Apple delivered an official way to block ads in Safari with the release of iOS 9 in September, but there’s a growing trend of people attempting to block every ad in iOS, and doing dangerous things to get there.
Been, which received a large amount of press coverage, is one of these bad ideas.
“We're hunting for awesome startups”
Run an early-stage company? We're inviting 250 to exhibit at TNW Conference and pitch on stage!
The app installed a root certificate on your phone, along with a VPN profile in order to block advertising within apps, like Facebook, Yahoo and Google by proxying all traffic through a service — tempting, but dangerous.
The problem is that Been needed to capture all your internet traffic, decrypt it, remove the ads, then send it back to you, which is somewhat horrifying. That means, if Been wanted to it could technically view your passwords or access tokens in plain text.
Of course, Been promises it’ll never do that, saying that it only inspects the headers of your decrypted traffic to determine if it’s an advertisement, but the fact that it’s decrypted at all in transit is a huge problem.
To block advertising — you know, the thing that pays for many services you use — people are willing to hand over the keys to literally everything but I’m not sure they understand the true impact of what that means.
A common type of attack used to steal data like logins and access keys is called a Man In The Middle, or MITM, and by using one of these apps you’re basically doing it to yourself willingly… just to avoid seeing a few annoying ads.
Apple, which initially approved Been, decided to remove it citing that it requires “end to end encryption” — hopefully that means similar mechanisms won’t be approved in the future.
Services like this exist for both Android and desktop computers too, and come with the same warning: why would you trust these people with your most private data?
The reason iOS 9’s Content Blockers are so compelling is that they never receive data about what you’re actually doing, and can’t read your internet traffic.
If an app promises you an ad-free phone, but requires you to hand over all your internet traffic to perform it, back away slowly. It’s not worth it.
Image credit: Shutterstock