Friday, January 23, 2015

WHAT ARE YOUR APPS SHARING ABOUT YOU ?

WHAT ARE YOUR APPS SHARING ABOUT YOU ?
The season of giving never ends for smartphone users. We’re giving out names, addresses, contacts, sensitive photos, our shopping habits and even our location to apps we’ve downloaded and websites we’ve visited. Gary Miliefsky, founder of Snoopwall, a “counterveillance” (a merger of counter and surveillance) software company in Nashua, N.H., says consumers should get their heads out of the cloud and start thinking about protecting their privacy on mobile devices and laptops.
BY KEVIN HUNT THE HARTFORD COURNT

TBL: Do people realize how much information they’re giving away when they download an app?

A: Let me ask you a question: How many apps do you have on your smartphone? (About 40.) There you go. We all have about 40 or 50 apps. I don’t know why people have given away their privacy, their security and their safety for free apps and convenience.

But nobody checks the app vendor’s website, nobody sends an email to their support team to say, “Are you real? Where are you located? How come I can’t find your phone number?”

I’ve had arguments with people where they’ve literally had cognitive dissonance and they will argue till they’re blue in the face that there’s no way a free flashlight app is spying on them, especially for another government. We’ve defiled the source code and we do packet-traces to China. It’s just crazy.

TBL: It’s the third-party flashlight apps that are a problem.

A: The built-in iPhone flashlight is a widget, part of the operating system in a way. So, yes, the built-in flashlight app is safe, I would assume. It’s the third-party flashlight apps. There are 500 in the iTunes store.

I was on Wall Street with a guy who said, “There’s no way my iPhone isn’t safe.” I said, ‘Do you have any third-party flashlight apps?’”

Guess which one he has? Surpax, No. 1: The worst piece of malware in the world.

TBL: What will happen if he leaves it on his phone?

A: On an iPhone, you’re not being eavesdropped on until you run the app. On an Android, if you download the second-most popular flashlight app, Brightest Flashlight from GoldenShores Technologies, it turns your light on without your permission, loads their privacy policy over the Internet

— which means it’s taking an Internet connection without your permission — and it brings up 25 pages of crap saying, “I’m eavesdropping on you, I’m geolocating you, I’m spying on you,” so that they’ve complied with the FTC ruling (a 2013 settlement over privacy violations).

And if you hit ‘accept,’ you’re in trouble. If you don’t hit accept and just cancel and close, it’s still running in the background! What am I missing?

TBL: Most apps do this. Why is it allowed?

A: Are you ready for the industry’s dirty little secret? Google, Apple, Microsoft Phone, Blackberry — all these devices have tool kits for developers to make apps that make money. The tool kits include the ability to turn on all the ports — hardware input/output ports, GPS, Wi-Fi, Bluetooth, NFC, microphone — you’ve literally created a spyware developer’s kit to monetize advertising networks. That’s the dirty little secret.

TBL: So you’re recommending people go from 40 apps down to the essential eight, nine or 10?

A: Yes.

TBL: How should people approach passwords?

A: Would you ever use an exclamation or a dollar sign? Or a zero instead of an O? Or a three instead of an E? If you just do that — you take the same password you’re using today and you add some different characters, the chances it will be exploited from a brute-force attack go down dramatically. TBL: You recommend people change their passwords often. That doesn’t happen.

A: Look at the Sony Pictures (hack), how many passwords (revealed) were simple passwords. It’s crazy.

TBL: You seem to think the Sony hack is a “Revenge of the Nerd” thing by North Korean leader Kim Jong Un because of the studio’s film, “The Interview.” Still believe that?

A: Yes. Call me a geek with a personality, but the guys I know at Norse (the cybersecurity firm) track all the packets but they don’t have a personality. They say, “I’ve traced the packet and it’s a former Sony employee. He did it!” Just because there are some packets hitting Sony from this guy’s house doesn’t mean that he did it. In fact, if you want to misdirect people, you’re going to do things to throw some cookie crumbs out there. The North Korean cyberarmy is very smart. I have a lot of data that tells me this is a North Korean act, even if it gets tracked from coming down through Japan or a server in South Korea.

TBL: What about Facebook?

A: Business people should be thinking about Facebook as a social media tool. But for consumers, I would call Facebook creepware. Messenger is creepware. You give up privacy for convenience: Hey, I want to tell my 2,000 friends that I’ve never met that I just had a cheeseburger.

TBL: Uber?

A: I trust Uber. I do know Uber is spying on me in a way. My only fear, of course, is they’ve got my credit card, they’ve got a lot of info. Their back-end cloud database is going to be hacked by criminals in China or India or Brazil or Russia or some other country at some point soon.

TBL: It seems as if every site you visit is tracking what you do.

A: Yes. I would call AdChoices (a program ostensibly designed to protect users’ privacy) malware, but they would tell you they’re a smart monetizing business model. Let’s say you’re visiting your relatives for Thanksgiving and they don’t even know you have a dog and you’re at their house and you log in and check your Gmail.

Then you type in Google search, “organic dog food.” Then you go on your Android smartphone and the next ad you see is going to be Blue dog food on sale at Petco. You’re going to say, “Wow, I didn’t even know they could predict I was thinking of going to Petco right now. Why is this on my smartphone — I’m not even on my relative’s computer.” That’s how bad it is.

No comments:

Post a Comment