Facebook cancels its all-spying, secret "research" program, Apple cancels Facebook's developer account

Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices. Read the rest

Project Atlas: Facebook has been secretly paying Iphone users to install an all-surveilling "VPN" app

The "Facebook Research" VPN is an app that circumvents Apple's ban on certain kinds of surveillance by cloaking itself as a beta app and distributing through the Applause, Betabound and Utest services, rather than Apple's App Store: users get up to $20/month, plus referral fees, to run the app, which comes with a man-in-the-middle certificate that lets Facebook intercept "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." Read the rest

Major vulnerability in 5G means that anyone with $500 worth of gear can spy on a wide area's mobile activity

Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators"). Read the rest

Australia may have just backdoored your mobile phone

A really bad new law in Australia gives police the right to force companies like Apple to 'backdoor', or create encryption circumvention alternatives, in all their products. The issue has been controversial in the U.S. for a long time, and spiked in 2016 after the mass shooting in San Bernardino. Read the rest

Android malware uses accelerometer readings to figure out if it was running on a real phone or in emulation

Malware authors have a problem: they want their software to run aggressively when no one is looking at it, but to shut down entirely if the device it's running on is actually in some malware researcher's lab. Read the rest

Vermont official fact-checks mobile carriers' coverage maps, proves they're lying like crazy

America's major cellular carriers publish maps showing that virtually the entire state is well-covered, with solid signals and 5MB/s internet speeds, but Vermonters know that this is totally untrue. Read the rest

Google Fi to carriers: don't sell our customers' location data to third parties

In the wake of this week's Motherboard scoop that the major US carriers sell customers' location data to marketing companies that sell it on to bounty hunters and other unsavory characters, Google has disclosed that they have told the carriers that supply service for its Google Fi mobile virtual network operator (MVNO) that they expect that Fi customers' data will not be sold this way. Read the rest

Samsung phone owners are upset because they can't delete the Facebook app

Samsung's sleazy deals with Facebook mean that owners of Samsung phones are not able to uninstall the Facebook apps that come pre-installed with their devices. Read the rest

Netflix walks away from App Store payments, costing Apple up to $256m/year

When Ios launched, Apple's App Store took a 30% royalty on all apps sold. App vendors responded in large part by switching to free apps that charged in-app for annual subscriptions and other fees, prompting Apple (by then the dominant smartphone seller and critical to many companies' businesses) to ban in-app purchases except through Apple, which would charge a 30% commission on the lifetime revenues from each user. Read the rest

Phones without headphone jacks suck

Techcrunch's Greg Kumparak started agitating for phones to have standard 3.5mm jacks in the 2000s, rejoicing when the original Iphone shipped with one; now, two years after Apple took away the phone jack (and after most of the major phone manufacturers followed suit), he's still lamenting the loss: my original Pixel finally died (I can no longer find charging cases to make up for its limping battery) and I've ordered a Pixel Three and the stupid dongle that lets you charge your phone while plugging in standard headphones -- it hasn't arrived yet and I already hate it. As a heavy traveler who is very reliant on a phone for translation, itinerary management, mobile hotspot, etc, the last thing I needed was another dongle to manage, another device-class to charge, another charger to carry, and another hard-to-source component to lose or break while I'm between cities. (Image: Bribass) Read the rest

Surveillance libraries in common smartphone apps have amassed dossiers on the minute-to-minute movements of 200 million+ Americans

An investigation by the New York Times into the shadowy world of location-data brokerages found a whole menagerie of companies from IBM, Foursquare and the Weather Channel to obscure players like Groundtruth, Fysical and Safegraph, who pay app vendors to include their tracking code in common apps. Read the rest

Chinese Iphone ownership is a marker of membership in the "invisible poor"

China's "invisible poor" are poor people who successfully project a facade of affluence through consumer goods, clothing, etc: a research report from Shanghai's MobData found that Iphone ownership is strongly correlated with membership in the "invisible poor," with the median Iphone owner being an unmarried woman aged 18-34, with no post-secondary education and a monthly income of less than RMB3,000 (USD430). Read the rest

For $20, you can make a DIY Stingray in minutes, using parts from Amazon

Stingrays were once the most secretive of surveillance technology: devices whose existence was so sensitive that the feds actually raided local cops and stole their crime files to stop them from being introduced in court and revealing the capability to spy on cellular phones. Read the rest

Taiwan's "Pokemon Grandpa" has 15 phones arrayed around his bike handlebars

70 year old Taipei fengshui master Chen San-yuan is known locally as "Pokemon Grandpa," and is a viral sensation thanks to the 15 phones he's mounted on his handlebars to help him play the 2016 augmented reality game Pokemon Go; his rig cost about $4,000 and he spends another $300/month on virtual currency to help him level up in the game. He says that playing the game keeps him socially connected and delays the onset of Alzheimer's. (Image: Reuters) (via Kottke) Read the rest

Apps are using "silent notifications" to track you after you uninstall them

A new generation of commercial trackers from companies like Adjust, AppsFlyer, MoEngage, Localytics, and CleverTap allow app makers like Bloomberg, T-Mobile US, Spotify Technology, and Yelp to covertly track when you've uninstalled apps: the trackers send periodic "silent notifications" to the apps you've installed, and if the apps are still installed, they ping the trackers' servers. If they don't hear back from you, they assume you've uninstalled the apps. Read the rest

Indie UK mobile carrier announces a Tor-only SIM that blocks unencrypted data

Getting all your data to flow through the Tor network can be tricky -- the desktop Tor Browser only tunnels your web-traffic through the privacy-protecting service, and the mobile apps can be tricky and uncertain. Read the rest

Google to charge hardware makers up to $40 per device for Android mobile apps

Google [Alphabet Inc.] will soon charge hardware companies up to $40 per device to use Google apps, under a new licensing plan that will replace one struck down by the EU earlier this year as anti-competitive, reports Reuters. Read the rest

More posts