Your apps are spying on you

Awareness around data integrity is improving every day, but are your efforts to shore up your sensitive personal information in vain?

Unfortunately, the answer appears to be yes.

Have you ever had a phone conversation about a brand or product, only to hop onto your browser later that day and be inundated with ads for the same product?

It’s enough to make anyone do a double take, and it’s been the source of an old legend: our phones record our conversations.

In their 2018 study, undergraduate Elleen Pan and doctoral candidate Jingjing Ren set out to test this very theory, analysing over 17,000 of the most popular Android apps.

The result?

9,000 of those apps had the potential to be unfaithful to the user.

While no evidence was found of recorded conversations, the apps in question took screenshots of activity before forwarding them onto third parties.

Oh dear.Oh dear.

That’s just a tad horrifying.

David Choffnes, who was one of two computer science professors who oversaw the study, commented on the findings: “We found that thousands of popular apps have the ability to record your screen and anything you type.

“That does include your username and password, because it can record the characters you type before they turn into those little black dots.”

“We knew we were looking for a needle in a haystack,” Choffnes said, “and we were surprised to find several needles.”

Although the privacy breaches over the course of the study were largely benign, it drives home just how easy it could be for your phone to be exploited for cash.

“This opening will almost certainly be used for malicious purposes, it’s simple to install and collect this information,” said Christo Wilson, the other computer science professor on the research team.

“And what’s most disturbing is that this occurs with no notifications to or permission by users.

“In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers.”

It should be noted that while the study was only conducted on Android apps, the study concluded that iOS apps were likely guilty of similar breaches.

So, how do we combat this betrayal?

Android Q teases new and improved privacy controls

While there’s no quick fix for this loophole, greater app security is a major point of emphasis in the upcoming Android Q release.

In the new edition of the popular OS, a status bar feature displays when sensitive phone permissions are in use and which apps are responsible.

Source: arstechnica Source: arstechnica

Among these fresh features will be a list that displays:

  • Apps by most frequently accessed permission
  • Apps by most permission use
  • Apps that gained recent permission access

This will be a significant upgrade over Android’s current permission screen, which is a simple series of on/off switches.

Other improvements include greater visibility on why apps need certain permissions and GPS services being actively turned off when an app is running in the background.

In theory, these updates should help users make informed decisions around which apps could be up to no good.

[“source=finfeed”]

Kaspersky Unveils New Tech to Protect Against Audio Spying

Kaspersky Unveils New Tech to Protect Against Audio Spying

To help people protect themselves from the threat of audio surveillance, Russian security software firm Kaspersky Lab has developed a method to counteract unauthorised access to microphone data on Windows devices.

The patented technology filters internal commands sent to, or received by, the Windows Audio service and indicates the creation of each new audio stream by any application.

It then uses Kaspersky Lab’s ‘Application Control’ feature, which categorises all programmes depending on their reputation, content and manufacturer.

If it recognises that an ‘untrusted’ or ‘low/high restricted’ programme is trying to access the microphone, the request is immediately blocked, the company said on Thursday.

“When it comes to audio protection, the main difficulty in the development of this technology was the existence of an audio stream multiplexing system within Windows so that several applications can record sound simultaneously,” added Alexander Kalinin, Senior Security Researcher at Kaspersky Lab.
“However, this problem was resolved easily with help of our rich kernel driver infrastructure, which includes a mechanism to control commands between Windows services,” Kalinin, who was involved in the research, said.

The method is used in the company’s flagship home solutions – Kaspersky Internet Security and Kaspersky Total Security.

Till now, no other security solutions on the market have integrated technologies to protect microphones from malicious access, the statement added.

Audio protection is part of the ‘Privacy Protection’ set of technologies included in Kaspersky Lab’s home security solutions.

It also contains Webcam Protection – which notifies users about access to their integrated or connected webcam – and the Private Browsing feature, which blocks any attempts to collect data on users via a web-browser.

 

 
[“source-gadgets.ndtv”]

UK’s Contentious Online Spying Law Passes Test in Parliament

UK's Contentious Online Spying Law Passes Test in Parliament

A proposed British law that gives police and spies unprecedented powers to look at the Internet browsing records of everyone in the country passed its first major vote in Parliament on Tuesday.

The country’s interior minister, Home Secretary Theresa May, vowed its intrusive reach would be governed by “the strongest safeguards” against abuse. Opening a House of Commons debate on the contentious bill, May said the law would provide “unparalleled openness and transparency” about the authorities’ surveillance powers.

The Investigatory Powers Bill gives law enforcement officials broad powers to obtain Internet connection records – a list of websites, apps and messaging services someone has visited, though not the individual pages they looked at or the messages they sent. It also requires telecommunications companies to keep records of customers’ Web histories for up to a year and to help security services gain access to suspects’ electronic devices.

The bill also makes official – and legal, with some restraints – the intelligence agencies’ existing ability to harvest vast amounts of bulk online data. The existence of the secretive collection schemes was exposed by US National Security Agency leaker Edward Snowden.

May said that criminals and terrorists are exploiting technology to the hilt, and “we must ensure that those charged with keeping us safe are able to keep pace.”

May wants the bill to become law by year’s end. But it is strongly opposed by civil liberties groups, who say it grants spy agencies powers that are far too sweeping.

In a letter published Tuesday in the Guardian newspaper, more than 200 senior lawyers and law professors said the bill “compromises the essence of the fundamental right to privacy and may be illegal.” They said it would likely be subject to lengthy and expensive legal challenges.

Internet companies including Facebook, Google, Apple, Microsoft, Twitter and Yahoo have also raised concerns, saying the measures could weaken encryption, which is key to ensuring online shopping and other activities can be conducted securely.

The Internet Service Providers’ Association said its members found the bill complicated and difficult to understand and believed its estimates of what it would cost to implement were “entirely unrealistic.”

Despite the criticism, the bill passed its first parliamentary vote 281-15, and will go to a committee for scrutiny. The opposition Labour Party and Scottish National Party abstained, saying the legislation should be amended before becoming law.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Apple, Edward Snowden, Facebook, Google, Internet, Microsoft, Spying, Twitter, UK, Yahoo
[“source-Gadgets”]