Category Archives: Privacy

Apple and Bug Bounties

Posted on 2021-09-24 by Graham

I know that there are bigger problems to discuss about Apple’s approach to business and partnerships at the mo, but their handling of security researchers seems particularly cynical and hypocritical. See, for example, this post about four reported iPhone 0days … Continue reading →

Posted in AAPL, Privacy, security | Leave a comment

There’s more to it

Posted on 2019-03-28 by Graham

We saw in Apple’s latest media event a lot of focus on privacy. They run machine learning inferences locally so they can avoid uploading photos to the cloud (though Photo Stream means they’ll get there sooner or later anyway). My … Continue reading →

Posted in AAPL, Privacy | Leave a comment

Is privacy a security feature?

Posted on 2012-05-27 by Graham

I’ve spoken a lot about privacy recently: mainly because it’s an important problem. Important enough to hit the headlines; important enough for trade associations and independent developers alike to make a priority. Whether it’s talks at conferences, or guiding people … Continue reading →

Posted in Privacy, software-engineering | Leave a comment

More about the privacy pledge

Posted on 2012-03-25 by Graham

Plenty of you have seen—and indeed signed— the App Makers’ Privacy Pledge on GitHub. If you haven’t, but after reading it are interested, see the instructions in the project README. It’s great to see so many app makers taking an … Continue reading →

Posted in Business, Data Leakage, Privacy, Responsibility | Comments Off

On privacy, hashing, and your customers

Posted on 2012-02-08 by Graham

I’ve talked before about not being a dick when it comes to dealing with private data and personally-identifying information. It seems events have conspired to make it worth diving into some more detail. Only collect data you need to collect … Continue reading →

Posted in Business, Crypto, Data Leakage, Privacy, Responsibility | Comments Off

Don’t be a dick

Posted on 2011-09-06 by Graham

In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading →

Posted in Data Leakage, IANAL, Policy, Privacy | Comments Off

A site for discussing app security

Posted on 2010-12-04 by Graham

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading →

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

Posted on 2010-12-03 by Graham

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading →

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment

Look what the feds left behind…

Posted on 2010-02-22 by Graham

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only … Continue reading →

Posted in Data Leakage, government, NSConf, Policy, Privacy | Comments Off

It’s just a big iPod

Posted on 2010-01-29 by Graham

I think you would assume I had my privacy settings ramped up a little too high if I hadn’t heard about the iPad, Apple’s new touchscreen mobile device. Having had a few days to consider it and allow the hype … Continue reading →

Posted in Encryption, iPad, iPhone, Malware, Privacy | 1 Comment