Here is the Proof
In my yesterday’s blog ,
I had envisaged the extent to which
Google compromises privacy of our personal data
Then I came across the following in today’s Mumbai
Mirror :
“ Few Android Apps track all you do on your smartphone “
Three quarters of Android apps are
using “clandestine
surveillance software” to track everything users do on their smartphones, according to a new
report.
Researchers at Yale University’s Privacy Lab and French non-profit
organisation Exodus Privacy conducted a study into 25 known “ trackers ”, which are used for
targeted advertising, behavioural analytics, and location tracking.
In their analysis of
over 300 apps, more
than 75 per cent
were found to contain the signatures of these trackers — including popular
Google Play apps such as Uber, Tinder, Skype, Twitter, Spotify and Snapchat.
What’s more, the
researchers said that many Android users don’t realise that these trackers
are on their phones, and are often unaware that their personal information is being
shared.
One Google-owned
tracker called Crashlytics — used by Tinder,
Spotify, Uber and OKCupid among others — is designed to track app crash
reports, but also allows developers to “get insight into your users, what
they’re doing, and inject live social content to delight them”.
Another, called FidZup, can “detect the presence of
mobile phones and therefore their owners”, using ultrasonic tones that are
inaudible to the human ear, according to Exodus.
Meanwhile, one app
developed by multinational insurance and financial firm AXA was found to
contain six trackers.
EXACTLY WHAT
INFORMATION IS SHARED IS UNKNOWN, BUT THE DATA STORED BY THE APP IS EXTREMELY
SENSITIVE.
“Publication of this
information is in the public interest, as it reveals clandestine surveillance software that is unknown to
Android users at the time of app installation,” said Sean O’Brien and Michael
Kwet, visiting fellows at Yale, in a blog post, adding,
“Lack of transparency
about the collection,
transmission, and processing of data via these trackers raises serious privacy
concerns and may have grave
security implications for mobile software downloaded and in active use by
billions of people worldwide.”
The researchers are now
calling on app developers, as well as Google, for “increased transparency into
privacy and security practice as it relates to these trackers”.
Although the study
didn’t examine iOS apps, the researchers warn that the situation may be no
better on Apple’s App Store.
“Many of the same
companies distributing Google Play apps also distribute apps via Apple, and
tracker companies openly advertise Software Development Kits (SDKs) compatible
with multiple platforms,” said O’Brien and Kwet.
“Thus, advertising
trackers may be concurrently packaged for Android and iOS, as well as more
obscure mobile platforms.”
Add to the above , what Times of India reports today
as follows :
“ Google detects app stealing info from
phones “
Google has detected an app ‘ Tizi ’, which has been stealing information
from call records and also from social media apps like Facebook, WhatsApp, and also takes pictures from mobile phones without even
displaying them on screen of the device.
“Tizi
is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications.
The Google Play Protect security team discovered this family in September 2017,
when device scans found an app with rooting capabilities that exploited old
vulnerabilities,” a post on Google security blog said.
The company has removed the app from
Play Store, notified all known affected devices and suspended account of the
app developer, the post dated November 27 said. The post said that earlier
variant of Tizi did not have rooting
capabilities. It developed later on and thereafter started stealing sensitive information from devices.
“The rooting capabilities give an app full control of the device. It can bypass all
restriction poised on it by the Android security system. An app with rooting is like a user using the
device. The presence of such app on Google
Play Store raises concerns around secure apps on the Play Store,” cyber
security expert Jiten Jain said.
Tizi’s backdoor capability is common to commercial spyware, such as
recording calls from WhatsApp, Viber, and
Skype, sending and receiving SMS messages, and accessing calendar events, call log, contacts,
photos, Wi-Fi encryption keys, and a list of all installed apps.
“Tizi apps can
also record ambient audio and take
pictures without displaying the image on the device’s screen,” the post
said. The post said that in and after April 2016, vulnerabilities in devices
which could have been affected by Tizi were fixed with new software codes.
“If a Tizi
app is unable to take control of a device because the vulnerabilities it tries
to use are all patched, it will still attempt to perform actions through high
level of permissions it asks the user to grant
to it, mainly around reading and sending SMS messages and monitoring,
redirecting, and preventing outgoing phone calls,” the post said.
Dear Members of Committee on
Data Protection Law :
Any idea how the proposed law will deal
with the owners / developers of these hundreds of Apps and succeed in suing /
punishing them – and in which court ?
30 Nov 2017
Warm Regards,
Hemen Parekh
+91 98675 50808
Just Ask Google !
===========
Dear Members of Srikrishna Committee (
on Data Protection Law ) :
It is safe to assume that all of you
carry a GPS enabled smart phone and synced it with your E Mail / SMS
Most likely , you have also installed WhatsApp / Skype
or FaceTime / Play Store /
Weather App / Google
Map / Street View /
Calendar / Clock / Calculator
etc
Without doubt , your
smart phone is installed with a Mobile Wallet App ( most likely, BHIM , linked with your Aadhar ID and your Bank Account
)
You may have a UBER or OLA , taxi-hailing App , which would have captured every trip
you undertook ( from WHERE to WHERE )
Now the agenda / date / time and venue of
this meeting which you are attending right now was , without doubt , conveyed
to you using some “ Messaging Service “
, over your phone
So , Google ( or Apple or Samsung )
knows , WHO you are , WHERE you are and WHAT you are discussing right now – and with WHOM !
And if the Convener of the meeting
ordered some food ( for serving after the meeting ) , using some APP on his
smart phone , then Google also knows what you
are eating !
And if the MINUTES
of that meeting is sent for your OK over email , Google knows that as
well !
No doubt , each one of you, at some time
or other , must have conducted a Google Search by entering your own name
in its search bar to know what Google knows
about you
But those Search Results won’t tell you
that Google also knows the following things about YOU
:
· Who I am ( name )
· Where
and when, I was born / who were my parents
· Where
I grew up / where I live currently
· Do
I live in a rented place or in an owned flat
· What
Schools / Colleges I attended ( - and degrees I acquired )
· What
Companies I worked for and salaries I got
· How
I travel to work ( own vehicle or public transport )
· Where
I go for my holidays / what books I read
· Who
I married and who are my children ( - and how many )
· If
divorced , how much alimony I pay and to whom
· Where
I invest my money ( Banks – Funds – Equity etc )
· How
much I have borrowed from whom and for how long
· My
Credit ranking ( including my spending history / card wise – wallet wise
)
· What
are my eating ( food ) preferences and the restaurants I visit
· What
I do for entertainment ( Music / Movies / Videos )
· What
clothes I wear and how often do I buy
· Who
are my friends and how often I phone / text them / meet them
· What
ailments I suffer from and what medicines I take
· What
minor offences ( traffic ) or crimes that I have committed
· What
elections I have contested ( won and lost )
· Who
are my doctors / lawyers / brokers / agents etc
· What
web sites I visit and how often and for how long
· What
do I search on the Net / What RSS feeds I subscribe to
· What
TV channels I watch and Radio Stations that I listen to
· Every
photo of mine ever taken ( selfie or otherwise )
· Every
phone call that I ever made or received
· Every
Email / Text message that I ever sent or received
· Every
blog / comment that I ever posted on the Web
· Every
face-to-face communication that I engaged in
Readers
are requested to forward this to the following members of the Committee :
29 Nov 2017
Warm Regards,
Hemen Parekh
+91 98675 50808
7 Pillars of Data
Protection Law
=======================
Times of India ( 28 / Nov ) carries following news :
“ The 7 Pillars of Data Protection Law ,
according to Srikrishna Committee “
These are :
·
A
firm and legal framework
·
Technology
Agnosticism
·
Data
Minimization
·
Informed
and meaningful Consent
·
Accountability
of Data Controller
·
Penalties
for Wrongful Processing
·
Enforcement
of Data Protection Framework
The white paper put out by the Committee , inviting
suggestions from public , notes :
“ Biggest challenge in regulating
emerging technologies such as big data, artificial intelligence and the
Internet of Things, lies in the fact that they may operate outside the
framework of traditional privacy principles .
The advent of the Internet of Things
also poses a challenge to the degree of anonymity that can be achieved
New devices capture data in forms which
are unique . an example is that of a person’s gait being uniquely identified by
a wearable activity tracker. Such data can perhaps never be completely
identified . The current methods of using aggregated anonymised data might not
be secure enough when applied to such data “
For a list of 229
questions on which citizen opinions are
solicited , read :
My own suggestions sent earlier to the
following members of the Committee are linked below . Should you agree with
these , just forward this mail to the following
E Mail IDs :
Ensure that YOUR voice
is heard !
MY SUGGESTIONS :
28 Nov 2017
=====================
With Regards,
hemen
parekh
(
M ) +91 - 98,67,55,08,08