Latest news of the stir/shaken world.
Click Here 👍In a world where cyber-attacks are increasingly sophisticated and data privacy is paramount, OS-specific telephony security, often the overlooked sibling of digital security, is finally stepping into the spotlight. It's time to take note of the Android ecosystem, a market with about 70% of phones in its grip, as it transitions into a new era of call safety.
The STIR/SHAKEN framework is a set of protocols and procedures designed to combat illegal caller ID spoofing, a practice that has reached menacing levels over the past decade. It stands for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN). The primary goal of this framework is to address the issue of unwanted calls and the subsequent erosion of consumer trust in phone communications.
With STIR/SHAKEN, calls are "signed" as legitimate by the originating carrier, and "verified" by the receiving carrier. These mechanisms are akin to having a tamper-proof seal on a bottle — if broken, the recipient knows the contents are compromised. Implementation of STIR/SHAKEN on a wide scale promises a future with fewer spam or scam calls, not to mention a more secure environment for mobile conversations.
The inclusion of the STIR/SHAKEN framework in the Android operating system is a significant defensive maneuver. Android Q (Android 10) brings this integrated technology to mobile devices, making it possible for the Phone app to validate calls made to or from the phone on compatible networks. This validation is then visible to the end user, with a 'Caller Verified' notification accompanying the call. The visual cue adds an extra layer of confidence, improving the overall user experience.
To facilitate this calling experience, Android has gone a step further by supporting carrier verification, making the user journey from dialing to receiving seamless and secure. Implementation of STIR/SHAKEN on the Android platform has the potential to not only declutter our call logs from unwanted nuisances but also to allow for a discerning process that lets us answer the phone with assurance.
For individuals, adopting the STIR/SHAKEN protocol in Android signifies a shift towards a less intrusive and more trustworthy communication environment. It means reducing interruptions of our daily routines by spam marketing pitches or fraud schemes. The 'Caller Verified' badge helps to ensure that each incoming call is likely from its rightful owner, which is especially crucial for financial and personal transactions conducted over the phone.
Enterprises also stand to benefit from this update. With more significant scrutiny and authentication placed on incoming calls, businesses can be more confident that their communications are secure and that they can trust the information shared during those calls. This level of authentication is particularly important for sectors that handle sensitive data, such as healthcare and finance.
Despite the clear benefits, the path to a universally secure calling experience has hurdles. The adoption and integration of STIR/SHAKEN across all carriers is a complex process that requires orchestrated efforts from multiple stakeholders, including network operators and device manufacturers. Compatibility issues could also arise, especially when calls cross different network domains.
Furthermore, the implementation of this framework raises questions about privacy and control. While the intended targets are spoofed and scam calls, the infrastructure could potentially be used to track and verify the identity of all callers, which might conflict with the expectations and practices of privacy-conscious users. It is, therefore, essential that the adoption of STIR/SHAKEN is balanced with a robust privacy framework.
In the meantime, there are several best practices that Android users can employ to bolster their mobile call security. These include regularly updating to the latest OS version, carefully managing app permissions, and being cautious when sharing personal information over the phone, even when the call is validated with the 'Caller Verified' banner.
Users should also consider using reputable caller ID and call-blocking apps from the Google Play Store, which can provide an additional layer of protection against unsolicited calls. These practices help create a more comprehensive approach to phone call security, particularly without a globally implemented STIR/SHAKEN framework.
Incorporating the STIR/SHAKEN framework into Android is a pivotal step in securing the mobile calling experience. As Android users benefit from reduced spam and increased call validation, the entire industry is poised to embrace a new, more robust standard for call security and authenticity.
The journey towards a completely secure calling landscape is ongoing. It relies on the collaborative efforts of service providers, device manufacturers, and software developers. As we await the full deployment of STIR/SHAKEN protections on a global scale, we can enjoy the first blossoms of a more reliable and secure telesphere, one call at a time.
For more information about STIR/SHAKEN, get in touch with Prescott Martini today.
Stay updated on the latest news in the regulatory and compliance world! Sign up to receive our newsletter.