New iPhone Exploit Impacts Hundreds of Millions of Devices, FBI Resumes Buying Location Data, Google's New App Installation Process, and More!

Our top stories this week:

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
FBI is buying location data to track US citizens, director confirms
Should Banksy Remain Anonymous?
Google details new 24-hour process to install unverified Android apps

TWIP Live 🔴

Updates from the Team

Stop Using These "Private" Messengers

Our latest video about private messengers is now available to the public. In the past we released a video that focused specifically on the shortcomings of SMS. While this video does retread that ground, it also talks about why other messengers don't go far enough.

News Articles

This week, Fria wrote about Instagram ending E2EE DM support, a major data breach in the UK, Intel's advancements in homomorphic encryption, and how Pokémon Go used player-submitted data to train AI.

Sources

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A new hacking technique, called DarkSword, was revealed by Google, iVerify, and Lookout this week. It works against iOS devices running iOS 18, which is still running on nearly 1/4 of the 1.5 billion iPhones currently on the market, meaning hundreds of millions of devices are at risk. While not a state-sponsored vulnerability, it's already spread to several countries and been seen in use by states and private companies. Experts expect it to continue to spread to other groups.

FBI is buying location data to track US citizens, director confirms

After a brief hiatus starting in 2023, FBI director Kash Patel has indirectly confirmed that the agency has resumed purchasing the location data of Americans. This practice has long been controversial, accused of being a workaround to skirt legal requirements (the US Constitution requires law enforcement to get a warrant to request private data, but buying from a third party so far has avoided that).

Should Banksy Remain Anonymous?

Recently, a Reuters investigation uncovered what they said "revealed, beyond dispute, Banksy's true identity." Banksy's team urged them not to publish the name, citing both privacy and concerns of legal danger. Slashdot thus posed the question: should Banksy remain anonymous?

Google details new 24-hour process to sideload unverified Android apps

Google's controversial changes to app installations outside the Play store (aka "sideloading") are getting updated. Now, Google will allow external installs after a lengthy and somewhat involved process. Users will have to enable developer options, allow "unverified packages," then wait 24 hours. Google has defended the changes as necessary to stop malware and avoid burdensome regulation in some parts of the world.

Forum Updates

Show Hosts

Nate is a member of Privacy Guides' video and news team. He has been advocating for privacy on his own website The New Oil since 2018, and is the former host of Surveillance Report, a popular cybersecurity podcast he published with Techlore.

Jordan is the creator and editor of many videos on Privacy Guides' channels. Previously working with Techlore, they have extensive experience in video editing, motion design, and photography.