Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac2me

macrumors 6502a
Original poster
Jun 10, 2015
965
446
Heard about this on the news about fitness trackers like Fit Bit and Apple Watch and found a number of tech publications picking up on it: http://www.pcworld.com/article/3029...re-leaking-lots-of-your-data-study-finds.html

Here's the story from the University of Toronto that illustrates why you might care: http://www.newswise.com/articles/fi...posed-by-u-of-t-s-citizen-lab-and-open-effect A link to the complete report of the research (pdf) is available there. Worth the read to comprehend the kind of data involved that could be leaked.

Good to know and another reason I love my Apple Watch.
 
Last edited:
Reading the original report, it seems like much ado about nothing.

I doubt many people are actually worried that someone is going to do a man-in-the-middle attack and forge entries in their exercise record. Oh, the horror!

As for tracking a Bluetooth id, that's possible with most smartphones as well. Or heck, anyone can check who's coming into a store by simply looking, using good old Mark I eyeballs or cameras.

The Apple Watch is noted as "not tested", apparently because they tested the others by installing their own lab HTTPS certificate on them, so they could bypass SSL security and read the payloads. Not exactly a real life situation outside of a controlled lab.
 
I can't say that I'm surprised, kudos to Apple.

Reading the original report, it seems like much ado about nothing.
I wouldn't go that far, as I prefer not have a product that allows someone or companies to track my whereabouts, whether for marketing or other purposes.
 
It may be "nothing" now, but this may affect future prospects of these devices being accepted by insurance companies. For example, a few health insurance companies have started to give discounts to those wearing fitness bands/smartwatches. And if these data are hackable or not safe, then it may affect that. Apple Watch being secure means that it would benefit its users.
 
You might not be as vulnerable with AW, BUT, the FBI, NSA, et al, have zeroed in on _everyone's_ smartphone no matter the brand. If you think iPhones are less susceptible to tracking you're only kidding yourself.

Any smartphone is a G-Mans wet dream.

Your privacy is a thing of the past.
 
You might not be as vulnerable with AW, BUT, the FBI, NSA, et al, have zeroed in on _everyone's_ smartphone no matter the brand. If you think iPhones are less susceptible to tracking you're only kidding yourself.

Any smartphone is a G-Mans wet dream.

Your privacy is a thing of the past.

Is that why NY and Cali have proposed bill to ban iPhones because of end-to-end encryption?

Unlike Android, Apple devices and services have end-to-end encryption.
 
Is that why NY and Cali have proposed bill to ban iPhones because of end-to-end encryption?

Unlike Android, Apple devices and services have end-to-end encryption.
Having used both Android and iOS concurrently and continually since they were created... I'm more than aware of the differences.

Yes effective encryption has its advantages, but impenetrable iDevices are something I remain sceptical about.

I'm also aware of the brilliant, highly successful strategy employed by Steve Jobs to convince anyone and everyone of the superiority of anything Apple. So successful in his endeavor, to this day Apple gets favorable treatment by a greater majority of writers, publications, electronic media etc.

I like that warm and fuzzy feeling that peace of mind creates, as much as anyone, but my trust in Apple is a thing of the past.
 
Having used both Android and iOS concurrently and continually since they were created... I'm more than aware of the differences.

Yes effective encryption has its advantages, but impenetrable iDevices are something I remain sceptical about.

I'm also aware of the brilliant, highly successful strategy employed by Steve Jobs to convince anyone and everyone of the superiority of anything Apple. So successful in his endeavor, to this day Apple gets favorable treatment by a greater majority of writers, publications, electronic media etc.

I like that warm and fuzzy feeling that peace of mind creates, as much as anyone, but my trust in Apple is a thing of the past.

Funny, i am also VERY familiar with Android. So, you should not assume much about me.

Do you even know what end-to-end encryption is?! Lets start with basics. And it is this encryption that Andriod lacks.

Then you add in that ONLY Apple has done privacy right for the Apple Watch.
 
I wouldn't go that far, as I prefer not have a product that allows someone or companies to track my whereabouts, whether for marketing or other purposes.

It's a scare mongering attempt. They're not talking about tracking someone by name. They mean looking for the same anonymous device.

The primary "tracking" the report is talking about is simply watching for the same Bluetooth MAC address to show up. (The Apple Watch uses a negotiated BLE MAC, which changes, so it "won".)

I suppose that a mythical advertiser with massive numbers of Bluetooth listening posts all over a city could ascertain that say, the same MAC showing up in a store is one that has been to a gym, and therefore... what? I dunno. You tell me. It's just an anonymous MAC address repeat with nothing to tie it to a way to send ads to you.

Heck, if you really prefer not having a product that allows such mythical tracking, you'd better give up your iPhone, since it's constantly broadcasting its static cellular IMEI... and over MUCH greater distances than Bluetooth :)
Unlike Android, Apple devices and services have end-to-end encryption.

Apple devices only have end-to-end encryption if the parties are using the iMessage or Facetime apps between two iPhones.

Likewise, people can easily use end-to-end encryption for the same kind of things between two Android phones by using the same encrypted app (or global encryption addon service). Samsung Galaxy with Knox even comes standard with such apps, NSA approved.

Even better, of course, would be for iPhones and Android phones to use the same third party encryption app, so they can be secure talking even between brands. (If Apple made Facetime open source as they had originally promised, that would help.)
 
Last edited:
I can buy things with my Apple Watch, so I'm very glad their products continue to impress independent testers. I'm never worried about security with my Apple devices, and that's a nice feeling.
 
Apple devices only have end-to-end encryption if the parties are using the iMessage or Facetime apps between two iPhones.

Likewise, people can easily use end-to-end encryption for the same kind of things between two Android phones by using the same encrypted app (or global encryption addon service). Samsung Galaxy with Knox even comes standard with such apps, NSA approved.

Even better, of course, would be for iPhones and Android phones to use the same third party encryption app, so they can be secure talking even between brands. (If Apple made Facetime open source as they had originally promised, that would help.)

True, end-to-end only with Apple services. But that is actually what matters! I don't need to rely on some 3rd party to properly do encryption on their end.

Encrypted apps? Not everything is equal. See: https://www.eff.org/secure-messaging-scorecard

Samsung...isn't that the same company that could not even encrypt the fingerprint data?! LOL Basic security 101.

iOS also approved by NSA.

Why would Apple make things open-source? Who does that anymore?! Hell, Google has abandoned open source for a few years now!! See: http://arstechnica.com/gadgets/2013...rolling-open-source-by-any-means-necessary/2/

So, no thanks...Apple needs to keep their main services that require encryption within Apple's wall.
 
True, end-to-end only with Apple services. But that is actually what matters! I don't need to rely on some 3rd party to properly do encryption on their end.

Most of the rest of us also often communicate with non-iPhone owners.

iOS also approved by NSA.

iOS devices are only approved for sensitive but non-classified uses. Samsung devices are approved as a basis for more classified applications.

Why would Apple make things open-source?

Oh they wouldn't now. They only said it at the beginning so people would be okay with moving off cross-platform messaging apps. Then they reneged on their promise.
 
Most of the rest of us also often communicate with non-iPhone owners.



iOS devices are only approved for sensitive but non-classified uses. Samsung devices are approved as a basis for more classified applications.



Oh they wouldn't now. They only said it at the beginning so people would be okay with moving off cross-platform messaging apps. Then they reneged on their promise.

I don't know...armed forces and NSA approved iOS. Not sure what you're talking about.

Hmm, it seems like Google/Android reneged BIG TIME on their whole philosophy, no?? Google today is not all that much different than iOS.

I see that you remain silent on the other stuff i posted. I wonder why....
 
I don't know...armed forces and NSA approved iOS. Not sure what you're talking about.

Exactly what I said. There are different levels and types of approval.

Hmm, it seems like Google/Android reneged BIG TIME on their whole philosophy, no?? Google today is not all that much different than iOS.

You're just deflecting attention away from Apple :)

I see that you remain silent on the other stuff i posted. I wonder why....

If I agree (or at least don't disagree) with something, I usually don't waste space in a response.
 
You're just deflecting attention away from Apple :)

And here i thought that we're talking about Apple Watch security...somehow Samsung Knox gets brought up by you.

But, lets see...Knox did not secure fingerprint data too well. Just saying.

Sorry, the ONLY phone that comes with end-to-end encryption (proven to work too) up and running as soon as you create passcode is iPhone.
 
And here i thought that we're talking about Apple Watch security...somehow Samsung Knox gets brought up by you.

Oh. Is this a contest? If so, look back. My post was in response to your off-topic post.

But, lets see...Knox did not secure fingerprint data too well. Just saying.

That wasn't Knox. That was the insecure side with normal Android.

It's highly doubtful that the Knox side would be allowed by security admins to be accessed via a fingerprint lock, since it's so easy to fool the sensors currently used by Apple and Samsung.

I'm ex-MI.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.