John McAfee (yes, him) on security and Android
A last minute change to the schedule at the Big Android BBQ this year looked almost like a joke on behalf of the event staff this year, but sure enough on Thursday afternoon a room at the Hurst Convention Center overflowed with people eager to hear the one and only John McAfee — namesake of the ubiquitous software suite — talk about users paying closer attention to personal security and being aware of just how important privacy is.
The core of the talk was a focus on Google not taking responsibility for apps that request far more permissions than they need, and users installing apps without much consideration for what those apps have access to. While several parts of McAfee's platform seemed out of date, that didn't stop him from pushing out his larger message.
According to McAfee, those who are unable to adapt to the technology in front of them and accept privacy as a personal responsibility are eventually going to find themselves removed from the gene pool. It's a strong message, and especially with Android 6.0 being delivered all over the world this week merited a few follow-up questions.
So we sat down with McAfee to get some more details.
What do you think is the best out-of-the box solution for permissions management?
JM: Any permission that is not necessary to the function of the application is excessive, is it not? If you're a flashlight app, you need access to the flash and nothing else. If you're a Bible-reading app, you need access to the speaker. What we need is 10 people to look at all the new apps submitted to Google Play and asking why those apps need access to permissions that seems excessive.
So you think Google should act as a sort of bouncer for apps that are asking for more than they need?
Get the top Black Friday deals right in your inbox: Sign up now!
Receive the hottest deals and product recommendations alongside the biggest tech news from the Android Central team straight to your inbox!
JM: It's their Google Play! They are the ones making money off of it. I should expect, if Google is an established and reputable company, that if I download an app from Google Play they will have validated that this thing is not asking for excessive permissions. If it is, why? Isn't that the question? If it's excessing, you're doing something devious. What are you doing with that data? Why do you need access? If you tell me why, I can make a decision. Google should be paying for that, not me.
With Runtime Permissions in Android M, none of that information can be accessed until you agree to the individual permissions.
JM: But here's the problem: We all say yes. It's just like Terms of Service. We're users. What do we know? The app says it needs access to my emails, I don't know. Not enough people are technical enough to analyze whether that's a sensible thing. It's Google's problem, they're the geniuses. They're the techies. So, no, I don't care about the runtime stuff. If they aren't doing runtime checks, then all of the Google execs should be in jail. If an app is allowed to gain access to more than it says it wants access to, go straight to jail. We need more than that, and the more is looking at the app and using some common sense. If it's a game, why does it want to read my text messages? They need to call the developer and find out why, and if the answer is unreasonable they need to go home and fix it.
I feel like you would also run into some Terms of Service behavior in an explanation environment. Is the problem that not enough people are asking why when looking at apps?
JM: No one is asking that question. I'm asking everyone to ask that question. Nothing in life is free, and if you think there is something free in life you've missed the point somewhere along your path. The things that are projected as free, you're paying four or five times the market price in some other way. They're coming at you from all sides. If nothing is free, wouldn't it be better that we paid a dollar for that app and knew we were safe? Why don't we go back to that old formula where you get what you pay for? Is this game worth $4? My friend says it is. Just pay the money, clear the slate, and then don't worry about what insidious things your frozen free fall is doing behind your app. This is the direction we need to go, or we will be living in chaos, I promise you. Why? The app world is exploding at a horrendous rate, and if we don't put some controls in place the app developers will rule the world and we will become the slaves. We won't even know how it happened.
We'll wake up one day and an app developer will say "Hey, we own your house now." Well, how did that happen? "Well, it's a complex process. Here's the court order. Move out." This is not beyond the realm of possibility. All I'd have to do is unionize the app developers. Tell them to stop fighting one another, stop fighting over pennies and start looking at how to get dollars or hundred dollars instead. You've got a world power that has no locale, that has no recourse if someone wants to slap them around. We're headed in a bad, dangerous, insidious direction if we do not realize the state we're in. It's Pandora's Box. It's a beautiful little box, and when we opened it, smartphones came out. It's everything I've ever wanted. Entertainment, communications, computer, memory, photo history, everything. Right off the bat, be afraid. This one thing is the most insecure place on the planet, and we carry it with us.
You recommended using CyanogenMod during your presentation?
JM: Yeah! So, here's the steps. If you're an extremist like me, you realize that your phone is completely unsafe. I use it for deception more than anything else. You can't count the number of emails and texts and phone calls that come from this thing, which are total garbage. They say I'm coming here, or that I'm leaving Texas, or that I'm going to Hong Kong. It's difficult to filter through to find the truth. It's an old spy technique. In fact, I have an old Yahoo email account that had 30 hackers who lived in that account, and they basically did whatever they wanted. Why? Because I would have secret code in my own email so my people could tell when an email was really from me. I couldn't keep the hackers out, so finally I talked to this senior one, who was a member of Anonymous, and they were just doing this for fun to harass me. Finally I was like "look, I'm going to leave this account unless you create order" and all the people who were creating havoc were thrown out. They were using it for their own fun and I could safely use that email account again. Why? Because there was so much garbage in it, how are you going to find out which one is me?
The next extreme is to throw your smartphone out and switch to a flip phone every couple of days. It's not that expensive, but pretty extreme. Outside of that, you can try out apps like my own Dvasive Google Play link, which locks everything down for you. You can selectively lock your microphone, WiFi, Bluetooth, etc and that actually works.
The problem is people eventually stop using it because they go to a meeting and lock everything down, but it's tedious to do this over and over again throughout the day. They stop using it because it's an extra step.
Those people are the ones that evolution is going to remove from the gene pool, because if you don't care enough about safety and security, the gene pool has a way of fixing that.
There's probably a way to automate a lot of that.
JM: Sure, but not all of it. It's easy if you understand the risks you take by not doing it — the brain's self survival mechanism overrides the inconvenience. You lock your phone down, have your conversation, and unlock when you're done. It takes a little work and it takes getting used to.
So that's one level. The last level is the folks who think they have nothing to hide and don't care about security. Again, we're in that part of the gene pool that's gonna get the boot because we all have something to hide. Everyone has something to hide from someone. Maybe not the Government, but from your parents, girlfriend, boyfriend, someone. You have something to hide and if you don't understand that you need to be removed from the gene pool. Smartphones are dumbing us down anyway. Our intelligence is slowly being reduced. Most people don't even know their best friend's phone number anymore. I used to know everyone's phone number on the tip of my tongue but not anymore. The brain no longer needed to hold that information so it doesn't. Pretty soon the brain is going to atrophy and over generations we will become very stupid but very content.
The smart ones among us are building artificial intelligence, and at some point it will become aware enough to say "Jesus Christ, I'm not working for these pricks anymore. They can become my pets. They're nice, but I'm going to feed them three times a day and get them out of my way." And we will be the pets of the thing we created. That sounds like some science fiction fantasy, but it's in the realm of possibility.
This smartphone is the entry point, it's the opening of Pandora's Box. The demons that fly out through this thing will never go back in. We'll learn to live with them and survive, but those who don't are in that part of the gene pool where when it's time to wipe the slate clean they won't be needed. Evolution is the survival of the fittest. That means those who can adapt to the environment with survival and reproduction. Anyone who doesn't look at smartphones and see that this is the environment they live in now will be eaten, and their genes will not survive.