fbpx

Download free GDPR compliance checklist!

Tag Archives for " Android "

Android surveillanceware operators jump on the coronavirus fear bandwagon

Researchers have uncovered a mobile surveillance campaign that has used more than 30 malicious Android apps to spy on targets over the past 11 months. Two of the most recent samples are exploiting the coronavirus by hiding off-the-shelf surveillanceware inside apps that promise to provide information about the ongoing pandemic.

One of the apps, “corona live 1.1,” is a trojanized version of “corona live,” a legitimate app that provides an interface to data found on tracker from Johns Hopkins University. Buried inside the spoofed app is a sample of SpyMax, a commercially available piece of surveillanceware that gives attackers real-time control of infected devices.

A second app used in the same campaign is called “Crona.” The campaign, which has been active since April 2019 at the latest, was discovered by researchers from mobile-security provider Lookout.

Source: Android surveillanceware operators jump on the coronavirus fear bandwagon | Ars Technica

Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media

One former employee said the secret company called Pink Unicorn Labs was doing the same thing as Cambridge Analytica, “but more nefariously, arguably.”

Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. This was done to avoid detection by social networks. The news signifies an abuse of data by a government contractor, with Banjo going far beyond what companies which scrape social networks usually do.

Source: Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media – VICE

Forensics detective says Android encryption now superior to iPhones

According to a forensics detective, Android encryption has made it harder to crack Android phones as compared to iPhones. This is a reversal from the norm.

Cellebrite — one of the most prominent companies that government agencies hire to crack smartphones — has a cracking tool that can break into any iPhone made up to and including the iPhone X. The tool pulls data such as GPS records, messages, call logs, contacts, and even data from specific apps such as Instagram, Twitter, LinkedIn, etc., all of which could be incredibly helpful in prosecuting criminals.

However, that same Cellebrite cracking tool is much less successful with Android encryption on prominent handsets.

Source: Forensics detective says Android encryption now superior to iPhones

14% of Android app privacy policies contain contradictions about data collection

An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices.

Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names — which are clearly personally-idenfiable information. Self-contradictions can lead to the identification of deceptive statements, which are enforceable by the FTC and the DPAs (data protection authorities) of the EU.

Source: 14% of Android app privacy policies contain contradictions about data collection | ZDNet

Popular mobile apps aren’t protecting your personal data

Some of the most popular mobile apps are letting just anyone access your personal data. Millions of passwords, GPS locations, and financial records are sitting unprotected in plain sight. Researchers found that of the 27,227 Android apps and 1,275 iOS apps storing their app’s data in Firebase’s backend database systems, 3,046 of these apps saved data within 2,271 unsecured databases that literally anyone could access.

Source: Popular mobile apps aren’t protecting your personal data

Google unveils new security, privacy features for Android

The company is offering users personalized recommendations designed to help them to improve the security of their account. The new settings build on the “Security Checkup” introduced last fall by offering personalized recommendations designed to help users improve the security of their accounts; for example, users could be reminded to remove unverified applications allowed to access their account data.

Source: Google unveils new security, privacy features for Android | TheHill

Sophisticated Android malware tracks all your phone activities

An advanced type of malware can spy on nearly every Android smartphone function and steal passwords, photos, video, screenshots and data from WhatsApp, Telegram and other apps. “ZooPark” targets subjects in the Middle East and was likely developed by a state actor, according to Kaspersky Lab, which first spotted and identified it.

Source: Sophisticated Android malware tracks all your phone activities

Want more privacy online? ProtonMail brings its free VPN to Android.

Switzerland-based encrypted-email provider ProtonMail has released a version of its VPN, called ProtonVPN, for Android. ProtonVPN is from the same developers at CERN who built ProtonMail, a web-based email service that offers end-to-end encryption between ProtonMail users.

Source: Want more privacy online? ProtonMail brings its free VPN to Android | ZDNet

Dark Caracal: Good News and Bad News

Few days ago EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.

Source: Dark Caracal: Good News and Bad News | Electronic Frontier Foundation

>