Hi Friends,

Even as I launch this today ( my 80th Birthday ), I realize that there is yet so much to say and do. There is just no time to look back, no time to wonder,"Will anyone read these pages?"

With regards,
Hemen Parekh
27 June 2013

Now as I approach my 90th birthday ( 27 June 2023 ) , I invite you to visit my Digital Avatar ( www.hemenparekh.ai ) – and continue chatting with me , even when I am no more here physically

Thursday, 30 November 2017

Here is the Proof





In my yesterday’s blog ,






I had envisaged the extent to which Google compromises privacy of our personal data



Then I came across the following in today’s

 Mumbai Mirror :



“ Few Android Apps track all you do on your smartphone “



Three quarters of Android apps are using “clandestine surveillance software” to track everything users do on their smartphones, according to a new report.


Researchers at Yale University’s Privacy Lab and French non-profit organisation Exodus Privacy conducted a study into 25 known “ trackers ”, which are used for targeted advertising, behavioural analytics, and location tracking.


In their analysis of over 300 apps, more than 75 per cent were found to contain the signatures of these trackers — including popular Google Play apps such as Uber, Tinder, Skype, Twitter, Spotify and Snapchat.


What’s more, the researchers said that many Android users don’t realise that these trackers are on their phones, and are often unaware that their personal information is being shared.


One Google-owned tracker called Crashlytics — used by Tinder, Spotify, Uber and OKCupid among others — is designed to track app crash reports, but also allows developers to “get insight into your users, what they’re doing, and inject live social content to delight them”.


Another, called FidZup, can “detect the presence of mobile phones and therefore their owners”, using ultrasonic tones that are inaudible to the human ear, according to Exodus.


Meanwhile, one app developed by multinational insurance and financial firm AXA was found to contain six trackers.


EXACTLY WHAT INFORMATION IS SHARED IS UNKNOWN, BUT THE DATA STORED BY THE APP IS EXTREMELY SENSITIVE.


“Publication of this information is in the public interest, as it reveals clandestine surveillance software that is unknown to Android users at the time of app installation,” said Sean O’Brien and Michael Kwet, visiting fellows at Yale, in a blog post, adding,


“Lack of transparency about the collection, transmission, and processing of data via these trackers raises serious privacy concerns and may have grave security implications for mobile software downloaded and in active use by billions of people worldwide.”


The researchers are now calling on app developers, as well as Google, for “increased transparency into privacy and security practice as it relates to these trackers”.


Although the study didn’t examine iOS apps, the researchers warn that the situation may be no better on Apple’s App Store.


“Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms,” said O’Brien and Kwet.


“Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.”




Add to the above , what Times of India reports today as follows :



“ Google detects app stealing info from phones “

·          
Google has detected an app ‘ Tizi ’, which has been stealing information from call records and also from social media apps like Facebook, WhatsApp, and also takes pictures from mobile phones without even displaying them on screen of the device.


Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017, when device scans found an app with rooting capabilities that exploited old vulnerabilities,” a post on Google security blog said.


The company has removed the app from Play Store, notified all known affected devices and suspended account of the app developer, the post dated November 27 said. The post said that earlier variant of Tizi did not have rooting capabilities. It developed later on and thereafter started stealing sensitive information from devices.


“The rooting capabilities give an app full control of the device. It can bypass all restriction poised on it by the Android security system. An app with rooting is like a user using the device. The presence of such app on Google Play Store raises concerns around secure apps on the Play Store,” cyber security expert Jiten Jain said.


Tizi’s backdoor capability is common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype, sending and receiving SMS messages, and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps.


“Tizi apps can also record ambient audio and take pictures without displaying the image on the device’s screen,” the post said. The post said that in and after April 2016, vulnerabilities in devices which could have been affected by Tizi were fixed with new software codes.


“If a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform actions through high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls,” the post said.



Dear Members of Committee on Data Protection Law :


Any idea how the proposed law will deal with the owners / developers of these hundreds of Apps and succeed in suing / punishing them – and in which court ?



         Justice B N Srikrishna…………………………bnsrikrishna@gmail.com


·         Smt Aruna Sundarrajan………………………secy-dot@nic.in


·         Dr Ajay Bhushan Pandey…………………. ceo@uidai.gov.in


·         Dr Ajay Kumar……………………………. ajay@deity.gov.in / akumar@del2.vsnl.net.in


·         Prof. Rajat Moona……………………………. moona@iitk.ac.in


·         Dr Gulshan Rai………………………………..  grai@deity.gov.in


·         Prof. Rishikesha Krishnan………………   director@iimidr.ac.in


·         Dr Arghya Sengupta………………………   arghya.sengupta@gmail.com


30  Nov  2017


No comments:

Post a Comment