its Satcom offering to a managed service. This means that it encrypts iPhone communications, decrypts them, and then sends them to the appropriate emergency agencies. The location of the user is also disclosed.
It is evident that Android provides a more extensive messaging service via satellite, hence the corresponding carefully chosen security wrap is unlikely to exist. Ultimately, all the standard security and privacy aspects will need to be taken into account if satcom from an Android device grows to allow more diverse usage.
As cybersecurity analyst Mike Thompson warns, “how many cyber people know its nuances enough to have a sensible opinion on it? Users being in the dark is one thing, the security industry another. Not that there won’t be expertise out there, but I’d question how mainstream it is.”
That’s the crucial aspect. New policies and optionality will be driven by industries with remote locations or the need to centralize mobile connectivity instead of roaming on several types of host networks. It will be necessary to implement extra protection if mobile devices are used to access business networks.