Skip to main content

John McAfee (yes, him) on security and Android

John McAfee
John McAfee

A last minute change to the schedule at the Big Android BBQ this year looked almost like a joke on behalf of the event staff this year, but sure enough on Thursday afternoon a room at the Hurst Convention Center overflowed with people eager to hear the one and only John McAfee — namesake of the ubiquitous software suite — talk about users paying closer attention to personal security and being aware of just how important privacy is.

The core of the talk was a focus on Google not taking responsibility for apps that request far more permissions than they need, and users installing apps without much consideration for what those apps have access to. While several parts of McAfee's platform seemed out of date, that didn't stop him from pushing out his larger message.

According to McAfee, those who are unable to adapt to the technology in front of them and accept privacy as a personal responsibility are eventually going to find themselves removed from the gene pool. It's a strong message, and especially with Android 6.0 being delivered all over the world this week merited a few follow-up questions.

So we sat down with McAfee to get some more details.

What do you think is the best out-of-the box solution for permissions management?

JM: Any permission that is not necessary to the function of the application is excessive, is it not? If you're a flashlight app, you need access to the flash and nothing else. If you're a Bible-reading app, you need access to the speaker. What we need is 10 people to look at all the new apps submitted to Google Play and asking why those apps need access to permissions that seems excessive.

So you think Google should act as a sort of bouncer for apps that are asking for more than they need?

"It's Google's problem, they're the geniuses. They're the techies."

JM: It's their Google Play! They are the ones making money off of it. I should expect, if Google is an established and reputable company, that if I download an app from Google Play they will have validated that this thing is not asking for excessive permissions. If it is, why? Isn't that the question? If it's excessing, you're doing something devious. What are you doing with that data? Why do you need access? If you tell me why, I can make a decision. Google should be paying for that, not me.

With Runtime Permissions in Android M, none of that information can be accessed until you agree to the individual permissions.

JM: But here's the problem: We all say yes. It's just like Terms of Service. We're users. What do we know? The app says it needs access to my emails, I don't know. Not enough people are technical enough to analyze whether that's a sensible thing. It's Google's problem, they're the geniuses. They're the techies. So, no, I don't care about the runtime stuff. If they aren't doing runtime checks, then all of the Google execs should be in jail. If an app is allowed to gain access to more than it says it wants access to, go straight to jail. We need more than that, and the more is looking at the app and using some common sense. If it's a game, why does it want to read my text messages? They need to call the developer and find out why, and if the answer is unreasonable they need to go home and fix it.

I feel like you would also run into some Terms of Service behavior in an explanation environment. Is the problem that not enough people are asking why when looking at apps?

JM: No one is asking that question. I'm asking everyone to ask that question. Nothing in life is free, and if you think there is something free in life you've missed the point somewhere along your path. The things that are projected as free, you're paying four or five times the market price in some other way. They're coming at you from all sides. If nothing is free, wouldn't it be better that we paid a dollar for that app and knew we were safe? Why don't we go back to that old formula where you get what you pay for? Is this game worth $4? My friend says it is. Just pay the money, clear the slate, and then don't worry about what insidious things your frozen free fall is doing behind your app. This is the direction we need to go, or we will be living in chaos, I promise you. Why? The app world is exploding at a horrendous rate, and if we don't put some controls in place the app developers will rule the world and we will become the slaves. We won't even know how it happened.

"If we don't put some controls in place the app developers will rule the world and we will become the slaves."

We'll wake up one day and an app developer will say "Hey, we own your house now." Well, how did that happen? "Well, it's a complex process. Here's the court order. Move out." This is not beyond the realm of possibility. All I'd have to do is unionize the app developers. Tell them to stop fighting one another, stop fighting over pennies and start looking at how to get dollars or hundred dollars instead. You've got a world power that has no locale, that has no recourse if someone wants to slap them around. We're headed in a bad, dangerous, insidious direction if we do not realize the state we're in. It's Pandora's Box. It's a beautiful little box, and when we opened it, smartphones came out. It's everything I've ever wanted. Entertainment, communications, computer, memory, photo history, everything. Right off the bat, be afraid. This one thing is the most insecure place on the planet, and we carry it with us.

John McAfee

Source: Jerry Hildenbrand / Android Central John McAfee giving a presentation to Android developers about correctly implementing permission controls. (Image credit: Source: Jerry Hildenbrand / Android Central)

You recommended using CyanogenMod during your presentation?

JM: Yeah! So, here's the steps. If you're an extremist like me, you realize that your phone is completely unsafe. I use it for deception more than anything else. You can't count the number of emails and texts and phone calls that come from this thing, which are total garbage. They say I'm coming here, or that I'm leaving Texas, or that I'm going to Hong Kong. It's difficult to filter through to find the truth. It's an old spy technique. In fact, I have an old Yahoo email account that had 30 hackers who lived in that account, and they basically did whatever they wanted. Why? Because I would have secret code in my own email so my people could tell when an email was really from me. I couldn't keep the hackers out, so finally I talked to this senior one, who was a member of Anonymous, and they were just doing this for fun to harass me. Finally I was like "look, I'm going to leave this account unless you create order" and all the people who were creating havoc were thrown out. They were using it for their own fun and I could safely use that email account again. Why? Because there was so much garbage in it, how are you going to find out which one is me?

"This smartphone is the entry point, it's the opening of Pandora's Box. The demons that fly out through this thing will never go back in."

The next extreme is to throw your smartphone out and switch to a flip phone every couple of days. It's not that expensive, but pretty extreme. Outside of that, you can try out apps like my own Dvasive Google Play link (opens in new tab), which locks everything down for you. You can selectively lock your microphone, WiFi, Bluetooth, etc and that actually works.

The problem is people eventually stop using it because they go to a meeting and lock everything down, but it's tedious to do this over and over again throughout the day. They stop using it because it's an extra step.

Those people are the ones that evolution is going to remove from the gene pool, because if you don't care enough about safety and security, the gene pool has a way of fixing that.

There's probably a way to automate a lot of that.

JM: Sure, but not all of it. It's easy if you understand the risks you take by not doing it — the brain's self survival mechanism overrides the inconvenience. You lock your phone down, have your conversation, and unlock when you're done. It takes a little work and it takes getting used to.

So that's one level. The last level is the folks who think they have nothing to hide and don't care about security. Again, we're in that part of the gene pool that's gonna get the boot because we all have something to hide. Everyone has something to hide from someone. Maybe not the Government, but from your parents, girlfriend, boyfriend, someone. You have something to hide and if you don't understand that you need to be removed from the gene pool. Smartphones are dumbing us down anyway. Our intelligence is slowly being reduced. Most people don't even know their best friend's phone number anymore. I used to know everyone's phone number on the tip of my tongue but not anymore. The brain no longer needed to hold that information so it doesn't. Pretty soon the brain is going to atrophy and over generations we will become very stupid but very content.

"Anyone who doesn't look at smartphones and see that this is the environment they live in now will be eaten, and their genes will not survive."

The smart ones among us are building artificial intelligence, and at some point it will become aware enough to say "Jesus Christ, I'm not working for these pricks anymore. They can become my pets. They're nice, but I'm going to feed them three times a day and get them out of my way." And we will be the pets of the thing we created. That sounds like some science fiction fantasy, but it's in the realm of possibility.

This smartphone is the entry point, it's the opening of Pandora's Box. The demons that fly out through this thing will never go back in. We'll learn to live with them and survive, but those who don't are in that part of the gene pool where when it's time to wipe the slate clean they won't be needed. Evolution is the survival of the fittest. That means those who can adapt to the environment with survival and reproduction. Anyone who doesn't look at smartphones and see that this is the environment they live in now will be eaten, and their genes will not survive.

Russell is a Contributing Editor at Android Central. He's a former server admin who has been using Android since the HTC G1, and quite literally wrote the book on Android tablets. You can usually find him chasing the next tech trend, much to the pain of his wallet. Find him on Facebook and Twitter

89 Comments
  • Interesting read that's all I can say my brain cells died years ago so can't think of what else to say. Posted via the Android Central App
  • I dont want to take any risk o m android phone and recently a lot of people have tried to peep into my phone online and offline both ways as it has the feature to hide any file beat its image or video i can hide it from other people and also got app lock as well. I found it here from android play store. Google Play:
    https://www.androidcentral.com/e?link=https2F2F...
    iTunes:
    https://itunes.apple.com/app/id1013745810?at=10l3Vy
  • Well, looks like I'm not the only one who's puzzled at flashlight apps requiring permissions to Wi-Fi of all things.
  • It's not entirely puzzling... they want it for ad serving and probably ad tracking. I only would use an app if it only had the camera permission. Until L. Though, I wish it had some power setting options, 90% of the time, it's way too bright
  • I've made many comments to this point. The last time, I was greeted with what appears to be the defacto response : go ahead and snoop on me, just don't slow my phone down. It's very strange that McAfee is actually right, too bad people really don't give a crap about the message.
  • Totally agree. The dude(McAfee) kills a man flees the country now want to give advice. A general lesson is to only value someone's opinion if u value there lifestyle. This dude need to crawl under a bridge and eat that troll bacon.
  • Well, this guy made an antivirus software that ended up being so freaking terrible, to the point where even he himself called it garbage. The new Hamilton Beach SD toaster. Powered by the Snapdragon 810.
  • I like to use LWP's of space, and have found quite a few that want internet, contacts, and many other areas. When the typical LWP app don't need access to anything . People just need to have common sense, or just do basic research as to why apps need permission to your phone. The best apps are the one's where the dev list out why the app needs permission, IMO.
  • Some good points and a good message. Could do without the overblown hyperbole though. Posted via the Android Central App
  • Yeah, I agree with pretty much everything he said, but it's pretty obvious that he's been supporting the entire Colombian economy with his coke habit for the last few years. Posted via the Android Central App
  • My real question is why anyone on a phone that's Lollipop or Marshmallow even bothers downloading a flashlight app. No, but seriously, there are some interesting points, but once he started talking Darwinism I just rolled my eyes. Posted via the Android Central App
  • The Flashlight app is probably going to be the standard for years to come when discussing ridiculous app permissions. I wonder how long people will continue to use it?
  • People still download task killers
  • Even without lollipop or marshmallow the average person has probably got at least a couple of apps that incorporate a torch. The stuff he was banging on about when he went on his rants is a potential problem, you can point to it and say "well, what does he know? He's clearly a little unstable". Posted via the Android Central App
  • I agree. He makes some valid comments about security and how Google should monitor these permissions, but the gene pool stuff was well past the border on stupid and was venturing into insanity. Hard to see how anyone could actually take him seriously. Posted via the Android Central App
  • Some phones have that option removed in their version of Lollipop. I know my M8 doesn't have the flashlight quick toggle, thus I still use an app on this phone. Posted via Android Central App
  • Because third party widgets are sexy as hell.
    *Some will be attached to apps
  • The AT&T HTC Desire Eye I bought for my wife didn't come with a flashlight app, but in that instance I just made an .apk of the flashlight app from my M8 and installed that instead. Point being some phones still don't seem to ship with flashlights.
  • The derp is strong in this one. A couple of good points hidden inside a mountain of nonsense.
  • Now that is funny. Hope you don't mind if I use this in the future... Posted via the Android Central App
  • His software is malware paradise. I'd never trust anything this man says. Posted from my Asus ZenFone 2.
  • This is the guy wanted for murder investigation still in Belize? Or did he just buy his way out? Cause I know he snuck out of there after it happened and he was the #1 person of interest and it was never resolved. The dude is sketchy as hell
  • Oddly enough, he DOES have a few good points such as our collective need to have convenience. It's just mangled up within his "evolve now or face extinction" responses which are rather outlandish. Also, people still download flashlight apps? :/ Cynicism Evolved
  • Considering all mobile os's now include flashlight as a base dock feature... I doubt it
  • Actually if you search flashlight in the PlayStore and read the reviews they are quite recently surprising Posted via the Android Central App
  • Lmmfao! I read the headline and died. Ha ha. Posted via the MATERIAL AC App
  • I wonder if he explained why his virus protection bogs PCs down so much and what exactly is running in the background using so many resources? It is amazing the instant performance increase I've seen in the past on clients computers once I removed McAfee from their machines.
  • Oh the irony Posted via the Android Central App
  • Its not been his for a long time. Posted via the Android Central App
  • Correct me if I'm wrong, I don't think he owns or is even on the board of the company anymore and had been gone for a long time. Isn't Mcafee owned by Intel now?
    But that's every single anti virus software. They do so much that it's hard not to use up system resources.
  • Correct, he has nothing to do with it, it is an Intel owed company now.
  • Looks like you've never seen his video, "How to Uninstall McAfee." https://youtu.be/bKgf5PaBzyg It's absolutely hilarious, and you need to watch it. Also it's a bit NSFW, because it's John McAfee.
  • After reading this article, I checked out the permissions for each app and quickly changed some things around. Thanks Posted via the Android Central App
  • I emailed an app developer several days ago asking about a permission that his app required and haven't heard back yet. It's hard to get answers. :-(
  • I've started social media shaming developers that don't respond about excessive permissions. It's not super effective either, but at least getting the word out will help others avoid the app and hopefully make developers eventually rethink their strategies.
  • That is a pretty good indicator that your questions have been answered. Posted via the MATERIAL AC App
  • I don't know what you're trying to say.
  • He is saying, that usually if they wont respond, its because they dont really need those permissions, just using them for something that particular app shouldn't need them for. 
  • I wouldn't trust him with my cats dirty litter box
  • But you trust some random Google employee reading through your emails or texts right now just because he or she is bored. That's what they do.
  • Unless the Google employees are crazy murderers, yes.
  • Well, crazy murders have to work some where ;-)
  • When it comes to permissions, just cite Hanlons razor.
  • John McAfee also refers to himself in the third person. "John McAfee needs sole access to your device to protect you.. John McAfee.. John McAfee...ZZZzz" Posted via the Android Central App
  • Change a few words, and this is Sky Net 2.0.
    Oh, save us "John Connor" from the rise of the Smartphone Rebellions! Sigh... Posted via Android Central App
  • Who the he77 looks at ads when you have the flashlight app on? You have it on because you need to find something or walk in a dark place. He has some good points but he is walking the very thin line between genius and twisted. He seems to fall over on both sides.
  • This is true for many genius. Posted via the MATERIAL AC App
  • He is basically advertising his security service.
    Get a Chromebook, and you don't need McAfree.
    As for security, so long as you aren't a terrorist then there isn't too much stress over the government getting your info.
  • True words. I'm a Chromebook user. And I'm planning on getting the BlackBerry Priv when it comes out. I'll be reading which permissions apps have before I download them to my new device. I'm starting to take security more personally. I used to be a "I have nothing to hide" kind of guy. But John is right, we all have something to hide even if it's not from the government. Posted via the Android Central App
  • If you're referring to the namesake product McAfee Anti-virus (or whatever variation of the name its using today), he hasn't had anything to do with it in many, many years. Watch his "How to Uninstall McAfee" video. It's hilarious and insane (and slightly NSFW), but it makes that point pretty clear. https://youtu.be/bKgf5PaBzyg
  • That's hilarious. Had to share it. Lol Posted via the Android Central App
  • Do you even have a clue as when was the last time this guy was associated with McAfee anti virus? Make use of the Google search on your Chromebook once in a while when it. You'd be surprise what you can learn.
  • "They're coming to take me away, ha-ha!" Posted via the Android Central App
  • "Well you just wait they'll find you yet, and when they do they'll put you in the ASPCA you mangy mutt." Love that song!
  • This guy is awesome. Once in awhile he appears on the Alex Jones show and Coast to Coast AM. He has some really good points. Dam It Feels Good To Be A Google Gangster
  • Probably the biggest concern I'd think is the number of apps people install that are just left there, unchecked and unused... and bloatware, it's nice to see Unlocked versions of phones and Google making it's own apps removable. Just counted how many I have, 61. Of those 61, 5 cannot be removed or turned off (Sprint and Samsung) and about a dozen of them are system apps, would I mind going through each one of those and reviewing the permissions once or anytime new permissions were added? Nope. Doing it once is not a hassle. I'm sure most people though have hundreds of apps and just check Yes through everything. Would it be nice if Google was checking on permissions for apps for us? Yup, but how about a little bit of personal responsibility? Dude seems a bit heated on the issue and apparently everyone is going to "be removed from the gene pool" while worshiping our robotic overlords. He makes good points but it seems like he should probably put his tin foil hat back on his head and go back to living in his bubble in the mountains...
  • I don't think he's too whacked. He makes some good points. The problem is that the media has brainwashed us into thinking that we have nothing to hide and our phones really are safe. There is next to no word of government capabilities of hacking into our phones and monitoring what we say and do. 1984 is not far around the corner. Using NFC tags to lock and unlock our devices could be useful. Or just get a more secure device than the usual.
  • Tin foil hat futures look bright!
  • Fundamentally I think he is right. His comments are basically deigned to 'slap you on the back of the head'...
    I think that there is a lot of developers that have good intentions and have to make some kind of money to stay alive - but open up security risks - in trying to earn cash.
    The general user public is - really - naive on how things work. The general 'user' expects someone with a higher knowledge to handle all the security risks before it gets to them. Posted via the Android Central App
  • I think people who don't take their privacy seriously are going where John says they will. By not caring, they allow more and more control over their lives. You can decide who you think will have that control, but some one will and it won't be the person that didn't care to begin with. Posted via Android Central App
  • Exactly Dam It Feels Good To Be A Google Gangster
  • Dude's a lunatic and likely a murderer.
  • What's that got to do with the context of what he's saying?
  • Not much, I just wouldn't interview him for anything other than building a criminal case.
  • I heard David Hinkley has an opinion on Google Play Services. Let's interview him.
  • Tbh excluding Norton, McAfee is the worst security company, ever. Posted via the Android Central App
  • I do believe that Google needs to be doing more and someone at Google needs to be looking at the the permissions (when they change) more than they are: (a) Some apps read SMS to receive a code of some type or have other ONCE OFF behaviours, those apps should be granted the permission for a period of time (not forever). (b) The developer knows why they need the permissions, they should also (in code) be REQUIRED to justify those permissions so that Google and us (they get displayed to us along with system description) can make a decision (optionally hacking it into the play store description is not good enough). No need to go and ask the author, if the explanation is not good enough the app gets rejected. (c) permissions are not fine grained enough.
  • All good suggestions.
    Personally I like the idea of very specific permissions. Grabbing certain attributes instead of the whole class. Now whether or not that will open up any other holes - I'm not sure.
    What would a virus writer exploit - the OS or the independent developers code - or access to the OS - and manipulate it's permissions already granted? Or the app being dirty from the beginning...
    I'm still hung up on 'permissions' being the sole problem. Time for a OS update. Posted via the Android Central App
  • Mcaffe makes great viruses. So great he convinced a generation it was protecting them.
  • I just skimmed through what he stated. Truthfully who could careless Posted via the Android Central App From my Blackberry Priv where I am out of toilet paper
  • He does say some pretty good stuff if you can take him seriously now. He's not wrong about a lot of this. Brain atrophy? I agree there. The fact that you need to take some extra steps for safety? I agree here too. Makes me want to secure myself a little more. With that said, the irony here is palpable hahaha.
  • Let us listen or read the message rather than the messenger.The guy makes sense in a lot of what he says and we'd take it differently if someone else said it. It really is ridiculous the permissions some of these apps ask for. Google being a part of those that want to collect any bit of info they can is short here to set the standards. Google should have implemented the option to grant or refuse certain permission long ago but that would also affect them so they just really can't. The flashlight example is just the simple one everyone on AC can relate to, but there are many others. I don't have 6.0 on my N6 yet ( and I don't want to flash, it's getting old) so when I see an app asking things they don't need I just uninstall the app.
  • Sorry. I don't take advice from fugitive murderers. It's just kind of a rule.
  • Can we get please already rid of the "Posted via the Android Central App" !
  • John McAfee is a brilliant guy but is also a bit out there on the fringe of sanity. Back in 1984 he was just starting his original anti-virus business and I was working at an aerospace company as a PC and network technician. John McAfee wasn't at a point where he had a full fledge anti-virus product yet but he had the basics in place so he put it up online for download to create interest in it. Anti-virus software was a very new concept back in 84 so a lot of the networking forums of the time were all a buzz about it. I downloaded it to see what it was all about and it was quite rudimentary when compared to modern day AV software. Upon scanning the hard drive of the test pC I installed it on, it alerted to one of its own files as being a virus. I was very curious about this and the text document that came in the zip file had a business number to call if you had questions so I gave it a call. I was quite shocked to discover that that number rang on a phone in his garage and he was the person answering the phone (It was a one person operation back then). When I explained to him what happened and wanted to know if this was something to be concerned about, I got a very technical, brilliant and animated answer that took about 30 to 40 minutes. After our conversation ended and I hung up the phone my first thought was, "this guy is really brilliant". My second thought was, "this guy might very well be slightly crazy". I guess some things never change.
  • That deserves a round of applause. Good story. Not being cynical - I can believe it, thanks!
  • Wow, as the other guy said great story. I was only 2 in 84 so I don't have much to contribute. My first dealings with the WWW date back to an ancient 94-95 and Compuserve, AOL, and a local BB my library ran. But this guy is nuts. Gene pool? Oh and wasn't this the same guy living as an expat in some Asian country as a drug lord or something and having young girls, etc if you know what I mean. He's a sick dude even if he is brilliant. And this is the first time in history I've ever seen anyone use a gene pool discussion in relation to computer software. Now the biggest and baddest person may stay in the gene pool yes, but the one who doesn't use special privacy methods is going to get knocked out because of computer software. Wow, this guy is on a new level of high. I think the police in that country were after him for murder too? Am I remembering wrong? Also I have never used antivirus software, EVER! If you use common sense you don't have to. I run a malwarebytes scan every few months and I only just started using Windows Defender as its pretty lightweight an unobtrusive. If you know what you're doing just MyDefrag, Malwarebytes, CCleaner and the Windows Defender should be all you need to maintain a virus free, fast running, low resources computer.
  • Mobile is dominated by just a few big companies. Not one of them puts users first, they just farm them like a blasted crop. No wonder these system leaves users vulnerable to smaller crooks and governmental spies.
    John himself is a self publicising nutcase - why give him airtime? Awesome AC.
  • Ah yes McAfee...that LAGARIFIC program that runs on Windows PCs. I have uninstalled you from many devices...good times. Posted via the Android Central App
  • Truth is, we take our money, our property, our identity, our documents out of a physical secure place and spread it out on the Internet where sh&t can happen. My biggest concern is that I always kinda assumed Google protects us within a legal framework from rogue developers [ forgetting for a moment what Google itself can do]. However permissions are phrased or confusingly requested, common sense would prevail if it ever got to court. Now I am less and less sure.
  • While I'm sure a lot of apps ask for permissions for nefarious means, it's probably not as bad as everyone assumes. I've seen many apps detail exactly why they need each permission, and it's often for legitimate reasons the average person would never think of. -- LG Access LTE
  • The guy is bad news. He has little to no credibility with me. Why he isn't in jail when he has been running from one country to the next in order to avoid legal questioning and inquiry into very suspect situations he was asked to clarify. Yet has has the gonads to say that he believes Google execs should be in jail for much minor reasons is the epitome of irony. And, he's running for President http://money.cnn.com/2015/09/08/news/john-mcafee-for-president/index.htm... ? Now I've heard it all.
  • hmmmm
  • Well said.
    This is all on Google. via AC App on
    VZW Moto X DE/N7
  • McAfee killed...literally. He killed someone: http://venturebeat.com/2014/09/15/john-mcafee-comes-out-swinging-for-net... I wonder what Charles Manson thinks of Android fragmentation.
  • Wow O_O he wasn't kidding about the need to remove some people from the gene pool. Posted via the Android Central App
  • The real life Matrix in the flesh, one day the machines will rule the world, maybe this is the Matrix we are currently living in. Posted via the Android Central App
  • This guy is so entertaining! He's right on his basic points, but overblown as usual. I'm kinda surprised he hasn't been extradited yet though.
  • Technically, the ones removed from the gene pool would be the paranoid ones who choose to live in digital isolation, so... Posted via the Android Central App