Apple and Google Ship New Mobile OS Betas with Expanded Encryption and Security Controls
Apple released an iOS/iPadOS 26.4 developer beta that adds end-to-end encryption (E2EE) for RCS messaging in limited testing, with availability constrained by device/carrier support and currently limited to Apple-to-Apple RCS conversations. The implementation is tied to upgrading to RCS Universal Profile 3.0 built on the Messaging Layer Security (MLS) protocol, aligning with the GSMA’s prior move to standardize E2EE for RCS. The beta also expands platform hardening by allowing apps to opt into the full protections of Memory Integrity Enforcement (MIE) (beyond the previously available “Soft Mode”), and reporting indicates Apple may enable Stolen Device Protection by default in this release line.
Google released the first Android 17 beta with multiple privacy/security changes aimed at tightening network and cryptographic defaults and improving user control. Android 17 deprecates the android:usesCleartextTraffic manifest attribute; apps targeting Android 17+ that set usesCleartextTraffic="true" without a Network Security Configuration will have cleartext traffic blocked by default, pushing developers toward more granular policy via configuration files. The beta also introduces a public HPKE (Hybrid Public Key Encryption) Service Provider Interface, adds user preference controls for VoIP call history integration, and expands Wi‑Fi ranging for proximity detection and secure peer-to-peer discovery.
Sources
Related Stories
OS Privacy and Security Changes in Android 17 Beta and Windows 11 Insider Builds
Google released the second beta of **Android 17** with new privacy-focused platform behaviors and APIs aimed at reducing unnecessary access to sensitive data. Changes include a system-level **Contacts Picker** that grants apps only temporary access to user-selected contacts (including across personal/work profiles), a new `ACCESS_LOCAL_NETWORK` runtime permission to control discovery/connection to LAN devices (with an alternative path via system-mediated device pickers), and expanded safeguards for SMS one-time passwords by delaying most apps’ programmatic access to OTP messages for three hours (with exemptions for default SMS and approved companion apps, and guidance to use SMS Retriever/SMS User Consent APIs). Microsoft is testing **Windows 11** security and performance improvements for batch/CMD script execution in Insider Preview builds by adding an optional “secure processing mode” that prevents batch files from being modified while running. Administrators can enable it via the `LockBatchFilesInUse` registry value under `HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor` or via the `LockBatchFilesWhenInUse` application manifest control, reducing repeated signature validation when code integrity is enabled. Separately, commentary on **Windows telemetry** reiterates that Microsoft collects diagnostic data and suggests users can inspect telemetry themselves, but it does not describe a specific new security incident or vulnerability disclosure.
2 weeks ago
Privacy and Encryption Advocacy and Consumer Guidance in Mainstream Tech
The Electronic Frontier Foundation launched **“Encrypt It Already”**, a campaign pressuring major consumer tech providers to expand and complete **end-to-end encryption (E2EE)** commitments and make protections easier to use. The campaign tracks where encryption is promised but not delivered (e.g., E2EE for Facebook group messages, interoperable encrypted RCS messaging promised by **Apple** and **Google**, and E2EE for Bluesky DMs), where encryption exists but is not enabled by default (e.g., Telegram encrypted chats, WhatsApp backups, and Ring camera footage settings), and where additional encrypted storage and controls are being urged (e.g., encrypted backups for Google Authenticator and broader encrypted Android backups). EFF’s stated goal is to shift control of communications and stored data toward users by pushing vendors to ship E2EE features, enable them by default, and broaden encrypted data coverage. Separately, consumer privacy concerns continue to shape adoption and trust in data-collecting devices and platforms. A Clutch survey cited in reporting found **74%** of respondents are concerned about how wearable devices handle personal data, and only **58%** are confident their wearable protects their data—sentiment that may drive brand switching decisions. In parallel, an Apple-focused article on “privacy rules” promoted user configuration steps within the iPhone ecosystem (e.g., Safari anti-tracking features, a dedicated Passwords app, and other privacy controls), but it does not describe a specific incident or vulnerability and reads primarily as general privacy guidance tied to Data Privacy Day.
1 months ago
Debate Over Mobile OS Lockdown Measures to Reduce Malware and Targeted Attacks
Discussion focused on whether stronger *platform-level restrictions* are necessary to curb mobile threats, contrasting Android’s openness with iOS’s “lockdown” approach. One thread highlights Google’s plan to require centralized **developer registration/verification** for apps installed on Android-certified devices (even if distributed outside Google Play), framed as a way to reduce malware and prevent repeat offenders from re-signing and redistributing blocked apps; it also notes Android’s recent mitigations such as **Restricted Settings** (Android 14) and **Enhanced Confirmation Mode** (Android 15) as partial technical barriers against common scam/phishing tactics. Separately, iOS **Lockdown Mode** is presented as an extreme, reversible hardening option intended for high-risk users (e.g., journalists, activists) that reduces attack surface by disabling or restricting features (e.g., most message attachments/link previews, certain web technologies, incoming FaceTime from unknowns, accessory connections while locked, non-secure Wi‑Fi, and installation of device management profiles). The article cites reporting that a seized journalist phone could not be accessed using law-enforcement forensic tooling when Lockdown Mode was enabled, underscoring how aggressive feature reduction can materially impede both targeted exploitation and post-seizure forensic access.
1 months ago