Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Leaky app data collected by NSA and GCHQ

by The Gurus
January 28, 2014
in Editor's News
Share on FacebookShare on Twitter

Free mobile applications apparently leak personal data which is collected by intelligence agencies the National Security Agency and its UK counterpart GCHQ, according to the Guardian.
 
Reports claim that both the NSA and GCHQ have developed capabilities to take advantage of “leaky” smartphone apps. The information, released by whistleblower Edward Snowden, is reportedly a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities.
 
Although what is leaked is dependent on what profile information a user had supplied, Snowden’s documents suggest that the NSA would be able to collect almost every key detail of a user’s life: including home country, current location (through geolocation), age, gender, zip code, marital status, income, ethnicity, sexual orientation, education level and number of children. Also, some app platforms allow identifying information such as exact handset model, the unique ID of the handset, software version and similar details to be transmitted.
 
Research from Zscaler found that free applications often require personal information to be surrendered as they may allow a user to be monitored, for sensitive information to potentially be viewed and compromised.
 
ZScaler director of security research Michael Sutton, said that a free app “wants to deliver meaningful advertisements, so the app will grab whatever it can to track that device, not the person”. He also said that despite privacy concerns, some people will not care.
 
Commenting on the leaky apps revelations, Sutton said that app store gatekeepers such as Apple, Google and Amazon focus on ensuring that malicious apps aren’t included in their app stores, they tend to do a very poor job at filtering out those apps that expose users to privacy risks.
 
“This is in part driven by the very economy of the app store eco-system. The bulk of apps are free, but develops need to turn a profit somehow. That’s generally done by embedding advertising and sharing metrics with advertisers about user behaviour, better enabling advertisers to deliver targeted apps,” he said.
 
“While some may be fine with sharing data in order to receive ads targeted to their interests, others see it as a privacy concern and as we’ve recently seen, spy agencies, such as the NSA are taking advantage of the data shared by mobile applications.”
 
Among the “leaky” apps named are Rovio, the maker of Angry Birds, who denied any knowledge of any NSA or GCHQ programs looking to extract data from its apps users, or any involvement with the agencies.
 
The NSA said its phone interception techniques are only used against valid targets, and are subject to stringent legal safeguards. It declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens’ information being stored through such measures. GCHQ declined to comment on any of its specific programs, but stressed all of its activities were proportional and complied with UK law.
 
Kevin Morgan, chief technology officer of Arxan Technologies said that the news did not come as much of a surprise, as in 2013 consumers downloaded over 83 billion applications worldwide. “Wha
t this demonstrates is that many application developers and owners are simply not putting enough protections in place to secure their apps, which leaves users’ data vulnerable to compromise by anyone with the technical know how to get it,” Morgan said.
 
Vicente Diaz, senior malware analyst at Kaspersky Lab, said: “The information provided by these apps has already proven lucrative to both advertisers and developers, so it stands to reason that it is also valuable to intelligence agencies. Many games allow users to play with contacts and friends and therefore bind those individuals to a network of people, just like social networks.
 
The latest version of Angry Birds asks the user for information on their location, mobile number and various other personal details – all this apparently for advertisement purposes. However, this can provide third parties with more information that you want to share, such as exactly where you are at any particular moment.
 
“It doesn’t seem so untoward when talking about one application, but this is just one example. Think about all the information you are providing to all the apps in your mobile device and what they are saying about you, your location, the people you talk to, and what you say to them. This shows how apparently innocent features can be used for a very different purpose when gathered with an ulterior motive.”

FacebookTweetLinkedIn
Tags: data breachmobileNSA
ShareTweetShare
Previous Post

Troy Hunt talks about "Have I Been Pwned"

Next Post

Feds to Charge Alleged SpyEye Trojan Author

Recent News

Ransomware attack halts London trading

Ransomware attack halts London trading

February 2, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information