Unless you can see what it's doing, you have to trust that the software running on your mobile device is for your eyes only
We're going to spend a bit of time talking security on Talk Mobile 2013 this week. A lot of the discussion is going to be about what you share online, with or without your knowledge, and ways we can keep our mobile devices secured when they leave our hands. It's all very important stuff, but there is one other thing I want to bring up, and that's what I like to call the transparency factor.
To put it simply, the only time you can trust any software is when you can read the code and see what it is doing. Maybe you (and often times, me as well) don't understand all of it, but rest assured someone out there does. And they are looking. Putting code online for peer review is the only way independent third parties can see what it is really doing. And that can be pretty damn important.
We've seen that there are several backdoors written into Windows, and that BlackBerry, Nokia and Apple appear to have built methods for the Indian Government to get in to their respective phones and tablets. I'm not talking about the recent NSA scenario, which may or may not open all your web services to third party snooping. I'm talking about the core functions of the OS itself. The software on these devices was allegedly written with a built-in way for someone else to have a look at what you're doing. The NSA reading your Skype messages means little if they already have a way inside your phone or computer because it was designed for their access.
Look at your phone. Is is running software that isn't open-source? Most are, including plenty of Android-based phones. You have no idea exactly what your phone is doing when you power it on. Is this a problem? Maybe. To a lot of people, it means little. They have nothing to hide, and aren't concerned about who has access to their phone software, or what they might be doing with it. That's OK. I'm not too concerned about what any government or military agency might find in my email or chat history, either. But I am a little concerned that they may be able to do it because the company I bought my phone from made it easy for them and didn't bother to tell me.
Thankfully, there are alternatives. Android, as written by Google is open-source, as are some other mobile operating systems like Ubuntu Touch and Tizen. Any backdoors built into the code on devices running this software would quickly be ferreted out by people smarter than us, and you would read all about it at every major web publication. I thoroughly enjoy using plenty of closed source software. Now that iOS has broken it's dependence on iTunes a little, I think it's a fine offering. I've used Blackberries for years. I also think the new Android phones from Samsung and HTC are pretty damn spiffy. But I don't pretend to think that they are secure, because I just don't know. And truthfully, neither do you. Maybe Richard Stallman is right.