fbpx

Download free GDPR compliance checklist!

Tag Archives for " Android "

Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

The tech giant will give app developers until October 1 to remove stalkerware code from their official online store.

Google has announced that it is clamping down on apps containing stalkerware capabilities, defined by the company as “code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening.”

On September 16, the company updated its Developer Program Policy to state that any apps distributed on its store that monitors a user’s behaviour must include, “adequate notice or consent”; a “persistent notification” of background tracking; must not present their app as a “spying or secret surveillance solution”; or attempt to “hide” or “mislead” users of their surveillance purposes.

Source: Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

Google adds new privacy controls in Android 11 launch

A number of privacy controls featured in Google’s release of Android 11.

Chief among these is the function to allow one-time permissions, or single-use access to the microphone, camera and location permissions, rather than allowing ongoing access after permission is initially granted.

In addition, Android now includes “auto-reset” permissions for apps that have remained unused for a while, meaning that you will need to re-grant permission to the app if you wish to use it again.

Source: Google adds new privacy controls in Android 11 launch

Popular fertility app Premom shared data without user consent

The popular fertility app Premom asks users to upload details about their sexual health to receive personalized, remote analysis to help predict how to get pregnant.

But Premom’s app for Android was also collecting a broad swath of data about its users and sharing it without their permission with three Chinese companies focused on advertising.

While many apps use third parties to collect analytics or target ads, IDAC researchers say Premom users had no way of opting out of this tracking by both the app and the third parties that received their data, which IDAC contends was a violation of Google’s rules.

Source: Popular fertility app Premom shared data without user consent, researchers say – The Washington Post

TikTok found to have tracked Android users’ MAC addresses until late last year

Until late last year social video app TikTok was using an extra layer of encryption to conceal a tactic for tracking Android users via the MAC address of their device, which skirted Google’s policies and did not allow users to opt out.

Analysis found that this concealed tracking ended in November as U.S. scrutiny of the company dialed up, after at least 15 months during which TikTok had been gathering the fixed identifier without users’ knowledge.

Source: TikTok found to have tracked Android users’ MAC addresses until late last year | TechCrunch

Android user chucks potential $10 billion lawsuit at Google

Google “abuses Android OS to obtain a competitive advantage”, according to a lawsuit filed this week alleging that the Alphabet offshoot “secretively monitored and collected users’ sensitive personal data” to develop apps to compete with TikTok, Facebook, and Instagram.

The putative class-action suit also alleged that Google was gathering info from TikTok specifically in order to unfairly compete against TikTok with a competing video platform app called ‘Shorts’.

Source: Android user chucks potential $10bn+ sueball at Google over ‘spying’, ‘harvesting data’… this time to build supposed rival to TikTok called ‘Shorts’ • The Register

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Bug Affecting Over A Billion Phones Could Let Malware Hijack Legitimate Apps.

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

Source: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender.

The malware, named Mandrake by the threat intelligence agency, featured a three-part structure that allowed its operators to evade detection by routine Google scanning.

Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

Source: Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps • The Register

Austrian citizen files GDPR legal complaint against Google over Android Advertising ID

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that this data is illegally processed.

The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google’s Android operating system generates the advertising ID without user choice as required by GDPR.

Source: Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID • The Register

Android Users Battling Google Can’t Seek Intervention By Appeals Court

A group of Android users have lost another round in a privacy battle with Google over alleged location tracking.

U.S. District Court Judge Edward Davila in San Jose, California rejected the Android users’ request to immediately appeal his earlier ruling dismissing their claim that Google violated the California Invasion of Privacy Act.

Source: Android Users Battling Google Can’t Seek Intervention By Appeals Court 04/17/2020

Thousands of Android apps contain undocumented backdoors

A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldn’t expect to exist.

For example, ability to reset user passwords, bypass payment interfaces, initiate hidden behaviours using secret commands, or just stop users from accessing specific, sometimes political content.

This isn’t necessarily about outright malicious apps so much as legitimate apps taking liberties or installing with capabilities users wouldn’t expect to exist.

Source: Thousands of Android apps contain undocumented backdoors, study finds – Naked Security

1 2 3
>