In my yesterday’s blog ,
I had envisaged the extent to which Google compromises privacy of our personal data
Then I came across the
following in today’s
Mumbai Mirror :
“ Few Android Apps track all you do on your smartphone “
Three quarters of Android apps are using “clandestine surveillance software” to track everything users do
on their smartphones, according to a new report.
Researchers at Yale University’s Privacy Lab and French non-profit organisation Exodus
Privacy conducted a study into 25 known “ trackers ”, which are used for targeted
advertising, behavioural analytics, and location tracking.
In their analysis of over 300 apps, more than 75 per cent were found to contain the signatures of these trackers — including popular Google Play apps such as Uber, Tinder, Skype, Twitter, Spotify and Snapchat.
What’s more, the researchers said that many
Android users don’t
realise that these trackers are on their phones, and are often unaware that their personal
information is being shared.
One Google-owned tracker called Crashlytics — used by Tinder, Spotify, Uber and OKCupid
among others — is designed to track app crash reports, but also allows
developers to “get insight
into your users, what they’re doing, and inject live social content to delight
them”.
Another, called FidZup, can “detect the presence of mobile phones and therefore their
owners”, using ultrasonic tones that are inaudible to the human ear,
according to Exodus.
Meanwhile, one app developed by multinational insurance and financial firm AXA was found to contain six trackers.
EXACTLY WHAT INFORMATION IS
SHARED IS UNKNOWN, BUT THE DATA STORED BY THE APP IS EXTREMELY SENSITIVE.
“Publication of this information is in the public
interest, as it reveals clandestine
surveillance software that is unknown to Android users at the time of
app installation,” said Sean O’Brien and Michael Kwet, visiting fellows at
Yale, in a blog post, adding,
“Lack of transparency about the collection, transmission, and
processing of data via these trackers raises serious privacy concerns
and may have grave security implications for mobile software downloaded and in
active use by billions of people worldwide.”
The researchers are now calling on app developers, as well as Google, for “increased transparency into privacy and security practice as it relates to these trackers”.
Although the study didn’t
examine iOS apps, the researchers warn that the situation may be no better on
Apple’s App Store.
“Many of the same companies distributing Google Play apps also distribute
apps via Apple, and tracker companies openly advertise Software Development
Kits (SDKs) compatible with multiple platforms,” said O’Brien and Kwet.
“Thus, advertising trackers may be concurrently
packaged for Android and iOS, as well as more obscure mobile platforms.”
Add to the above , what Times of India reports today as
follows :
“ Google detects app stealing info from
phones “
·
Google has detected an app ‘ Tizi ’, which has been stealing information from call
records and also from social media apps like Facebook, WhatsApp, and also takes pictures from mobile
phones without even displaying them on screen of the device.
“Tizi
is a fully featured backdoor that installs spyware to steal sensitive data from popular social
media applications. The Google Play Protect security team discovered this
family in September 2017, when device scans found an app with rooting
capabilities that exploited old vulnerabilities,” a post on Google security
blog said.
The
company has removed the app from Play Store, notified all known affected
devices and suspended account of the app developer, the post dated November 27
said. The post said that earlier variant of Tizi did not have rooting capabilities. It
developed later on and thereafter started stealing sensitive information from devices.
“The rooting capabilities give an app full control of the device.
It can bypass all restriction poised on it by the Android security system. An app with rooting is like a user using the device. The presence of such app on Google Play Store
raises concerns around secure apps on the Play Store,” cyber security expert
Jiten Jain said.
Tizi’s
backdoor capability is
common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype, sending and receiving SMS messages,
and accessing calendar
events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all
installed apps.
“Tizi
apps can also record
ambient audio and take
pictures without displaying the image on the device’s screen,” the post
said. The post said that in and after April 2016, vulnerabilities in devices
which could have been affected by Tizi were fixed with new software codes.
“If a Tizi app is unable to take control of a device because the
vulnerabilities it tries to use are all patched, it will still attempt to
perform actions through high level of permissions it asks the user to grant to it, mainly around
reading and sending SMS messages and monitoring, redirecting, and preventing
outgoing phone calls,” the post said.
Dear Members of Committee on Data Protection Law :
Any idea how the proposed law will deal with the owners /
developers of these hundreds of Apps and succeed in suing / punishing them –
and in which court ?
Justice B N Srikrishna…………………………bnsrikrishna@gmail.com
· Smt Aruna Sundarrajan………………………secy-dot@nic.in
· Dr Ajay Bhushan Pandey…………………. ceo@uidai.gov.in
· Dr Ajay Kumar……………………………. ajay@deity.gov.in / akumar@del2.vsnl.net.in
· Prof. Rajat Moona……………………………. moona@iitk.ac.in
· Dr Gulshan Rai……………………………….. grai@deity.gov.in
· Prof. Rishikesha Krishnan……………… director@iimidr.ac.in
· Dr Arghya Sengupta……………………… arghya.sengupta@gmail.com
30 Nov 2017
www.hemenparekh.in
/ blogs