Search Result: Android 12

phrase:
attribute:
attribute:
attribute:
order:
per page:
clip:
action:

Results of 1 - 1 of about 747 for Android 12 (2.281 sec.)

android (2819), 12 (27920)

Malware in Mobile Devices - GNU Project - Free Software Foundation: #score: 5139; @digest: 784a95cd709a1f82fc7e7a2c8ae36ae7; @id: 113584; @mdate: 2019-06-15T00:09:40Z; @size: 48649; @type: text/html; #keywords: apps (9939), phones (8445), snooping (8423), mobile (8413), facebook (7467), consent (5609), samsung (5315), android (5298), phone (4227), movements (4108), personal (4020), malware (4002), snoop (3937), transmit (3380), spyware (3324), google (3014), app (2910), surveillance (2887), listening (2855), advertising (2821), universal (2667), tracking (2655), proprietary (2523), users (2422), door (2212), gratis (2207), privacy (2190), nonfree (2173), malicious (2111), devices (1871), processor (1598), company (1535); Malware in Mobile Devices Other examples of proprietary malware Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa . It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some. Nearly all mobile phones do two grievous wrongs to their users: tracking their movements, and listening to their conversations. This is why we call them “Stalin's dream”. The malware we list here is present in every phone, or in software that is not made by Apple or Google (including its subsidiaries). Malicious functionalities in mobile software released by Apple or Google are listed in dedicated pages, Apple's Operating Systems are Malware and Google's Software Is Malware respectively. If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation. The phone network tracks the movements of each phone . This is inherent in the design of the phone network: as long as the phone is in communication with the network, there is no way to stop the network from recording its location. Many countries (including the US and the EU) require the network to store all these location data for months or years. Almost every phone's communication processor has a universal back door which is often used to make a phone transmit all conversations it hears . The back door may take the form of bugs that have gone 20 years unfixed . The choice to leave the security holes in place is morally equivalent to writing a back door. The back door is in the “modem processor”, whose job is to communicate with the radio network. In most phones, the modem processor controls the microphone. In most phones it has the power to rewrite the software for the main processor too. A few phone models are specially designed so that the modem processor does not control the microphone, and so that it can't change the software in the main processor. They still have the back door, but at least it is unable to turn the phone unto a listening device. The universal back door is apparently also used to make phones transmit even when they are turned off . This means their movements are tracked, and may also make the listening feature work. Type of malware Back doors Digital restrictions management or “DRM”—functionalities designed to restrict what users can do with the data in their computers. Insecurity Interference Manipulation Sabotage Surveillance Jails —systems that impose censorship on application programs. Tyrants —systems that reject any operating system not “authorized” by the manufacturer. Mobile Back Doors See above for the general universal back door in essentially all mobile phones, which permits converting them into full-time listening devices. Xiaomi phones come with a universal back door in the application processor, for Xiaomi's use . This is separate from the universal back door in the modem processor that the local phone company can use . Baidu's proprietary Android library, Moplus, has a back door that can “upload files” as well as forcibly install apps . It is used by 14,000 Android applications. A Chinese version of Android has a universal back door . Nearly all models of mobile phones have a universal back door in the modem chip . So why did Coolpad bother to introduce another? Because this one is controlled by Coolpad. Samsung Galaxy devices running proprietary Android versions come with a back door that provides remote access to the files stored on the device. Mobile DRM The Netflix Android app forces the use of Google DNS . This is one of the methods that Netflix uses to enforce the geolocation restrictions dictated by the movie studios. Mobile Insecurity These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs. Siri, Alexa, and all the other voice-control systems can be hijacked by programs that play commands in ultrasound that humans can't hear . Some Samsung phones randomly send photos to people in the owner's contact list . Many Android devices can be hijacked through their Wi-Fi chips because of a bug in Broadcom's non-free firmware. The mobile apps for communicating with a smart but foolish car have very bad security . This is in addition to the fact that the car contains a cellular modem that tells big brother all the time where it is. If you own such a car, it would be wise to disconnect the modem so as to turn off the tracking. Samsung phones have a security hole that allows an SMS message to install ransomware . WhatsApp has a feature that has been described as a “back door” because it would enable governments to nullify its encryption. The developers say that it wasn't intended as a back door, and that may well be true. But that leaves the crucial question of whether it functions as one. Because the program is nonfree, we cannot check by studying it. “Deleted” WhatsApp messages are not entirely deleted . They can be recovered in various ways. A half-blind security critique of a tracking app: it found that blatant flaws allowed anyone to snoop on a user's personal data . The critique fails entirely to express concern that the app sends the personal data to a server, where the developer gets it all. This “service” is for suckers! The server surely has a “privacy policy,” and surely it is worthless since nearly all of them are. A bug in a proprietary ASN.1 library, used in cell phone towers as well as cell phones and routers, allows taking control of those systems . Many proprietary payment apps transmit personal data in an insecure way . However, the worse aspect of these apps is that payment is not anonymous . Many smartphone apps use insecure authentication methods when storing your personal data on remote servers . This leaves personal information like email addresses, passwords, and health information vulnerable. Because many of these apps are proprietary it makes it hard to impossible to know which apps are at risk. An app to prevent “identity theft” (access to personal data) by storing users' data on a special server was deactivated by its developer which had discovered a security flaw. That developer seems to be conscientious about protecting personal data from third parties in general, but it can't protect that data from the state. Quite the contrary: confiding your data to someone else's server, if not first encrypted by you with free software, undermines your rights. The insecurity of WhatsApp makes eavesdropping a snap. The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry . While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software . Mobile Interference This section gives examples of mobile apps harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them. Samsung phones come preloaded with a version of the Facebook app that can't be deleted . Facebook claims this is a stub which doesn't do anything, but we have to take their word for it, and there is the permanent risk that the app will be activated by an automatic update. Preloading crapware along with a nonfree operating system is common practice, but by making the crapware undeletable, Facebook and Samsung ( among others ) are going one step further in their hijacking of users' devices. Mobile Manipulation The Femm “fertility” app is secretly a tool for propaganda by natalist Christians. It spreads distrust for contraception. It snoops on users, too, as you must expect from nonfree programs. Mobile Sabotage Twenty nine “beauty camera” apps that used to be on Google Play had one or more malicious functionalities, such as stealing users' photos instead of “beautifying” them, pushing unwanted and often malicious ads on users, and redirecting them to phishing sites that stole their credentials. Furthermore, the user interface of most of them was designed to make uninstallation difficult. Users should of course uninstall these dangerous apps if they haven't yet, but they should also stay away from nonfree apps in general. All nonfree apps carry a potential risk because there is no easy way of knowing what they really do. Apple and Samsung deliberately degrade the performance of older phones to force users to buy their newer phones . Mobile Surveillance In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night sending users' personal information to third parties . The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as phone fingerprint, exact location, email address, phone number or even delivery address (in the case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for. BlizzCon 2019 imposed a requirement to run a proprietary phone app to be allowed into the event. This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has near-complete control over the phone. Data collected by menstrual and pregnancy monitoring apps is often available to employers and insurance companies . Even though the data is “anonymized and aggregated,” it can easily be traced back to the woman who uses the app. This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do so. A free-software app that does more or less the same thing without spying on you is available from F-Droid , and a new one is being developed . Many Android phones come with a huge number of preinstalled nonfree apps that have access to sensitive data without users' knowledge . These hidden apps may either call home with the data, or pass it on to user-installed apps that have access to the network but no direct access to the data. This results in massive surveillance on which the user has absolutely no control. A study of 24 “health” apps found that 19 of them send sensitive personal data to third parties , which can use it for invasive advertising or discriminating against people in poor medical condition. Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping. Facebook offered a convenient proprietary library for building mobile apps, which also sent personal data to Facebook . Lots of companies built apps that way and released them, apparently not realizing that all the personal data they collected would go to Facebook as well. It shows that no one can trust a nonfree program, not even the developers of other nonfree programs. The AppCensus database gives information on how Android apps use and misuse users' personal data . As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the Advertising ID to other companies, and 18,000 (23% of the total) link this ID to hardware identifiers , so that users cannot escape tracking by resetting it. Collecting hardware identifiers is in apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to take action. This proves that the policies of a development platform are ineffective at preventing nonfree software developers from including malware in their programs. Many nonfree apps have a surveillance feature for recording all the users' actions in interacting with the app. An investigation of the 150 most popular gratis VPN apps in Google Play found that 25% fail to protect their users' privacy due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well. Moreover, a previous investigation had found that half of the top 10 gratis VPN apps have lousy privacy policies . It is unfortunate that these articles talk about “free apps.” These apps are gratis, but they are not free software . The Weather Channel app stored users' locations to the company's server . The company is being sued, demanding that it notify the users of what it will do with the data. I think that lawsuit is about a side issue. What the company does with the data is a secondary issue. The principal wrong here is that the company gets that data at all. Other weather apps , including Accuweather and WeatherBug, are tracking people's locations. Around 40% of gratis Android apps report on the user's actions to Facebook . Often they send the machine's “advertising ID,” so that Facebook can correlate the data it obtains from the same machine via various apps. Some of them send Facebook detailed information about the user's activities in the app; others only say that the user is using that app, but that alone is often quite informative. This spying occurs regardless of whether the user has a Facebook account. Facebook's app got “consent” to upload call logs automatically from Android phones while disguising what the “consent” was for. Some Android apps track the phones of users that have deleted them . The Spanish football streaming app tracks the user's movements and listens through the microphone . This makes them act as spies for licensing enforcement. I expect it implements DRM, too—that there is no way to save a recording. But I can't be sure from the article. If you learn to care much less about sports, you will benefit in many ways. This is one more. More than 50% of the 5,855 Android apps studied by researchers were found to snoop and collect information about its users . 40% of the apps were found to insecurely snitch on its users. Furthermore, they could detect only some methods of snooping, in these proprietary apps whose source code they cannot look at. The other apps might be snooping in other ways. This is evidence that proprietary apps generally work against their users. To protect their privacy and freedom, Android users need to get rid of the proprietary software—both proprietary Android by switching to Replicant , and the proprietary apps by getting apps from the free software only F-Droid store that prominently warns the user if an app contains anti-features . Grindr collects information about which users are HIV-positive, then provides the information to companies . Grindr should not have so much information about its users. It could be designed so that users communicate such info to each other but not to the server's database. The moviepass app and dis-service spy on users even more than users expected. It records where they travel before and after going to a movie . Don't be tracked—pay cash! Tracking software in popular Android apps is pervasive and sometimes very clever. Some trackers can follow a user's movements around a physical store by noticing WiFi networks . AI-powered driving apps can track your every move . The Sarahah app uploads all phone numbers and email addresses in user's address book to developer's server. Note that this article misuses the words “ free software ” referring to zero price. 20 dishonest Android apps recorded phone calls and sent them and text messages and emails to snoopers . Google did not intend to make these apps spy; on the contrary, it worked in various ways to prevent that, and deleted these apps after discovering what they did. So we cannot blame Google specifically for the snooping of these apps. On the other hand, Google redistributes nonfree Android apps, and therefore shares in the responsibility for the injustice of their being nonfree. It also distributes its own nonfree apps, such as Google Play, which are malicious . Could Google have done a better job of preventing apps from cheating? There is no systematic way for Google, or Android users, to inspect executable proprietary apps to see what they do. Google could demand the source code for these apps, and study the source code somehow to determine whether they mistreat users in various ways. If it did a good job of this, it could more or less prevent such snooping, except when the app developers are clever enough to outsmart the checking. But since Google itself develops malicious apps, we cannot trust Google to protect us. We must demand release of source code to the public, so we can depend on each other. Apps for BART snoop on users . With free software apps, users could make sure that they don't snoop. With proprietary apps, one can only hope that they don't. A study found 234 Android apps that track users by listening to ultrasound from beacons placed in stores or played by TV programs . Faceapp appears to do lots of surveillance, judging by how much access it demands to personal data in the device . Users are suing Bose for distributing a spyware app for its headphones . Specifically, the app would record the names of the audio files users listen to along with the headphone's unique serial number. The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should be flat out illegal to design the app to snoop at all . Pairs of Android apps can collude to transmit users' personal data to servers. A study found tens of thousands of pairs that collude . Verizon announced an opt-in proprietary search app that it will pre-install on some of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine. Currently, the app is being pre-installed on only one phone , and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware. The Meitu photo-editing app sends user data to a Chinese company . The Uber app tracks clients' movements before and after the ride . This example illustrates how “getting the user's consent” for surveillance is inadequate as a protection against massive surveillance. A research paper that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.” Following is a non-exhaustive list, taken from the research paper, of some proprietary VPN apps that track users and infringe their privacy: SurfEasy Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads. sFly Network Booster Requests the READ_SMS and SEND_SMS permissions upon installation, meaning it has full access to users' text messages. DroidVPN and TigerVPN Requests the READ_LOGS permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this. HideMyAss Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested. VPN Services HotspotShield Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly five tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website). WiFi Protector VPN Injects JavaScript code into HTML pages, and also uses roughly five tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking the user and displaying ads. Some portable phones are sold with spyware sending lots of data to China . Facebook's new Magic Photo app scans your mobile phone's photo collections for known faces , and suggests you to share the picture you take according to who is in the frame. This spyware feature seems to require online access to some known-faces database, which means the pictures are likely to be sent across the wire to Facebook's servers and face-recognition algorithms. If so, none of Facebook users' pictures are private anymore, even if the user didn't “upload” them to the service. Facebook's app listens all the time, to snoop on what people are listening to or watching . In addition, it may be analyzing people's conversations to serve them with targeted advertisements. A pregnancy test controller application not only can spy on many sorts of data in the phone, and in server accounts, it can alter them too . Apps that include Symphony surveillance software snoop on what radio and TV programs are playing nearby . Also on what users post on various sites such as Facebook, Google+ and Twitter. The natural extension of monitoring people through “their” phones is proprietary software to make sure they can't “fool” the monitoring . “Cryptic communication,” unrelated to the app's functionality, was found in the 500 most popular gratis Android apps . The article should not have described these apps as “free”—they are not free software. The clear way to say “zero price” is “gratis.” The article takes for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any other snooping. More than 73% and 47% of mobile applications, from Android and iOS respectively share personal, behavioral and location information of their users with third parties. According to Edward Snowden, agencies can take over smartphones by sending hidden text messages which enable them to turn the phones on and off, listen to the microphone, retrieve geo-location data from the GPS, take photographs, read text messages, read call, location and web browsing history, and read the contact list. This malware is designed to disguise itself from investigation. Like most “music screaming” disservices, Spotify is based on proprietary malware (DRM and snooping). In August 2015 it demanded users submit to increased snooping , and some are starting to realize that it is nasty. This article shows the twisted ways that they present snooping as a way to “serve” users better —never mind whether they want that. This is a typical example of the attitude of the proprietary software industry towards those they have subjugated. Out, out, damned Spotify! Samsung phones come with apps that users can't delete , and they send so much data that their transmission is a substantial expense for users. Said transmission, not wanted or requested by the user, clearly must constitute spying of some kind. A study in 2015 found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%. The article confusingly describes gratis apps as “free”, but most of them are not in fact free software . It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly. Gratis Android apps (but not free software ) connect to 100 tracking and advertising URLs, on the average. Widely used proprietary QR-code scanner apps snoop on the user . This is in addition to the snooping done by the phone company, and perhaps by the OS in the phone. Don't be distracted by the question of whether the app developers get users to say “I agree”. That is no excuse for malware. Many proprietary apps for mobile devices report which other apps the user has installed. Twitter is doing this in a way that at least is visible and optional . Not as bad as what the others do. Samsung's back door provides access to any file on the system. The Simeji keyboard is a smartphone version of Baidu's spying IME . The nonfree Snapchat app's principal purpose is to restrict the use of data on the user's computer, but it does surveillance too: it tries to get the user's list of other people's phone numbers . The Brightest Flashlight app sends user data, including geolocation, for use by companies . The FTC criticized this app because it asked the user to approve sending personal data to the app developer but did not ask about sending it to other companies. This shows the weakness of the reject-it-if-you-dislike-snooping “solution” to surveillance: why should a flashlight app send any information to anyone? A free software flashlight app would not. Portable phones with GPS will send their GPS location on remote command, and users cannot stop them . (The US says it will eventually require all new portable phones to have GPS.) FTC says most mobile apps for children don't respect privacy: http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/ . Some manufacturers add a hidden general surveillance package such as Carrier IQ . Mobile Jails Windows 8 on “mobile devices” (now defunct) was a jail . Mobile Tyrants Mobile devices that come with Windows 8 are tyrants . Please send general FSF & GNU inquiries to <gnu@gnu.org> . There are also other ways to contact the FSF. Broken links and other corrections or suggestions can be sent to <webmasters@gnu.org> . Please see the Translations README for information on coordinating and submitting translations of this article. Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Free Software Foundation, Inc. This page is licensed under a Creative Commons Attribution 4.0 International License . Updated: $Date: 2019/06/11 13:00:21 $ ...; http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/malware-mobiles.fr-en.html - [detail] - [similar]

PREV NEXT