Security Friday: Text Android phones securely, Amazon ditches privacy features, you have no secrets from this international marketing firm

Hi Readers, Cullen here. This newsletter focuses on what you can do to protect your private life in an age of unprecedented digital surveillance.

View In Browser

This Newsletter Is Brought to You By:

Privacy & Security   March 21, 2025 Editor's Note Hi Readers, Cullen here. This newsletter focuses on what you can do to protect your private life in an age of unprecedented digital surveillance. It's easy to give in to the idea that information brokers, and Google, Meta, and the like already know everything about us, so we might as well just let them. But don't do it! There are plenty of things you can do to protect your privacy, even today, and it's worth the effort. When we surrender our privacy, our security is sure to follow. One easy thing to do is just stay informed by reading this newsletter and taking advantage of classes like our free class on cybersecurity for Apple enthusiasts. If you've already taken it, let me know if it worked for you or if there's anything I missed by emailing security@iphonelife.com. Stay safe out there! Cullen Thomas, Senior Instructor at iPhone Life 🗒️✅ Your Security Checklist If you take nothing else from this newsletter, do these three things to protect yourself: Apple will soon implement end-to-end encryption with RCS messaging. Now might be a good time to brush up on everything to know about RCS. The most secure way to protect your Apple Account is with a physical security key. Find out how to add a security key to your account. Take a few minutes to review which contacts and apps have access to your personal data. In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.   🏆🎖️ Test Your Security Skills What should you do in the following scenario? Your computer is running slow and heating up. You think it might be malware. Which of these are good things to try? 🤔 Reboot more often Run a malware scan Delete unused applications and browser extensions manually All of the above Scroll to the bottom to see how you did! In partnership with ExpressVPN One VPN. 360° Protection. Zero Hassle. Want to try a VPN but worried it will be too hard to use? ExpressVPN is our recommendation if ease of use is your top priority. It's a full-featured service that checks all the boxes for security and privacy. You can trust that your connection is secure. Try ExpressVPN today and take advantage of a special deal: 2 Years+ 4 Months FREE.     Secure Messaging with Android Users Reaches Major Milestone While text messages between Apple devices have always been encrypted using Apple's iMessage protocol, messages sent to Android users are not encrypted and thus can be intercepted while in transit through the cell network and phone systems. This is such a serious problem that the US government has repeatedly warned its employees not to use text messaging, but to instead use end-to-end encrypted messaging apps such as WhatsApp or Signal. However, with the introduction of iOS 18, Apple implemented the new RCS messaging standard used by Android phones. This added many important features such as likes and responses, but RCS did not yet have a cross-system compatible encryption scheme, so those green bubbles are still not encrypted. Now, at last, the consortium that publishes the RCS standard has released an encryption scheme that will work across iPhone and Android devicesand Apple has promised to implement it. The Bottom Line: We can expect Apple to finally add end-to-end encrypted messaging with Android devices sometime in the next round of major updates. You can be sure we'll let you know right away when that feature finally rolls out.   🤨 This Should Be on Your Radar 📡 Amazon Echos Will Send Recordings to Amazon's Servers, and You Can't Opt Out In an effort to enhance Alexa's AI capabilities, Amazon announced that all Alexa recordings will now be sent to the cloud for processing—removing a setting that forced commands to be processed on the device without the use of remote servers. Amazon has a history of keeping Alexa recordings, allowing employees to listen to them, and turning them over to police. Amazon says your recordings will be encrypted. The Bottom Line: We don't recommend using Echo devices or Alexa. Instead, if you're interested in smart home speakers, the HomePod is a good option. Apple's commitment to privacy and security when it comes to Siri and the HomePod means it's a much more trustworthy device. One VPN. 360° Protection. Zero Hassle. (sponsored) How Much Does a French Advertiser Know About You? French advertising giant Publicis has released a sales video bragging about the depth and detail of its profiling of nearly every adult internet user. The company claims to know not just your name, your address, who lives with you, your political leanings, interests, and hobbies, and who all your friends and contacts are, but also what you buy, what you eat, and much more. We don't have access to the Publicis data set so we can't verify these claims; but the video is worth a watch, just to get a sense of what these data broker companies are trying to do, and why they want to do it. Gizmodo has the full story. The Bottom Line: I've not been able to identify an opt-out page for Publicis (if you find one, please let me know by emailing security@iphonelife.com, and they're not covered by data-broker opt-out services like Incogni. Need to Quickly Make a PDF? Warning! Online File Converters May Distribute Malware For years, if you needed to convert a bunch of image files into a PDF, or maybe convert a Microsoft Word .doc file into an Apple Pages .pages file then your first port of call was Google. A quick web search would supply a website or ten promising to convert the files for you for free. Now, the Denver FBI office has issued a warning of a rising number of free websites that will combine your files or convert them as you request, but when you download your new file, you'll get some malware too. The Bottom Line: Avoid free file conversion websites. You can safely combine images into a .pdf file using the built-in previewer in MacOS, or using the Adobe Acrobat app on your iPhone. In partnership with Incogni Stop Spam & Wipe Your Data from the Web Trying to remove yourself from digital lists can feel like trying to stem a flood with a bucket. Let Incogni do the work for you—they deal with databrokers to get you off lists you didn't even know you were on to keep you safe from spam, scams, identity theft, and more. Try Incogni today and stop those spam calls, emails, and texts right in their tracks.   Vulnerabilities Discovered in One Billion Bluetooth Devices Smart devices such as smart lightbulbs and power switches all have to communicate with your Wi-Fi, and their setup depends on close-range Bluetooth, so almost all of them depend on tiny, cheap circuit boards that combine both Wi-Fi and Bluetooth. One of the more popular of those cheap boards is ESP32, made by the Chinese brand Espressif. Security researchers found that ESP32 was programmed with a large number of administrative debugging commands that were never documented, making it possible for hackers who have compromised a device with an ESP32 chip to retain control over it through reboots or resets, to use it to mask their other activities, and much more. Bleeping Computer has the full story. Security researchers have long warned that Internet of Things devices, such as smart toothbrushes, smart locks, and smart lightbulbs, have worrisome security implications. This is a concrete example of what sorts of vulnerabilities you bring into your home when you put tiny, cheap computers all over your house—computers you can't monitor for unwelcome activity. The Bottom Line: Espressif has promised to patch these vulnerabilities in a future update, but since the devices containing ESP32 chips are sold by diverse companies, those updates may take a long time to reach your devices. As always, try to keep your devices up to date. Google Purchases Wiz for $32 Billion Not really a security story for the rest of us, but a noteworthy moment. Wiz is a company that specializes in cloud-computing security, and the massive merger is likely an effort by Google to shore up the cloud-computing security image. Ready about it in The Verge. Facebook, Instagram, and Threads Begin Tests of Community Notes Feature Meta has begun testing of a community notes feature intended to replace paid fact-checking staff with the free labor of users. The feature is modeled on one implemented on X (Formerly Twitter). Studies of community notes on X suggest that a community note on a false or misleading post is highly likely to cause the poster to delete or retract the post, but community notes are usually too slow to stop the spread of viral misinformation and potentially dangerous rumors. The Bottom Line: Practice wariness toward viral rumors. Double-check your posts and shares. Community notes are a useful tool, but they're slow, and alarming or extremest rumors may spread faster than community notes can stop. Stop Spam & Wipe Your Data from the Web (sponsored)   🙈 Security Fail of the Week 👎 US Cybersecurity Agency Looks Like Keystone Cops The US Cybersecurity and Infrastructure Agency (CISA) was ordered to lay off all probationary employees in February, including all the hacking talent they'd recently scouted. Then a judge said they couldn't do that. To comply with the court order, CISA is now trying to rehire all those probationary employees that they laid off, but it seems like maybe they don't have great records of who they fired, because they've had to post a banner to the department's main webpage begging ex-employees to email them so they may be reinstated (only to be placed on administrative leave). As if that weren't enough of a fail, CISA's announcement asks for ex-employees to email them "a password-protected attachment" containing proof of their firing. Readers of this newsletter will know that password-protected attachments to emails are a pretty common way to transmit malware. So, soliciting them en masse from a bunch of disgruntled hackers is certainly… a choice. The Bottom Line: CISA is an important contributor to the protection of US critical infrastructure. We hope they get their act together, and that the employees affected by these orders land at new jobs safely.   🍎📱 Security Updates from Apple 🍎 Everything you need to know about Apple's latest software updates. The most recent iOS and iPadOS is 18.3.2 The most recent macOS is 15.3.2 The most recent tvOS is 18.3. (1st and 2nd gen) 18.3.1 (Apple TV 4k 3rd gen) The most recent watchOS is 11.3.1 The most recent visionOS is 2.3.2 In partnership with T-Mobile T-Mobile's Discounted Plans for Military & Veterans Help Families Stay Connected T-Mobile is committed to supporting active duty military, veterans, and military spouses to stay connected. Get all of T-Mobile's unlimited plan benefits with more entertainment and travel perks at a discount for veterans & military. Learn More.     Security Skills Answer The correct answer is D. all of the above. These are all good things to do.   Mission Statement There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Sarah Kingsbury.   Next Steps In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts. Interested in learning how to use the Passwords app? Check out: Easily Create Strong Passwords on iPhone Sort Your Passwords in the Passwords App Securely Share Passwords with Friends & Family T-Mobile's Discounted Plans for Military & Veterans Help Families Stay Connected (sponsored)   Premium Content If you enjoyed this newsletter, you'll love all the security content available on iPhone Life Insider! This premium subscription includes: The complete iPhone Life Privacy & Security Course for Apple Enthusiasts and other free online courses taught by expert instructors In-depth guides on everything from security to iPhone photography to other Apple devices Daily, bite-sized video tips on topics ranging from iCloud security to password management A digital subscription to iPhone Life Magazine, where you'll find articles covering the best security gear, apps, and in-depth how-tos The monthly premium iPhone Life Security Newsletter covering everything you need to know to keep your digital life secure Access to the ad-free version of the iPhone Life Podcast and exclusive bonus content Expert help with all your most pressing Apple Watch questions in our private Ask an Expert Facebook Group Join the Insider community today and save 30 percent! Did we help with your security concerns? With your feedback, we can improve this security newsletter. Let us know how we did: 👍 Yes, this definitely helps me with my security 😐 Some of the content is helpful to me 👎 No, I didn't find this newsletter helpful