Saturday, 15 March 2014
WhatsApp or Android, who's to blame for appgate?
Hang 'em high!
Scandal! Stop the presses! Any app on your Android phone can steal all your WhatsApp messages from your SD card. Facebook didn't have to waste 19 billion dollars to read your chats. They could just have made the Facebook app grab your WhatsApps off your card. Someone's gotta get fired over this, right?
Let's blame WhatsApp
WhatsApp stores its message database and nightly backups thereof in plain sight on your memory card, no matter if your memory is built-in or added on a microSD card. That's great if you want to mix'n'match your WhatsApps and SMSs with apps like Backup Text for WhatsApp and SMS to Text, but not so great if you want to keep nosy apps out of your texts. Anything with SD card access can read along.
WhatsApp could easily have prevented this by encrypting your messages. They gave it a shot after the shit hit the fan, but so far without success. That's because WhatsApp used the same key to encrypt all messages from everyone. Yep, that's almost impossible to believe, but they really used a skeleton key to lock up your private chats.
So here's what WhatsApp should do: use a proper full-blown encryption method to protect the database that holds your messages. While they're playing with encryption anyway, full end-to-end encryption to keep Facebook and the NSA out of our chats would be most welcome too.
Of course WhatsApp should provide a method to let other apps into your messages if you allow them to. I don't want to lose Backup Text for WhatsApp and SMS to Text, and the long overdue multi-network app that includes WhatsApp needs access to your WhatsApps too. To cut a long story short: WhatsApp should encrypt its database and let us decide for ourselves who gets the keys and who does not.
Let's blame Android
Android treats your memory card the same way your computer treats your hard drive. Apart from a tiny bit of protected storage (that mysterious ".android_secure" folder that tops the list in your file browser) anything on your card can be read, altered, deleted, stolen, smeared, raped, and tinkered with by any app that has the "storage" Android permission. Most apps have that permission, so anything on your memory card that is not encrypted is up for grabs. That includes all those naked selfies that you shot after emptying the final bottle.
But what about sandboxing? That works for the app-specific internal storage that you can only get at if you root your phone. It doesn't work for the storage that you can see on your computer when you hook it up with your phone's USB cable. If you give an app access to your memory card, it gets access to all of your memory card, including your private collection of wildlife movies.
But that's changing.
Let's blame Google
Recent editions of Android lock down your memory card, because Google hates microSD. They'd rather have you store all your data in their cloud services so their advertisers can take a peek. Starting with Android 4.4, apps can only read the "public" parts of your SD card, and they can't write anything outside their tiny little sandboxed piece of storage space.
That's good for privacy reaspons, and bad for other reasons.
The good news is that this could prevent future WhatsAppgates. The bad news is that it will break a lot of useful things too. Save your email attachments with your mail app and edit them with another app? Forget it. Delete a picture from an alternative gallery app like QuickPic? Forget it. Zap old Nandroid backups with ES File Explorer? Forget it. The sledgehammer approach to SD card security is a disaster for cross-app access to files and folders.
Locking down your external storage is a bad idea. It breaks too much, and forces us to move our data to the cramped and expensive built-in storage, or send it to the cloud and burn up our data and battery for no good reason.
Keeping everything wide open is a bad idea, because I don't want Obama snooping around in my WhatsApps.
Solution? Fix the broken Android permission system so we can decide for ourselves what app can access what. The "external storage" permission should be split into two permissions: "access to folders created by my app" and "access to the rest of the memory card." Anything that's too sensitive for the second permission should be encrypted by the app that made it, and then the user should decide who gets the keys.
Until then, lets hope an Xposed module will fix what Android 4.4 broke.
Update: the Xposed module to fix external SD cards on KitKat is ready. It's called HandleExternalStorage. Grab your copy from the Xposed installer.