I have a security problem. Most of you probably have the same problem, and perhaps a few of you have solved it. I’m eager to hear more if you did. Here goes:
I’m talking specifically about iOS here, but could as well be talking about Android or others. Imagine that you need a useful app which doesn’t need to connect to the internet. The simplest example would be a photo editor. You find an app that supplies all the functionality you want, so you install it. During the install, it asks for access to your photos. (You can give it access to just some of them on recent iOS iterations.) You do so because, well, there’s no way to edit a photo without accessing it.
Game over. Sooner or later, your data is exfiltrated to (fill in app developer’s favorite country here) via innocuous-looking traffic to a domestic IP. Probably it happens surreptitiously and at low bandwidth, but it happens nonetheless.
There are some obvious solutions:
(1) Buy a separate phone and download all the apps you want before opening any of them. Then disable its internet access. Now you can use all the apps. When you want to edit something, you need to USB it over. If you discover that you’re missing a key app, delete all the apps, connect the internet again, and repeat the process.
(2) Download only the app you need at the moment. Disconnect the internet. Open the app. Run it as much as you like. Delete the app. Reconnect the internet.
(3) VPN apps can obviously intercept traffic, and some of them can do this on a per-app basis. Therefore, install a VPN app, but connect to an unresponsive server which will ignore all the traffic from the untrusted apps. Route only the untrusted ones to the VPN. This should be straightforward, but good luck finding a VPN app that will allow you to connect to “any old” server and just be happy that it’s unresponsive. (Can you?)
(4) Beg Apple to add an “allow internet access” switch in every app’s settings. Currently, this only applies to mobile data, not wifi or Bluetooth.
All of these solutions suck. And moreover this catastrophic design flaw could hardly be more obvious. Is there any more elegant or economical solution than what I’ve posted above?