Sunday, September 25, 2022

Apple and Meta Involved in Handing Users' Data to Hackers

One of the things that mega tech powerhouses, Apple and Meta, are openly proud of is the level of security they hold for their users’ data. But, in an unpreceded event, it appears that the tech giants were handing users’ data to hackers , or “officials,” or in this case, disguised as officials from law enforcement agencies.

This, in return, shines a light on the fragility of the U.S.’ law enforcement systems as they were shortsightedly, inevitably, exposed to any malicious infiltration to submit the forged emergency data request to both tech giants. And let us not forget the fact that some country’s law enforcement email domains can be easily compromised as the accounts’ login credentials are sold on online criminal marketplaces.

On this account, this raises questions about whether the data – once in the hold of enforcement agencies – is, in fact, secure once they are submitted from the tech companies under legal requests.

The social networking company and iOS developer are going under their users’ noses and submitting personal data, such as addresses, phone numbers, and IP addresses in mid last year, as a response to fake emergency requests.

While both tech titans typically receive different forms of legal processes requests from officials under the pretense of a valid legal basis – after being subjected to their legal team’s reviews – this time, the recipients were not officials but black hat hackers.

So, this raises the question, is our data really secure, as these giants like to claim?

It appears that no matter what the iPhone and social networking platforms’ parents like the public to believe, they are not companies committed to data privacy, be it through their various layers of protection or encryption. All this can be put aside when thinking about this specific incident, seeing as their users’ data was willfully handed to the hackers.

Although this personal information was deliberately submitted to a forged request that appeared legitimate – which is beside the point – the fact remains that the data these companies are entrusted with safeguarding were still given to these officials without the owners’ authorization, consent, and knowledge for that matter.

Conversely, to some, certain aspects of this incident might not come as a stunner, given it is public knowledge that Apple and Meta were handing users’ data to hackers for legal requests. But, what might not be catastrophized is that in 2021, the messaging platform parent provided 77 percent of data emergency requests, and the iOS developer responded to a whopping 93 percent of these data requests – also without the knowledge of the users.

Meta and Apple have different means of gathering users’ data, and one of them is their messaging platforms, iMessage and WhatsApp Messaging. Although both platforms are end-to-end encrypted, the data circulating between users and the companies is only secure if the mega tech giants themselves preserve this data within the borders of their protection policies and not share it with external parties, such as official and federal agencies for legal requests.

Meta, for instance, is increasingly providing companies from all industries, whether e-commerce, health, airlines, and even banking, messaging services through its WhatsApp Business application. The banking sector is more inclusively directing its communication strategy with its customers toward the messaging platform to enhance customer experience, efficiency, increased revenue, and, most importantly, security.

Yet, with these tech powerhouses were handing users’ data to law enforcement agencies, which in return, unintentionally submit to hackers, how truly secure is this financial data? And is this messaging platform reliable to protect the most precious commodity out there?

The question here is more about personal data and identity and how it’s being freely circulated amongst the agencies, regardless of the reason behind this circulation. Is WhatsApp truthfully the right choice for such customer-establishment interactions? Or are there better alternatives, such as SMS, to secure your data without the interference of a third-party company such as Meta and Apple.

Seeing as SMS is a secure way of authenticating users’ identity, works without WiFi, is not susceptible to outside breaches, and always available.