The iPhone Is Not Safe, Android Phones Are Not Safe, Nothing Is Safe

In the last few weeks, nearly everyone (including us) has praised Apple for remaining steadfast in their refusal to help the FBI break into an encrypted iPhone. In the midst of all that praise, we forgot one thing: breaking into Apple products sometimes isn’t all that hard.

A team of researchers at Johns Hopkins University recently discovered a way to access and decrypt photos and videos sent via iMessage.

First, they intercepted an encrypted message sent from an phone running outdated software by creating software that poses as an Apple server. Then, they were able to repeatedly guess at a 64-character decryption key that corresponded to an encrypted photo on Apple’s iCloud servers. Once they found the correct key, they could download the photo from Apple’s server and view it.

If you are busy patting yourself on the back over owning an Android phone and therefore being free of this problem, stop patting. Fewer than 10% of 1.4 billion(!) Android phones are encrypted, while iPhone encryption clocks in at a 95% rate. Why so low? Likely because Google licenses Android absent any requirements in that department.

Google gives away its Android software to attract more users to its services. Google requires device makers to comply with certain requirements to use the Android brand and key Google services such as search and maps. Ultimately, though, device makers are free to use the software as they wish.

Bottom line: everything is unsafe and you should probably return to carving hieroglyphs on tablets you then bury in the desert or using carrier pigeons or something.

Featured image: “ Thief or hacker hacking smartphone by key” from Shutterstock.


  1. Avatar B9bot says:

    The iPhone is a lot safer then any Android period.
    Only 2% of Androids have the latest OS. There store software is 99% malware infected. Google does not care about security all’s they want is your information.

  2. Avatar Wade Mason says:

    While I appreciate the message of this article, I’m a bit concerned about the chosen example. The iMessage weakness is not a phone issue, it’s a delivery issue. For photos to be seen, they have to be captured in transit. Once the message is sent and received, it’s no longer vulnerable at all. And, of course, it will patched soon, I’m sure.

    My point is just that a message being intercepted in transit doesn’t expose ones stored data, health info, credit cards or anything like that.

Leave a Reply