Your apps are spying on you

Awareness around data integrity is improving every day, but are your efforts to shore up your sensitive personal information in vain?

Unfortunately, the answer appears to be yes.

Have you ever had a phone conversation about a brand or product, only to hop onto your browser later that day and be inundated with ads for the same product?

It’s enough to make anyone do a double take, and it’s been the source of an old legend: our phones record our conversations.

In their 2018 study, undergraduate Elleen Pan and doctoral candidate Jingjing Ren set out to test this very theory, analysing over 17,000 of the most popular Android apps.

The result?

9,000 of those apps had the potential to be unfaithful to the user.

While no evidence was found of recorded conversations, the apps in question took screenshots of activity before forwarding them onto third parties.

Oh dear.Oh dear.

That’s just a tad horrifying.

David Choffnes, who was one of two computer science professors who oversaw the study, commented on the findings: “We found that thousands of popular apps have the ability to record your screen and anything you type.

“That does include your username and password, because it can record the characters you type before they turn into those little black dots.”

“We knew we were looking for a needle in a haystack,” Choffnes said, “and we were surprised to find several needles.”

Although the privacy breaches over the course of the study were largely benign, it drives home just how easy it could be for your phone to be exploited for cash.

“This opening will almost certainly be used for malicious purposes, it’s simple to install and collect this information,” said Christo Wilson, the other computer science professor on the research team.

“And what’s most disturbing is that this occurs with no notifications to or permission by users.

“In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers.”

It should be noted that while the study was only conducted on Android apps, the study concluded that iOS apps were likely guilty of similar breaches.

So, how do we combat this betrayal?

Android Q teases new and improved privacy controls

While there’s no quick fix for this loophole, greater app security is a major point of emphasis in the upcoming Android Q release.

In the new edition of the popular OS, a status bar feature displays when sensitive phone permissions are in use and which apps are responsible.

Source: arstechnica Source: arstechnica

Among these fresh features will be a list that displays:

  • Apps by most frequently accessed permission
  • Apps by most permission use
  • Apps that gained recent permission access

This will be a significant upgrade over Android’s current permission screen, which is a simple series of on/off switches.

Other improvements include greater visibility on why apps need certain permissions and GPS services being actively turned off when an app is running in the background.

In theory, these updates should help users make informed decisions around which apps could be up to no good.

[“source=finfeed”]

Mobile apps may or may not be collecting your child’s data—but here’s why you should assume they are

This week two democratic senators are calling on federal regulators to investigate if children’s apps are tracking their data.

Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut sent a letter on Wednesday to the Federal Trade Commission, writing they are concerned that numerous apps are potentially violating the law.

Without explicit parental consent, it is illegal to collect data on children under the age of 13 according to the Children Online Privacy Protection Act, which went into effect in 2000.

This comes after last month when the New Mexico Attorney Generalsued the maker of app Fun Kid Racing, as well as the online ad businesses run by Google, Twitter and three other companies.

The suit accused the companies of violating the law, and that Google misled parents by allowing apps to remain in its Google Play store children’s section after it was notified by researchers that thousands of apps may be tracking young children.

“The problem is this – we don’t know where the onus lies,” New York Times reporter Edmund Lee told CNBC’s “On the Money” in an interview.

Lee says the law isn’t clear on whether it should be the platform such as Google or Apple to make sure the apps in their stores are complying with the law, whether it’s up to the game developer or if it should be up to the third party data firm tracking the data.

“So there’s a whole system in place that everyone keeps passing the buck and there’s no case law yet,” says Lee. “Even the legislation – it’s not entirely clear who is ultimately responsible.”

Fortnite

So what should a parent do if they are concerned their child is being tracked?

Lee says, “You should just assume it’s going to happen you should assume you’re going to be tracked.”

“Right now it’s the ‘Wild West’ there are very few protections, few sort of places of enforcement around it, and that’s why it’s hard as a parent and as a kid to navigate,” he added.

However, Lee notes most of these are harmless games, and the tracking data is used for advertising purposes, which is how these companies make money.

For parents worried about their child’s privacy – Lee says he tells his own daughter to keep her communication online only with people she knows.

“You’re not going to be able to look and know every single piece of data that’s being floated out there until there’s legislation and case law in place. But in the meantime make sure you know who your kid is talking to and it shouldn’t be strangers and it shouldn’t be someone they just met online.”

[“source=businessinsider”]

Google ‘App Maker’ Low-Code Tool for Building Business Apps Now Generally Available

Google 'App Maker' Low-Code Tool for Building Business Apps Now Generally Available

HIGHLIGHTS

  • App Maker is G Suite’s low-code application development environment
  • Google first launched the App Maker in November 2016
  • App building tool would allow developers access to 40 Google services

Google has made App Maker, its low-code tool for building business apps, generally available and open to all developers, a year and a half after the launch of its beta version.

“Today, we’re making App Maker generally available to help you rethink how your teams operate,” Geva Rechav, Product Manager, App Maker, wrote in a blog post late on Thursday.

“App Maker is G Suite’s low-code application development environment that makes it easy for teams to build custom apps to speed up workflows and make processes better,” Rechav added.

Google first launched the App Maker in November 2016 and made it available through its Early Adopter Program for G Suite Business at that time.

It was created with the idea of enabling line-of-business teams to create bigger apps, revamp company processes, resolve help desk tickets and more.

The new features include a built-in support for Cloud Structured Query Language (SQL), responsive templates, a drag-and-drop user interface design and declarative data modelling.

It would also come with Expanded OAuth Whitelisting controls to let administrators prevent apps from running without their approval.

In addition, the app building tool would allow developers access to 40 Google services including Gmail, Google Calendar, Sheets and other data sources, Rechav said.

The App Maker is now available to all G Suite Business and Enterprise customers, as well as G Suite for Education customers.

[“Source-gadgets.ndtv”]

Twitter is going to make third-party apps worse starting in August

Photo by Amelia Holowaty Krales / The Verge

Twitter has long had a strange disdain for third-party Twitter apps, but it’s allowed many of them to pass under the radar for the last several years. That’s starting to change this summer, when Twitter will revoke a key piece of access that developers currently have to the service, replacing it with a new access system that limits what they can do. The changes aren’t going to make third-party Twitter clients useless, but they are going to make the apps somewhat worse.

The changes, which go into effect August 16th, do two main things: first, they prevent new tweets from streaming into an app in real time; and second, they prevent and delay some push notifications. Neither of these are going to break Twitter apps completely, but they could be very annoying depending on how and where you use it.

The first change means the Twitter timeline has to be manually refreshed. That’s not necessarily a huge deal on mobile, as you’re probably used to pulling to refresh the timeline anyway. Luke Klinker, the developer behind the Android Twitter client Talon, said that only 2 to 3 percent of his users ever turned on the auto-refresh feature, or what’s known as streaming to Twitter client makers, because it was such a drain on battery. Craig Hockenberry, a senior engineer at Iconfactory, which makes Twitterrific, said it would be a bigger problem in some scenarios, like when you’re watching an event on TV. “Pulling to refresh in those cases works, but is awkward and feels ‘slow,’” he writes in an email to The Verge.

On the desktop, the lack of streaming could be a bigger issue. Twitter apps can still request that your timeline be refreshed, but they can only do it so often. If you’re the kind of person who absolutely needs to see every tweet the second it’s tweeted, that’ll be a problem.

But it might still be fine for some users. Tapbots co-founder Paul Haddad, who’s behind the Mac and iOS app Tweetbot, says that his apps are already set up to automatically check Twitter for updates “every so often” when a user has streaming disabled. “As an anecdote, we’ve had users running without streaming for months for one reason or another and not even notice,” he writes in an email to The Verge.

Push notifications could be more of a problem. On mobile, it sounds like they’re either going to vanish or be severely limited. Klinker has never had access to the developer tools that allow for push notifications, so the Talon app has never supported them. He has been able to create workarounds, like having the app occasionally request updates in the background, but it can’t receive all types of notification and, again, it’s a drain on battery.

That’s an annoying change, especially since the type of people who download third-party Twitter apps are probably the type of people who like to stay engaged on Twitter. It could also be a major issue for Twitterrific, which is available for free on iOS but charges $3 for access to notifications. That in-app purchase is Twitterrific’s “primary revenue stream,” according to Sean Heber, an engineer at Iconfactory. The feature will essentially be broken, or at least partially broken, once Twitter enacts these changes. “So this is a big problem,” he wrote in a tweet.

On the desktop, notifications will be limited, but not as dramatically. Haddad says that like and retweet notifications will stop working on Tweetbot for Mac, and other notifications will be delayed by one to two minutes.

There may be other, unexpected issues too. Heber said it’s still unknown if direct messages will work on mobile. Haddad said he expects issues on mobile to primarily revolve around push notifications, but that he wasn’t ready to detail the exact impact yet.

Twitter will offer developers a way to buy access to a new API that will enable all the old, real-time features. But the service appears to be extremely limiting and prohibitively expensive for consumer app developers. I suspect it’s likely meant for companies doing data analysis or offering financial services; something that can be sold for much more money. Twitter’s pricing comes out to $11.60 per user per month, and that’s only if an app doesn’t go above 250 users. Any more than that and they have to negotiate a deal for greater access. And given Twitter’s well-known disinterest in third-party Twitter apps, it’s unlikely this would be an option for developers.

While developers aren’t exactly thrilled with the way Twitter’s changes have turned out, it sounds like they aren’t too shaken either. “We’d obviously prefer to continue to offer things in as real-time a manner as possible, but not being able to do that is not the end of the world,” Haddad said.

Klinker said most users of Talon and other recent Android Twitter apps won’t notice any changes, since they never had access to push notifications anyway. They also aren’t likely to get some new Twitter features, he said, like polls. “My users won’t see any changes, but Twitter has restricted what I hoped to be possible for the future,” he wrote. Klinker said he was excited for the API changes because it could have finally granted his app access to notifications, but Twitter’s pricing makes it “clear that push notifications for third-party apps is the last thing Twitter wants these APIs used for, which is disappointing.”

Twitterrific for iOS should “mostly keep working without push, in theory,” wrote Heber. He said Iconfactory will “still expect to keep the app running with reduced functionality for as long as we can.”

“One thing I’m concerned that Twitter doesn’t understand: a lot of the folks who use our apps are longtime users who are highly engaged with the service,” Hockenberry said. “These folks aren’t served well by the official client and are likely to find a different outlet for their social media needs.”

[“Source-theverge”]