Episode 515 Security With Tim Nash Smartphones and Security

---

Show Summary

The SDM podcast features Rob Cairns and Tim Nash discussing smartphone security. They examine risks, like lost devices and vulnerabilities in apps like WhatsApp, and debate Android versus iOS security. The conversation covers location tracking, the dangers of third-party apps, and the importance of keeping devices updated. They also touch on physical security measures like hardware keys and passcodes, and the ethics surrounding device access and data privacy. The podcast concludes with actionable tips for users to better secure their phones, emphasizing fewer apps and stronger passcodes.

Show Transcript

Hey everybody, Rob Cairns here and today I’m here with my good friend from the UK, Mr. Tim Nash, and we’re going to talk all about security. How are you today, Tim?

I’m doing all right, though. It’s been a very long day doing a very dull and tedious code review. So, I’m quite excited to just talk for a little bit because I’ve had my head code all day.

Has anything interesting come out of such code review? I have to ask.

I not nothing that I could actually talk about too much. But yeah, no, it’s always interesting. It was a really big project that the uh client had and it was last minute and rushed and uh you can it’s fascinating to watch co read these code reviews and go ah yes, this is the point where the client pushed back. Ah yes, this is the bit where you got told you already had an hour to do the work in that should have taken five.

Uh Yes, this is the big

I I hear you 100% and I and I appreciate playing confidentiality. That’s what makes you first class. You just you’re like me. You don’t compromise that and that’s the way it goes. So, um today’s uh podcast it’s called kind of inspired by a book I was reading. So, I’m going to show the book. It’s I it’s hard to make out, but it’s a book called Chasing Shadows. And the book is entitled in red cyber espionage sub version and the global fight for democracy. How’s that for a title? By a guy by the name of Rano J. Tibert who um works with an organization that works with U. He’s uh was called Citizen Lab. He’s done work with the White House, various governments. And where this is going is he talks about that the biggest security and privacy threat is this little device I’m holding in my I like the fact that is blurred on the screen like this little device that we’re not going to tell you what it is.

Oh, we are

now your notifications are showing.

Yeah, I don’t I don’t care about that. There’s There’s nothing showing on my notifications, but this is called a Samsung Galaxy Pixel. Not Galaxy, it’s a Pixel 9 uh smartphone. So, thoughts. Is the smartphone a problem?

I mean, Yes. So I mean we start with the really basics that um you have a smartphone.

I have a smartphone.

What your iPhone?

So I actually have an iPhone. Um

okay.

Uh so I have an iPhone 14 Pro. So it’s a few years old but not that old. Um it still runs the latest versions of iOS. Um I have been only relatively new to have owning an Apple phone. Uh up previous to that, I was always running Android for the last n number of years, 10 plus years. And so this is the first iPhone I’ve had from since like the original iPhone came out. Uh and I chose it in part because of security is worries with Android ecosystem. Uh but also because um I am slowly but surely going more into the Apple ecosystem. And you were talking about a smartphone being an issue. But actually on my wrist is my watch, which is a smartwatch.

You mean the one that’s charging?

Yeah.

Which are which obviously not only are they now we now talking about credit card details, passwords, email clients, etc. This thing is literally taking health data and pumping it into well into in this case into into the Apple ecosystem. Uh but for many people just pumping those into the cloud. ingested by whoever. Um, but we all have smartphones and if we lose them, that’s the keys to our castle completely gone.

Uh, I don’t know if it’s the same in Canada, but certainly in the UK, there’s been this huge push towards uh digital apps for banks to the point that you can’t actually for many there are many banks now that do not have a website. It is just a vanity website and the only way you can interact with the bank is through the banking app. Uh they have no physical locations or anything like that. Uh they’re they’re referred to as uh challenger banks here in the UK, but um the they are basically they’ve cut all their costs by putting all of their money into the into the development on the app side of things rather than having uh physical presence or or websites and other bits and pieces. The consequence of that is if you lo lose your phone, you lose your bank account.

That’s correct.

And that’s terrifying.

Now, the other thing, if you lose your phone, you probably lose your authenticator app, which is just as bad. So, one of the things I did, I went through this uh a year and a half ago, two years ago, I dropped my phone on a bus and I didn’t realize it till I got off such bus. us. So, I did all the right things. I called. I put a stop on the IMEI number, which you can do, which means no carrier will activate that phone. I also put stop on the SIM card, which you can do. I I got the phone back. I should tell you that. But the problem was, where do you think my Google Authenticator app was on the phone? Now I have since changed that there is my Google authenticator app is also on my iPad now it’s in two places

I mean it to until relatively I mean we we are talking years but until relatively recently that wasn’t possible with the Google authenticator app and it was only on one device

and I will also tell you it is possible with the Microsoft authenticator app you can put it on two devices as well so and you say Why am I compromising security? Well, the only one who uses the phone and the iPad, and having a backup is probably a good idea.

I mean, the other option is to uh look at getting a hardware key, somebody like a UB key or a there are Fetian, which is a Chinese manufacturer, but there’s a few of them. Uh but if you’re doing that and you live on your smartphone, make sure you get a one that’s got NFC to to do the tap on the back of the phone.

And then you can spend your life going making silly noises as you’re trying to tap the get you somehow get the key in the right position to find the NFC reader on your phone only to find that the key code gets put in twice because you tap double tapped it.

So I so that’s the route I’ve gone. I also have a a Yuga key for other things. So but you know that’s how much the life is and the biggest problem is I don’t know about you but I you use Apple wallet. I I certainly use my Google wallet. Um I have

Yes. I I mean I use Apple now. Interestingly I don’t use it on my watch but I will use it on my phone and that’s down to the uh the way that the authentication works. Um there are some things I don’t like about so there isn’t a on the iPhone there isn’t a thumb reader. Uh so you can’t do thumb prints uh which I is weird because there are obviously some iPads that do that and the uh Mac um MacBook Pro itself has a touch reader but the iPhone doesn’t. Uh this means that you you can opt for your Face ID and um I initially I was very much hesitant about the Face ID and I still am to a certain extent but the main reason I’m hesitant is that I once obviously had to wear a face mask for COVID and bits. Um and I w with at postcoid I was I I had a cough so I wore a face mask and went and opened my phone and it just opened at which point my brain went this facial facial recognition is a bit worrying when you could obscure twothirds of your face and it can still open up it. Um you could also uh there’s been loads of uh demonstrations where someone’s printed somebody’s face off on a photo and it’s opened the various devices.

Yes.

Um but so I I’m much more if I want to is my wallet. It is a double click to get it to o to get to the open and then it is a put the passcode in and then tap on the device.

But I still find that more convenient

than getting to my wallet, pulling my wallet out, finding the card, tapping or putting the card in. Um, and it does it is a convenience thing versus and that’s as everything with security. It’s that compromise. Uh, do you want something that is convenient and are you willing to accept that convenience and are you willing to accept that there’s a risk to that convenience?

Yeah.

Here the um your Apple bits are normally capped to a fixed amount. It’s normally about £100. Um you can go over in with certain stores and bits, but on the whole it’s relatively low capped and so there is a worst case scenario if your phone is stolen and they could get to that. Um but I think if my phone is stolen there was bigger problems and if they can get in, if they can get in, then they do have lots of access, though not as much as hopefully they could do. For example, uh within the newer stuff with the iOS, you can set individual passwords for applications. So, you can specify, I would like this application to have a passcode, and I would like it to be different to the passcode than it is to get into my phone, which is a really nice feature.

Now, one of the things we you and I have talked about is if you recall back three or four months I went through issues where Google actually charged my debit card not even my credit card my debit card which comes right out of your bank account um money for ads that I never rent and I had to fight with Google which they turned around and refunded and yeti and surprisingly they haven’t shut down my Gmail account or any such things but

I think at the time. That was my bias like, uh, you you’re just gonna lose your account.

So, what I what I ended up doing was the I no longer have a debit card in my wallet. I need something there to pay for transit passes because they’re in the Google wallet. So, I’ve actually got a I went out and got a credit card with a low credit limit on purpose, which I tossed in my Google wallet. So,

see, I use something slightly different in that I have attached to my Google wallet is a virtual card.

Yeah.

And that virtual card has a limit on it. So that

we don’t we don’t have those in Canada unh when you come into the 21st century with the rest of us. You two can have this.

Thank you Tim. So that that’s problem number one. Uh problem number two and uh is geoloccation server and I have to go there because one of the things a lot of time educating kids. And one of the things we teach kids and parents of kids under 18 is if you’re going to give your child under 18 a smartphone, I don’t think that’s necessarily good idea, but each to his own, make sure you turn off the geolocation services because we’ve seen cases where kids have been followed, bullied, beat up, etc., etc., etc., and We always say, “How did they know?” Well, they had geoloccation services on their pictures turned on, on their on everything turned on. And that’s a bit of a privacy nightmare, isn’t it?

I mean, I again, this comes down to the individual devices. And this is a good example again where the uh uh Android versus iOS debate can come in. iOS has got a is a out of the box. Now, Android, the thing about Android is you can customize it. And when we’re talking about Android, it’s stock Android and you can get things like graphine OS or and and and it’s the ilk which are come with really good lock down defaults but by default Android OS is particularly lax about things like the oh yeah and Google just wants to hoover up data let’s face it that’s that’s their job they are they are all consuming they want your data and this is why they made Android in the first place don’t sue us Google lawyers iOS is a little bit more privacy focused and so things like uh the photos that that that meth you can’t by default put that metadata on. You have to actively go through and add the location on there.

And I would argue that actually location tracking for kids is a good example where you as a parent certainly uh you have to weigh that up of do you want to know if little Jimmy’s fallen down the well and where the well is versus

will little Jimmy do something stupid and uh broadcast his location to the entire world

and that comes down to education. I think it’s important that the that the the uh these two things balance out and I wouldn’t immediately say don’t turn this on but it’s more we need to learn how these work and I think it’s important to for little Jimmy to know that you know his mom and dad are watching him if that’s the case because uh the the biggest problem without turning this into parenting advice which I’m not the person to give out but that whenever you have these sort of things education is always the way forward and honesty

I agree I did uh I’ve done a lot of work over the last 20 years educating in conjunction with police forces educators kids on how to enact online and smartphones as an extension of that and I don’t I don’t believe that putting checks imbalances in place is the right way for parents to go. I I believe having those conversations, breeding trust and a dialogue at home, again, I’m not giving parent advice, but from a technology standpoint, I think is a much better route to go than saying you can’t have this because you know what? The minute you do that, they run to our friends, they run to a coffee shop, they find another device, they buy a device that you don’t know they have and it’s off the grid. And then we got a whole new set a problem. So, I I I agree with him. Education is key always.

I have a a friend who’s got a teenager and who is going through through it at the moment with the teenager making bad choices when it comes to not anything scary in the world, just bad choices and like staying up late and playing games and chatting all night long with their friends sort of thing. Uh, and they they went down the route of well, we’re going to block the we’re going to lock down their device.

Good idea.

Next night. same problem. They got past the lock. They got past eventually they were going like we’ve locked down the via DNS and eventually they came and said, “Well, what would you do?” And I was like, “Well, I’m not I I’d talk to your kid and say, stop doing that. It’s hurting you.” But outside of that, they were like, “But what would you do?” It’s like, “I would take the internet router and unplug it.”

Yes.

And they were like, “Yeah, but then we wouldn’t be able to get on.” It’s like, “Maybe you shouldn’t be online at 3:00 in the morning. That is true. So the other things this book talks about and it’s this is a scary. We’re seeing more and more scams through things like WhatsApp vulnerabilities, um, Telegram vulnerabilities, often nation state actors causing these problems. So the average person is probably not going to be targeted, but who knows? And It’s not the typical fishing scam where you have to click on a link. They talks about one case where one of the WhatsApp vulnerabilities what was happening was they’d make a fake call and then the call would disappear from your call list. So you never knew you got the call. But the minute you answered that call, the payload got invoked. Should we be concerned about stuff like that? Or for the average person, should they just say not me.

So, um it there is a uh a well-known Israeli company called the NSA group.

That’s who was involved in it.

Yeah, I was going to say that sounded very much like them. Uh and they they make basically the uh zero day vulnerabilities for state act.

Um now the thing about zero day vulnerabilities is they’re really effective at that zero day, but Unless a um a manufacturer is deliberately and willfully letting it get passed, which you know there there are some people would argue that could be the case. Most of the time they will then get patched. If I have a vulnerability that I know will t get my target and I’ve just spent millions of pounds developing it as a nation state, I’m not going to necessarily want script KDA having access to it until I’ve used it the way I want it.

And by the time script KDA’s got it, everything should be patched. But that doesn’t mean that there aren’t plenty of phones that are going to be susceptible. And one of the big problems um in the ecosystems is when the uh phone update just don’t stop receiving updates. Uh quite a lot of um the more broader Android devices, they tend to be uh we you ‘ve got the stock Android, but you’ve also got like uh OnePlus has their ox, is it oxygen OS? Has their oxygen OS, which is just Android with a different skin on it.

Um, but and there’s plenty of these other examples of these phones and they they have relatively short life cycles for the operating system,

usually two or three years where I think, and correct me if I’m wrong, and I should know because I got a Pixel 9 beside me, I think the Pixel’s up to five or six, and I think Samsung is right behind them. Um, yeah, I think that from what I remember from back in the Android days, you really needed a Pixel, a Samsung, and I’m trying to think the the other one that was on that list to to be get those sort of long-term releases.

Yeah,

certainly comparable to the iOS ones which are again five to seven years sort of length.

And the other thing about the Pixel phones is their agreement with the carriers is what typically happens is um updates get held back by the carrier sometimes. So Samsung will put up an update and the consumer I don’t know how it works in the UK and Canada might not see that update for another month on top of the update. With Pixel updates and iPhone updates contractually they’re not allowed to hold them back. So they come out right away. So one of the reasons I’ve leaned towards the Pixel phone besides the fact I live I worked and live in a Google universe Lucky me. Um, good or bad, I’m not sure. But, uh, that judgment’s out. But the I get my updates right away. There can be some drawbacks. For example, we all know what happened with the Pixel 4a and the battery last month, do we not? Um, Google and their world put out an Android update and all the 4a owners that updated the boss batteries. That happened to a friend of mine.

Oh, dear.

Yeah. So, it went for the battery went from charging to 100% to 20% and you were charging a battery five times a day and all Google did was basically offer 50 bucks or a $100 rebate on a new phone or say go away and you know that was the end of that and argument was

I mean Pixel 4a is four and a half years old. So

that was their argument. You got it. So So there’s that side of it too about pushing updates right away. Um, I would say if you’re really concerned about updates, over me, I’d be going an iPhone or a Pixel every time.

Yeah. I mean, the the one thing about the iPhone is obviously their updates are completely controlled by Apple, not the carriers. I don’t think the carriers have any way of controlling it. Um, this is positive. I guess it’s a negative as well that Apple’s Apple could also uh the iPhone is very much a closed network. You you are sacrif I what you uh gain in okay the iOS is a much more polished device has probably the best out of the box privacy settings of the commercially available without you starting to work on them

devices what you lose is the customization the flexibility and ultimately the control

yes

because I I keep saying iOS is one of the best privacy f today but they also have automatic updates that can over the air that can pump that literally can turn that into something completely different. All it would take is for um Apple to go, you know, we we we really like the way Google’s been doing their stuff. Why don’t we become Google?

And there we go. And instantly it’s like, oh, our revenue is down. We could really do with a subscription model is not working for us. Let’s just start selling customer data because we have access to it. And they could on a flip of a switch do it. Now I think amongst their client base there would be an open revolt and it wouldn’t it’s not something that they would I can see them doing in the short to medium term but even over the last few years they have started to make compromises on their very very strict privacy statements and the very strict way that like no we will not go everything will be privacy focused and you only have to look at some of the uh AI Apple sorry Apple intelligence uh features which are like, “Oh, yes, and if we can’t manage it on the phone, we’ll silently dump it over to our our data center.” And it’s like, “Well, hang on a minute.

You promised everything would be done on the phone.” And it’s like, “Well, we it was more of a we’ll best we’ll try.” So things like that. So, so there even within that ecosystem, there’s creep out. But, uh, yeah, if you, unless you are managing the device yourself, and you can do an Android phone and particularly a Pixel phone, if you’re reach. If you don’t want uh a Google on your Pixel phone, uh you can install something called Graphine OS, which I’ve mentioned a couple of times, which is a privacy focused operating system based on Android,

but things like the Play Store have been stripped out and then you can get it back in a sandbox so that it can’t see the rest of your phone, which means that you can install apps like, I don’t know, Google Maps for example, and Google Maps would not have any access to your contacts. Now, you might think that seems perfectly reasonable, but by default, Google Maps one on an Android will go, “Oh, I’ve got your entire contacts list now.” And when you look on the map, it will go, “There’s Ben’s house.” And you’ll think, “Oh, that’s really good.” But of course, all of that data got fed into the cloud. So, Google now knows there’s Ben’s house. So, true. Um, what I would say, you know, this Android versus iPhone debate’s never going to go away. I’m not a big fan of these debates, I got to tell you. But one of the things I always say is for seniors and for non-technical people, go get an iPhone, please. And I’m an Android user. So, I look at my partner Tis. She Tis is not technical. She’s had an iPhone for years. She just upgraded a year and a half ago. Her father has an iPhone. Her sister has an iPhone. My son, who doesn’t like doing technical stuff, has an iPhone. My 8-year-old mother, who doesn’t like doing stuff, has an iPhone. And what do I have? An Android because that’s the way it is.

I mean, it’s it is very much down to preference. And I Yeah, I I’m not sure where when this phone uh when I get to the sort end of life for this phone, which is probably going to be in a couple of years time. I I tend to rotate through at about five to six years mark. Um I don’t know whether I’ll go back to uh go carry on with my iPhone or an Android, but I have to say uh I’ve had a lot less problems and I but I’m wondering if that’s because I’m finally using it as it’s meant to be used as a just a device and I’m not tinkering with

anyway. That’s probably it, too. It’s funny. I just went to the Pixel 9 two weeks ago. I upgraded from the Pixel 7 Oops. And there’s a there’s a convoluted story there, but I won’t get into in this podcast, but that’s another story for another day. And when I did the upgrade, one of the things I did was I have no notifications showing on this phone except for text messages from certain people and phone calls from certain people and everything else is screened and everybody all of a sudden hates me because I have become so hard to get hold of again.

So

yes, silencing notifications. Now if we can most man I think actually it’s not nothing to do with operating systems. If we can just get notifications turned off then our phones would be a lot better places.

Yes, they would. Um so we’re talking about phones. So we’ve talked a little bit about security updates. We’ve talked about a little bit about uh other stuff. Um and as we go. Speaking of phones, guess what’s ringing in the background, which I’m going to go in nowhere near, but anyway, we’ve talked about all that stuff. Um, and we’ve talked about some vulnerabilities like WhatsApp and banking concerns and wallet concerns. What else should you be aware of with your phone?

Um, so we we’ve talked about the the sort of like the general banking bits. Um, couple of things that are really are obvious is that You know, if you have your email on your phone, then you if you’ve got email and you’ve got sensitive information going to your phone, we search meant notifications, but actually you can on on whether whichever operating system you’re choosing, you can control what notifications are shown to the screen when it is locked.

That’s correct.

And so I’m always amazed when I pick up somebody’s unlocked someone’s locked phone and go, “Huh, really? That colonoscopy Oh dear, poor them. Scrolling as you’re sort of scrolling through their notifications on their locked phone. So, um, at least for me, if if I know that the is the chat if it’s a communication channel, I make a point that it doesn’t it can show not that I have a notification on the lock screen, but it shouldn’t say what that notification is and who it’s from because that’s uh information that somebody other than I’m I don’t need to know. at the lock screen what that notification is because if it’s if I expecting the notification I will open my phone and if I need if I need to read the notification I have to open my phone anyway to action it. So they it makes no sense to have to have that information publicly available. So that’s one thing I would think of. Uh the other thing is to we again alluded to contacts um your contacts list is something that you’ve grown over many times. I wonder how many people have now uh this may be a good time that the uh for uh uh Google to step in and say, “Hey, we do this for you.” Uh but you if you’re storing your contacts on your SIM card, then when you lose your phone, you will not have access to those contacts because you’ll have lost them. Now, most modern phones by default do not store to the SIM card. Instead, they store to the cloud. which is a pro and a con because obviously you’ve just given that data to somebody uh be it Apple, be it uh Google, be it a third party if you’re using a third party service. Something that I’ve seen a lot of recently is a lot of these uh third party will sync your contacts amongst different devices, your Apple device and your Android device.

And they’re all really bad and they all involve stealing contacts and holding them in

of course somewhere. So, uh don’t use those apps. If you see anything that’s like, oh yeah, we can transfer the your contacts or we can convert your contacts. Um I I can’t remember why I wanted it, but I was looking for something that would store my contacts as uh Cal contact the old CalDev style contact vards um so that I could utilize them in multiple places. And yeah, the the amount of scammy horrible apps I found it was terrifying.

It’s awful. Yeah.

Which I guess leads on to scammy, horrible, terrifying apps and people just downloading any old crap to their phones and then wondering why their phones are slow and why they’re where their data’s gone.

Yeah. Yeah. It’s true. And and while we’re at it, the biggest app that everybody’s downloaded to phones lately is this new AI app. from China. You know which one I’m talking deep.

Is it Chat GBT?

Yes. And the biggest problem with DeepSync is privacy. Where is all your information going? Back to China.

I would point out that the it’s replaced chat GPT. And the biggest problem with chat GPT is

is privacy.

Privacy. And where’s all your data gone?

Yeah, I I would I would

I’m not sure when you’re when you’re the little person who it does it There are obviously there are differences between sort of like data going to the United States versus data going to China. But when you’re the tiny little person, ultimately your data is not yours anymore and is gone to whoever where in whatever whenever you’re installing these sort of things. I I’ve seen a lot of uh press about DeepSeek and people going through its terms and conditions and going, “Oh my god, insert, you know, they’re going to they can do this with your data.” And it always makes me laugh. It’s a bunch of people who if you then went yes but those are the same terms and conditions as chat GPT because there’s a reasonable chance that Deep Seat just copied it.

Yes.

Including the terms and conditions.

One of the things I would hazard anybody to do and Apple’s been taken to a task on this and it’s not Apple’s fault. Johnny has a heart attack and dies. And the only way into His phone is facial recognition. And Mary, his wife, wants into that phone to get some information. She can’t get in and she calls Apple and Apple says, “Go away because we’re privacy focused.” What I would suggest is even if you’re going to use facial recognition or a fingerprint, you might want to set up a passcode and store it in an envelope in your safety deposit box in a safe. Um, I know in my case, I’ve got it in a a safe in the house that says if something happens to me, open this envelope. There’s other things in there like bit warden and passwords and, you know, other interesting stuff. But

no, no, just to check, where is the safe exactly in your house?

I’m not helping you with that because this is a live podcast. That’s that’s not going there. And and it doesn’t look like a safe, so that ain’t going to help. Okay, just like that. But the point I’m making is make sure somebody can get into that device that you trust besides you in case something happens. So in my case, my partner Tis and it’s a running joke. We have no secrets. So she’ll pick up my phone without even asking me key the PIN number in and go find what she wants because I have nothing to hide. But there are people who have a lot to hide. I.e. James who’s got a mistress and is hiding his phone from his significant other. And

do just to check, do I know James?

No, you do.

Are we going to have a conversation after this call about James?

No, we’re not. We’re not.

So, but the point the point I’m making is if you’ve got nothing to hide, you should be able to trust somebody with a backup to get into your phone. And it’s actually a good idea.

I’m I’m going to sort of counter that. this and I’m going to go a little bit dark I’m afraid.

Um if you are in a position where you have a phone that you need to make sure that nobody does know it’s there

uh throughout and if it’s especially if it is an Apple phone or a modern Android phone that’s running uh up to-date version of Android OS governments most western governments have access to an emergency broadcast system that will allow you to send a alerts to the phone for natural disasters, vac

stuff. Um, now when those messages are sent, the phones make a very loud beeping noise and put the message to the screen.

Yes.

In some cases, they’ll do that when it’s in sleep and even when it’s turned off if there is a battery associated with it.

That’s correct.

Um, so if you are and this is a potentially if you’re a victim of domestic violence, but also if you were having a middle If you were having an affair and want wishing to hide hide your burner phone, um you might within the settings, you can go into the settings and disable emergency alerts. Now, obviously don’t do that if it’s your primary phone because they are vaguely useful. You might want to know whatever they’re being alerting, but if you have that secondary phone that you need to keep secret, uh the last thing you want to do while there is an emergency going on is having to explain to somebody why the why where your second phone is from. So yes,

uh this is came to mind because uh last year in the UK we had this like

uh whole nationwide alert test alert that’s part of rolling out this system and we did a lot of work ahead of time to try and encourage people in that exactly that scenario to turn off their phones and to turn off the settings and tell them that turning off the phone might not be enough. And uh there was uh sadly there was a noticeable statistical spike in domestic violence in the week following uh which makes the fact that that message didn’t get pushed out. So if you know anybody who you think might need a have a second phone or that they might need a second phone and they need to be it to be secret, do them a favor, help them configure it and turn that off.

Yep. And the other the other problem is because these are tracking devices and in the iPhone case in conjunction with an Air Tag. They have a lot of great uses. Um, Android also has an equivalent to the Air Tags now, which I actually put one in a piece of luggage when I travel.

So, if my luggage goes away, I can find it. But the other security side of that is what happens if I put the Air Tag in my spouse’s car who I’m trying to control. You got to look at the other side of it, right?

Yeah. And and and well, again, the the both Apple and Android have made this effort to try and fix this sort of you can’t truly fix it. You know the Apple’s first attempt was oh well we’ve put a speaker in it so after if it’s if the it tags gone out of your range for or your given location for more than a day it will start to beep and people just opened it up and unplugged the speaker. It’s like oh and then they were like well okay we’ll notify people around you and it’s like yeah but I tr you know they all you need to do is to have a uh a spouse who you travel with backwards and forwards regularly enough that they’ll get the notification a couple of times then they’ll ignore it the next time they see it. So the these things wherever you have something that’s designed for good it’s inevitably somebody is going to abuse it. Um I I really like my Air Tags and uh for you know personally they they’re really useful for me to track my luggage. I have one in a couple of other places. that I use for that sort of tracking and it works so well.

Yeah, my mom you my mom uses one exactly for the same reason that Eddie when she flies she knows exactly where luggage is exactly how and it’s it solves problems like you wouldn’t believe.

Yeah. I mean it’s even if it’s something as silly and as and very first world problem as going when you get to the bag carousel going, “Oh, I need to be on this one.” Because you can just see where your your your bag is because in an airport it’s pro there are enough devices around that you can pinpoint more or less to within a couple of meters.

But it that comes at a cost and right back at the beginning of this we talked about the idea that you know the

phones are convenience versus security and compromise and air tags are exactly that we if we allow them to exist because they’re convenient which we have done we are also accepting the risk that they will be abused. But I would argue that GPS trackers have been a thing in every spy movie. And you there’s a there is a a spy shop on the outskirts of Leeds that I’ve always wanted to go into because it looks just like the shadiest

place possible.

But uh you know, you could buy a GPS tracker for not pennies, but not that much more than an hair tag and people have been able to do this for a very long time.

Yeah, that’s what happens when we watch Bond, James Bond, you know, it’s and and that’s I’m such a fan. So, and it always shocks people like I’ll be out with Tis and she’ll pick my phone up off the table and say, “I need to check something.” She won’t ask and she’ll just and people look at me and say, “Did she just log in your phone?” Yeah, she did. Because I don’t have a security. I have a trust. Back to our whole conversation around security. in trust. I don’t have that issue. She can log into my phone. There’s nothing there. She can do what she wants on my phone. There’s nothing there.

And because Rob doesn’t ever uh buy her any presents, I’d buy she can always have a wonder through his email.

Yeah. Thank you very much. What are those charges? Um as we wrap up, uh three quick takeaways to to make the person secure with their phone. What are they?

Uh put you on the spot if they can. Yeah, you have. Um, make sure your phone is actually up to date. Uh, is number one.

Quite often phones automatically update at night.

Uh, so make sure your phone is plugged in and charging at points where it can get an update. It is very easy for you to miss two or three updates on your phone. Uh, if you are taking your phone out and about into public, you should have a decent security lock on it. Um, whether that be facial recognition But always as have a backup ID pass code going through. And um number three is if you if it doesn’t need to be on your phone, don’t put it on your phone. I think actually that’s we should we haven’t touched that at all, but actually I think that’s a really useful piece of advice. If your email if your work emails don’t need to be on your phone, don’t put them on your phone. Both both for your uh better life, but also for better security. Uh anything we don’t need on our phones, the better they’re going to be.

So True. Wonder the reasons aside, I do not have any social media on my phone anymore. So, there you go.

And nor do I. Um,

yes,

it it is it is a very strange feeling.

There’s there’s a bet going on right now with my other half and some friends on how long this little experiment is going to last.

How long has it lasted?

14 days in counting. Oh,

okay. Oh, a youngster. I I think I I gave up Twitter about three years ago. on my phone. Um, and I was much better for it and then I stopped and yeah, I’ve been very good things like Blue Sky even briefly I had LinkedIn on to upload some videos but I took it off immediately afterwards and I I I I yeah I feel much better for it. It’s one of the nice things not having that on my phone.

Yeah.

Have to ask Tim, do you have any workshops coming up or are you still in workshop hold mode?

I’m still in workshop hold mode. I’m actually um mid record mid prepping to do some recordings. So next week I’m actually sitting down to do some recordings.

Awesome.

For so that should all be coming out towards the end of March, April time. But yeah, I’ve been I thankfully swamp with work that is coming to an end. So uh if people want to hire me, they are more than welcome to.

And how did they get a hold of you to hire you?

Uh timash.co.uk. Uh if you go there, uh you can get hold of me, book a call, love to have a chat with you. I do all sorts of uh things that are tend to be WordPress security but not necess WordPress. Uh but uh yeah, I do site and code reviews for people and uh I’m I’m finding I’m doing more and more compliance stuff at the moment which uh is a mixed bag. I sort of like it sort of don’t.

Yeah, it depends on the flavor of the day, right Tim?

Yes, indeed.

As always, my friend, thank you very much and we’ll talk to you soon. Appreciate you.

See you next month. Bye