Smartphones

[Bletchleyite]

You may note we didn't get the headphone socket back though, however large the phones get! Another irritation of modern life.

To be fair I'm loving the modern type of Bluetooth earphones, the ones with a charger case pioneered by Apple. No cables to catch on things.

I agree entirely that identity theft is catastrophic, but the problem is that we're now tying up all of our identity information and proof into one object that is remarkably easy to lose or get stolen. No longer having your phone, for whatever reason, would cause so many problems that you may never catch back up.

It does cause an issue, but you can, by phoning your network from another phone or landline, get a SIM with the same number sent out pretty much immediately, so you're only knackered for a day or two. Lots of people often change their number, but there is no reason for you to ever have to unless escaping harrassment, something that won't be experienced by very many people to the extent of needing a new phone number, particularly now both iOS and Android allow you to block numbers.

But worse than that is that, by putting all your identity information and proof in one object - if that gets compromised in some way by the bad guys, the results are disastrous. And as IT professionals we're both well aware there will never be a system that can't be compromised *somehow* by sufficiently determined people.

That is a bit of a downside, but remember that 2FA is in addition to your password, not instead of it. It thus cannot be less secure by definition. It is at least as secure as your password alone. 2FA is a very good idea - you need "something you know" AND "something you have". Though putting the "something you know" into the browser so it automatically populates it breaks that and so is a very bad idea! (A proper password manager like Keepass with a suitably complex key is good, though).

 

[JamesT]

The SE will probably last a lot longer though, particularly around software and security updates where even Android flagships are hit and miss in terms of long term support. I have the 2020 model that I bought in 2020, while I'd like 5G I am not going to upgrade for it, in every other respect the phone feels new and fresh. The idea is that the SE can be made cheaper because it reuses the expensive machining and tooling from an older model. It's surprising that the 2022 is unchanged, but I suppose it offers an option for those who don't want Face ID and the notch.

I don't notice the screen as being particularly low res, I haven't seen pixels since Apple launched "retina".

The Apple support lifetime is the big advantage. The SE 2020 is basically an iPhone 11 in drag so gets the same support.
I'm not one to chop and change my phones, my current Nokia is coming up for 3 years old and is still fine. (Apart from security updates about to run out)
I thought that I would be happy with a smaller screen, coming from my previous phone which was 4.7" 1280x720, but I've found I really like having the real estate of 6.3" 2280x1080. (The SE is 4.7" 1334x750). If Apple were willing to copy some other vendors and stick the fingerprint reader on the back they could get a bigger screen into a chassis of a similar size.

Used is sometimes not a bad bet for Apple kit, as there are plenty of people who always have the latest model, and they can get more by selling privately than trading in, just like with a car.

I'd be more tempted by used if I had more confidence that the batteries on them weren't likely to be knackered. To some extent the answer to that is to buy from somewhere like CEX where they supply a warranty on their used kit.

 

[najaB]

What if I lose my phone, or it is stolen? What if I don't have it with me? What if it isn't charged, or isn't getting a signal? What if I'm abroad? It makes things that were previously simple, significantly more difficult. Of course there are important trade-offs between privacy, convenience and security to be considered, but I don't like this trend one bit, for all manner of reasons.

Almost all 2FA will have multiple channels for authentication. For example, Microsoft push notifications are backed up by TOTP codes and my bank push notifications are backed up by card reader generated codes. So either will work when I don't have a signal or with another device.

 

[Bletchleyite]

I'd be more tempted by used if I had more confidence that the batteries on them weren't likely to be knackered. To some extent the answer to that is to buy from somewhere like CEX where they supply a warranty on their used kit.

Yes, given how people abuse smartphones buying from a dealer with a warranty is more sensible than buying from a randomer on fleaBay or wherever. And in a CEX* shop you can walk in and inspect before you buy.

* I believe "Computer EXchange" is where the name originates, but it is an obvious play on slightly ruder words. Two ways to pronounce it, like the Scouse word for trousers** or, well...
** Kecks

 

[sor]

The Apple support lifetime is the big advantage. The SE 2020 is basically an iPhone 11 in drag so gets the same support.
I'm not one to chop and change my phones, my current Nokia is coming up for 3 years old and is still fine. (Apart from security updates about to run out)
I thought that I would be happy with a smaller screen, coming from my previous phone which was 4.7" 1280x720, but I've found I really like having the real estate of 6.3" 2280x1080. (The SE is 4.7" 1334x750). If Apple were willing to copy some other vendors and stick the fingerprint reader on the back they could get a bigger screen into a chassis of a similar size.

I'd be more tempted by used if I had more confidence that the batteries on them weren't likely to be knackered. To some extent the answer to that is to buy from somewhere like CEX where they supply a warranty on their used kit.

The new iPads (except the pro) have a touch ID built into the power button, so maybe that's showing a future direction of travel if Apple wants to offer a choice.

"At least" the iPhones now have the battery health thing so you can get an idea of that right in the shop, and of course if the price is exceedingly good you can get it swapped out for like £50-70 from the Apple Store or approved servicer. Another area that Android manufacturers are severely lacking.

 

[Bletchleyite]

The new iPads (except the pro) have a touch ID built into the power button, so maybe that's showing a future direction of travel if Apple wants to offer a choice.

Removing the fingerprint sensor entirely in favour of Face ID (which unlike some Android phones isn't easy to fool using a photograph) is Apple's direction of travel, but a particular type of camera is required to do it securely. I believe that's the reason the Macbook doesn't do it.

 

[Domh245]

Landline numbers didn't create a detailed profile of your movements and activities, combined with the contents of your emails and your web searches and history. The privacy implications are significantly different - but I don't want to derail this thread in the way I often do on such matters, so let's leave that at that for now.

I'm curious about this - a mobile phone can certainly create a detailed profile of movements and activities, along with emails, web searches and histories, but that should be separate from the mobile number!? All of the emails, web searches and histories are associated to a user account (ie email) which will probably have the mobile number associated to it, but I didn't think it was possible for someone who knows only your mobile number to access the 'non-telephone' aspects of your mobile unless that's also been breached and they can link the two together (though there's probably easier ways to find you in the leaked data than searching by mobile number!)

 

[GusB]

I've recently purchased a Moto g22, which I'm absolutely delighted with so far. I bought it direct from Motorola for £130 and it included a free speaker which I'm informed will arrive separately. It has dual SIM capability and a slot for a micro SD card (my previous phone was either two SIMs or one SIM and an SD card), battery life is very good compared to my old phone and, as far as apps go, it's pretty much stock Android. This one also has WiFi calling, which is more of a downside - I was often quite happy not to have a signal in the pub - but I can switch it off if needs be.

Oh, and it has a headphone port!

 

[MikeWM]

To be fair I'm loving the modern type of Bluetooth earphones, the ones with a charger case pioneered by Apple. No cables to catch on things.

I'm a Luddite on this, the last thing I want is something else to have to remember to charge!

It does cause an issue, but you can, by phoning your network from another phone or landline, get a SIM with the same number sent out pretty much immediately, so you're only knackered for a day or two.

Assuming you have a contract with the network, yes. Rather harder when you're on PAYG as I am, because I use the phone sufficiently little that I don't need to spend money on a monthly contract. I don't feel I should have to do so just for 'security' purposes, and it is very poor that this is the way the world appears to be going.

That is a bit of a downside, but remember that 2FA is in addition to your password, not instead of it. It thus cannot be less secure by definition. It is at least as secure as your password alone.

None of which helps if, for example, there is a 'forgotten password' mechanism that somehow will end up being accessible via the same compromised phone (eg. via your email app).

Or for example, some banking apps that have a 'show your PIN' function, which is extremely helpful to someone that just swiped your phone and wallet.

I feel it is getting harder and harder to keep on top of making sure everything is sufficiently silo'ed to make a bad guy's job hard. And I pretty much know what I'm doing! Many people don't, and indeed some can't.


--

I'm curious about this - a mobile phone can certainly create a detailed profile of movements and activities, along with emails, web searches and histories, but that should be separate from the mobile number!? All of the emails, web searches and histories are associated to a user account (ie email) which will probably have the mobile number associated to it, but I didn't think it was possible for someone who knows only your mobile number to access the 'non-telephone' aspects of your mobile unless that's also been breached and they can link the two together (though there's probably easier ways to find you in the leaked data than searching by mobile number!)

Well, it depends on whether you've got an Android phone or not I suppose.

Yes, for other types of phone the two things will be in separate silos and it would require the police or similar to fit them together.

 

[Bletchleyite]

Or for example, some banking apps that have a 'show your PIN' function, which is extremely helpful to someone that just swiped your phone and wallet.

Yes, that's an incredibly, incredibly stupid feature somewhat akin to writing it on the back of your card.

Monzo require you to enter the CVV, take a photo of some photo ID and make a selfie video saying it's you so that can be checked against the ID (the reason for a video is that you can tell it's of a person and not just a photo of them). That seems to be secure enough. No doubt they've also recorded that I went part way through the process to see and aborted it, and if I was to do that too often it'd be seen as a fraud flag.

 

[najaB]

I'm curious about this - a mobile phone can certainly create a detailed profile of movements and activities, along with emails, web searches and histories, but that should be separate from the mobile number!? All of the emails, web searches and histories are associated to a user account (ie email) which will probably have the mobile number associated to it, but I didn't think it was possible for someone who knows only your mobile number to access the 'non-telephone' aspects of your mobile unless that's also been breached and they can link the two together (though there's probably easier ways to find you in the leaked data than searching by mobile number!)

Never let logic, facts or reason get in the way of paranoia.

Or for example, some banking apps that have a 'show your PIN' function, which is extremely helpful to someone that just swiped your phone and wallet.

Normally that requires you to sign in to the app. If you are worried that someone can get access to your phone, just don't stay signed in to the app (or don't use the app at all) - or make sure that you aren't using an easily guessed phone PIN. Good luck guessing my six-digit PIN before the phone locks you out completely.

 

[roversfan2001]

Yes, that's an incredibly, incredibly stupid feature somewhat akin to writing it on the back of your card.

On every banking app that I've come across, the device has requested authentication to view the PIN. I use Face ID, but I assume the phone password works too (and Touch ID for the more primitive smartphones).

 

[Bletchleyite]

On every banking app that I've come across, the device has requested authentication to view the PIN. I use Face ID, but I assume the phone password works too (and Touch ID for the more primitive smartphones).

Unfortunately it's possible to work out phone passcodes and patterns, e.g. by looking at fingerprints on the screen. It's not as secure as you'd think, so it really does need more.

To transfer money from Monzo (as distinct from a contactless payment) I have to unlock (Face ID) and enter the card PIN, I think that's better though does mean the card PIN could perhaps be snaffled from the screen unless you actively wipe it off afterwards.

 

[D365]

The SE starts at £419, that’s not cheap. My current phone was £250 new and that’s the most expensive phone I’ve ever bought. The SE is a strange phone, it has the guts of a high end model but in an older shell with a small and comparatively low resolution screen.

You’re right; I find that iOS more than makes up for the premium, but that is just my stance.

 

[najaB]

Unfortunately it's possible to work out phone passcodes and patterns, e.g. by looking at fingerprints on the screen. It's not as secure as you'd think, so it really does need more.

Patterns, yes. Passcodes/PINs much less so. A four digit PIN (the typical shortest allowed) is ten thousand permutations, most phones will tarpit you after four or five attempts failed attempts (lock you out for several minutes) and block the device completely after a sizable number of failed attempts.

Unless you are super unlucky and have your phone stolen immediately after having cleaned the screen and then unlocked the phone, it's unlikely that a thief would be able to figure out the four digits in your passcode from fingerprints on the screen. Try it yourself on your own phone (assuming you have a PIN) - could you figure out what the digits are in your PIN? If your phone is like mine you probably just have a mass of smudged fingerprints all over the screen.

Could someone with nation-state levels of technology figure it out by the different wear levels at a microscopic level? Probably. Your average phone thief? Almost certainly not.