Connect with us

Tech

New Study Reveals Phone Apps Could Be Hiding Spyware That Can Leak Personal Data

Published

on

A new study has found that apps on your phone could be utilizing spyware to steal and leak your personal data. The study, which was conducted by computer scientists from New York University and the University of California San Diego, focused on the hidden dangers of spyware apps.

These apps may be challenging to find, and they may also unknowingly disclose your private information. The researchers issued a warning, advising smartphone users to be aware of this problem and take precautions to safeguard their privacy.

They see you: The dangers of spyware apps

The paper’s first author, Enze Alex Liu, cautioned that spyware applications are a “real-life problem.” The group, according to Liu, wished to “raise awareness for everyone, from victims to the research community.”

Spyware apps are frequently promoted as tools to keep track of children’s or employees’ online activity, but they can also be used by abusers to watch their partners.

Spyware applications are made to capture any activity on a victim’s device, including text messages, emails, phone calls, and images. Through a web interface, abusers can remotely access this data.

The use of spyware programs has been increasing, according to experts, with a notable spike in downloads and usage over the past few years.

Check your privacy dashboard and the list of all your installed apps in the settings of the device if you suspect that your phone or other device has been infected with spyware. However, these applications can occasionally be challenging to find because they are made with concealment in mind.

The study’s analysis of 14 popular spyware apps for Android phones was the primary focus of the researchers.

These apps cannot be purchased on Google’s official app store, but you may still download them individually from the internet. The lack of “side-loading” functionality on iPhones reduces the prevalence of spyware software on Apple cellphones.

Decoding spyware apps

Spyware apps run secretly on a device and it can collect a range of sensitive information like your location data, text messages and calls. These apps can even collect audio and video recordings.

A few spyware programs also offer live audio and video streaming. All of this information is subsequently transmitted to the abuser via the designated web spyware gateway.

The researchers discovered that spyware programs employ a variety of methods to gather user data covertly.Some apps even have the ability to send live video from the device’s camera to the spyware server using covert browsers.

Other applications use the device’s microphone or speaker to record phone calls. Some apps may utilize accessibility features intended for users who are blind or visually impaired to record keystrokes and other private data from users.

On your smartphone, spyware applications can also “hide” themselves. They have two options: either they don’t show up in the app launcher, or they pose as benign icons like “Wi-Fi.”

Several apps will execute these orders regardless of the source, and some apps will take commands over SMS messages. In dire circumstances, a hacker is capable of remotely wiping the victim’s phone.

Data security is still another important issue.Many spyware programs communicate the data they have obtained through unencrypted connections, leaving them open to being intercepted by other hackers.

Some apps keep this information in publicly accessible URLs, making it available to anybody with the link. Other applications will continue to save private information even after you deactivate your account or stop using them.

How to protect yourself from spyware

The researchers cautioned that in order to prevent app icons from hiding on your smartphone, Android devices must enforce stronger restrictions for app icons. Additionally, they advise creating a dashboard so you can quickly keep an eye on programs that launch automatically.

In order to warn users if someone is attempting to record them, the researchers also recommended adding a visible indicator to the user when the microphone or camera is being used by an app.

The impacted app vendors have previously been informed of the researchers’ findings, but they haven’t yet responded. The study team made the decision to restrict access to their work to those who can prove a valid need for it in order to prevent misuse.

It takes a team effort from all parties involved, including users, smartphone makers, app shops, and law enforcement organizations, to effectively protect consumers against spyware.

As smartphone users, you must stay vigilant and take steps to protect your privacy.

Here are some tips that will help protect your device from spyware:

Download apps from official app stores

Never download applications from untrusted or unauthorized websites.

Use the Apple App Store or Google Play Store to download apps. Strict security controls are implemented by official app stores to reduce the possibility of programs containing spyware.

Review app permissions

Check the permissions asked during installation when downloading a new app.

If an app requests extra permissions that don’t seem to be necessary for its functionality, look over the app again. An app may be spyware if it demands access to your camera, microphone, or other sensitive data without a valid justification from you while having nothing to do with taking movies or images.

Update your device regularly 

It’s best to keep your smartphone’s operating system (OS) and apps up to date. Developers release regular updates to fix security vulnerabilities and enhance overall device security.

Updating your apps and phone OS can help ensure that your smartphone has the latest security patches to protect against potential spyware threats.

Regularly review app permissions

Regularly review the permissions granted to all apps installed on your device. Revoke unnecessary permissions for apps that do not require access to certain data or functions.

Limit app permissions to minimize the risk of unauthorized access to your personal information.

Download antivirus software

Protect your data with antivirus software from the official app store.

Trusted antivirus or anti-malware software will scan your device for any malicious software, including spyware and provide real-time protection against potential threats.

Check app reviews before downloading

After an app catches your eye, make sure it’s safe to download by reviewing recent app reviews and ratings.

Watch out for suspicious or negative reviews that mention privacy concerns or unusual behavior. This will help you make informed decisions about which apps to trust, especially if they are promising features that seem too good to be true.

Use strong passwords

Secure your smartphone with a strong password, PIN or biometric authentication.

Strong passwords will add an extra layer of protection, making it more difficult for unauthorized individuals to install spyware or gain access to your device without your permission.

Do not use open Wi-Fi networks

Connecting to open Wi-Fi networks that do not require a password or use encryption may seem convenient if you need an internet connection, but this can also risk your data.

Open Wi-Fi networks can be used to spy on all of your online activity. Worse, a cybercriminal can create a fake Wi-Fi hotspot to fool users to connect to it and steal their data.

For example, instead of taking you to your bank’s website, the open Wi-Fi network could direct you to a page that looks similar. But the fake website will steal your password when you try to log in.

Protect your online privacy and data by only connecting to secure Wi-Fi access points that you know and trust. Don’t just connect to anything you find, especially if it’s an open network.

Malicious apps

Like the Trojan Horse trick in Greek mythology, malicious apps might seem beneficial, such as offering free access to something that should cost money. But they actually contain a virus.

After installing them, your entire smartphone could be locked. Hackers might also use malicious apps to steal your data and threaten you for money.

Sometimes, the virus might secretly transfer money to a hacker’s account via your phone’s online banking app.

The best way to prevent these attacks is to avoid these malicious apps in the first place.

Do not download apps that promise free access to premium content and avoid apps that aren’t available in official app stores.

Educate yourself 

Check trusted sources for detailed updates about the latest spyware threats and share this information with your loved ones.

Raising awareness about the dangers of spyware can help create a safer digital environment for everyone.

Your privacy is valuable, and taking steps to protect it is essential in today’s digital age. Follow these tips and stay informed to protect against spyware and secure your personal information.

SOURCE: https://studyfinds.org/is-your-phone-spying-on-you/

The study conducted by computer scientists from New York University and the University of California San Diego, focused on the hidden dangers of spyware apps.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

USPS Caught Sharing Customer Information with Meta, LinkedIn, and Snap

Published

on

The U.S. Postal Service (USPS) has been exposed for sharing the personal information of millions of Americans, including customer addresses, with major tech companies Meta, LinkedIn, and Snap. This alarming revelation, uncovered by TechCrunch, has sparked significant concern over privacy violations and the potential doxxing of USPS customers.

TechCrunch’s investigation revealed that USPS was sharing customer information through hidden data-collecting code, commonly known as tracking pixels, embedded across its website. These pixels are designed to collect user data, such as pages visited, each time a webpage loads in the customer’s browser. Shockingly, the data collected included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to preview images of their incoming mail.

It remains unclear how many individuals were affected or the duration of this unauthorized data sharing. As of March 2024, the Informed Delivery service had over 62 million users, indicating the potential scale of this breach.

In response to TechCrunch’s findings, USPS spokesperson Jim McKean stated, “The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products. The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media.”

McKean added that USPS has taken “immediate action to remediate this issue,” but did not specify the measures taken. Further comments were declined.

When approached for comment, Facebook spokesperson Emil Vazquez emphasized that their policies prohibit advertisers from sending sensitive information via their Business Tools. Vazquez noted, “Doing so is against our policies, and we educate advertisers on properly setting up Business Tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”

Spokespeople for LinkedIn and Snap did not immediately respond to TechCrunch’s requests for comment.

TechCrunch’s testing confirmed that the USPS website shared postal addresses of logged-in customers with Meta, LinkedIn, and Snap. This was verified by inspecting network traffic using tools available in most modern browsers. The data-collecting code was found to scrape customer addresses from the Informed Delivery landing page after login and transmit this information to the aforementioned companies.

In addition to addresses, other data, such as information about the user’s computer and browser, was collected. Although this data appeared pseudonymized, researchers have long cautioned that pseudonymous data can still be used to re-identify individuals.

Tracking numbers entered into the USPS website were also shared with various advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest, and Snap. This included some in-transit tracking data, such as the real-world location of mail in the postal system, even when customers were not logged in.

USPS has not disclosed whether it will request the tech companies to delete the collected data. Additionally, the USPS Office of Inspector General, the federal watchdog overseeing the postal service, has not commented on the situation.

USPS is the latest organization to face scrutiny for using web tracking code. In 2023, telehealth startup Cerebral and alcohol recovery apps Tempest and Monument admitted to sharing private health information with tech and advertising companies, prompting removal of the tracking code.

The Federal Trade Commission (FTC) has also taken enforcement action against healthcare data giant GoodRx and online therapy company BetterHelp for sharing sensitive customer data. GoodRx paid $1.5 million in fines, while BetterHelp was ordered to compensate patients $7.8 million.

This unfolding situation underscores the critical need for stringent oversight and transparency in data sharing practices to protect consumer privacy.

SOURCE: TECH CRUNCH

Continue Reading

Tech

Leaked Video Reveals Google Exec Admitting to Search Engine Manipulation

Published

on

Google is facing renewed scrutiny following the release of a video featuring Marissa Mayer, a former Google Vice President of Search Products, discussing how the company prioritizes its own products in search results. The video, shared by Rumble CEO Chris Pavlovski, has sparked significant debate and criticism, particularly concerning allegations of antitrust violations and unfair competition practices.

In the video, Mayer candidly explains that Google products are always shown at the top of search results, regardless of other metrics such as popularity or relevance. She describes how the introduction of Google Finance changed the way stock quotes were displayed, pushing Google’s own links to the forefront. Mayer contrasts this approach with the previous practice of ranking finance sites based on published metrics like Comscore, which would typically feature the most popular sites at the top.

Mayer’s remarks highlight a broader pattern within Google, where similar preferential treatment extends to other services like Google Maps. According to Mayer, after Google links, other results are ranked by popularity, but Google’s services consistently receive top billing.

This revelation has significant implications for Google’s ongoing legal battles, particularly with Rumble, a video-sharing platform that has accused Google of self-preferencing and violating antitrust laws. Rumble’s lawsuit, filed in January 2021, alleges that Google manipulates its algorithms to disadvantage competitors, including Rumble itself.

Pavlovski has indicated that Mayer’s video will play a crucial role in their legal arguments, serving as a key piece of evidence in their case against Google. He hopes that the video will demonstrate Google’s deliberate and systematic practice of prioritizing its own products, which could be seen as an abuse of its dominant market position.

The controversy raises important questions about the fairness and integrity of Google’s search engine practices. Critics argue that by prioritizing its own services, Google is not acting in the best interest of users or the competitive market. Instead, it is leveraging its vast influence to stifle competition and maintain its market dominance.

The issue of search engine manipulation is not new for Google. The company has faced multiple antitrust investigations and fines from regulators around the world. However, the detailed insights provided by a former high-ranking executive like Mayer could add weight to the arguments of those advocating for stricter regulations and greater accountability for tech giants.

As the legal proceedings unfold, the tech industry and consumers alike will be watching closely to see how the courts address these allegations. The outcome could have significant repercussions for Google and set important precedents for how tech companies manage their platforms and compete in the digital marketplace.

Continue Reading

Tech

Florida Prepares to Ban Bill Gates’ Lab-Grown ‘Meat’

Published

on

Florida lawmakers are making strides to prohibit the sale of lab-grown “meat” products within the state, driven by mounting safety apprehensions surrounding synthetic meat alternatives. Spearheaded by Bill HB 1071, these legislative efforts aim to define and restrict the distribution of “cultivated meat,” which encompasses any meat or food product derived from cultured animal cells.

Under the proposed legislation, individuals found manufacturing, selling, or distributing cultivated meat would face misdemeanor charges, with food establishments risking disciplinary actions and potential license suspensions for non-compliance.

The impetus for the ban comes amidst heightened scrutiny over the safety and viability of lab-grown meat, particularly as Microsoft co-founder Bill Gates champions significant investments into its development. While proponents of synthetic meat tout its potential as a sustainable and ethical alternative to traditional agriculture, concerns regarding its safety profile and long-term health implications have prompted Florida legislators to take decisive action.

The bills, including the Senate counterpart SB 1084, have garnered support from conventional agricultural sectors while encountering opposition from researchers and investors invested in lab-grown meat technology. Critics contend that the U.S. Department of Agriculture (USDA) has already sanctioned the consumption of lab-grown meat, pointing to approvals granted to California-based companies like Upside Foods (formerly Memphis Meats) and Good Meat. Nevertheless, the Florida Cattlemen’s Association stands firmly behind the proposed ban, reflecting broader industry sentiments aligned with safeguarding traditional agricultural practices.

Despite assertions from supporters that lab-grown meat offers a pragmatic solution to escalating concerns surrounding food safety and dwindling farmland, dissenting voices caution against its potential risks. Notably, concerns persist regarding the genetic engineering of cells and the emergence of cancer-promoting properties within lab-grown meat, as highlighted by the Center for Food Safety. Furthermore, uncertainties persist regarding the sterility of lab-grown meat production processes and the absence of adequate pathogenic control mechanisms, raising apprehensions about potential health hazards associated with consumption.

The legislative developments in Florida resonate with broader efforts across the United States to address the proliferation of lab-grown meat products. Recently, the Alabama Senate passed legislation prohibiting the sale and manufacture of lab-grown meat, underscoring a growing trend towards regulatory intervention in the realm of alternative protein sources. Additionally, federal initiatives, such as the proposed “School Lunch Integrity Act,” seek to preemptively ban lab-grown meat from government-sponsored meal programs, citing concerns over nutritional quality and allergen research.

As Florida lawmakers navigate the complexities surrounding lab-grown meat regulation, the debate underscores broader societal tensions surrounding food production, consumer safety, and the ethical considerations inherent in technological advancements. While the fate of lab-grown meat remains uncertain within Florida and beyond, the discourse surrounding its regulation underscores the need for informed policymaking and continued dialogue among stakeholders invested in shaping the future of food production and consumption.

Continue Reading

Trending