Search Result: Android 12

phrase:
attribute:
attribute:
attribute:
order:
per page:
clip:
action:

Results of 1 - 1 of about 725 for Android 12 (2.111 sec.)

android (2801), 12 (27799)

/proprietary/proprietary-surveillance.html-diff: #score: 5143; @digest: 0dab801b0d03e7c693ed50fede09eaf4; @id: 379207; @lang: en; @mdate: 2024-04-13T11:04:12Z; @size: 345325; @type: text/html; content-type: text/html; charset=utf-8; #keywords: workshop (135037), surveillance (55894), spyware (35151), encoding (29191), small (28673), theguardian (27810), copied (24658), mal (23826), proprietary (23217), rec (23205), snooping (18333), apps (17943), var (17649), facebook (17267), https (17164), li (16379), href (16026), echo (15174), privacy (15080), date (14794), android (13677), edit (11624), phones (11401), apple (10833), tracking (10397), personal (9292), malware (9095), google (8872), none (8857), tag (8645), mobile (8414), app (7900);     <title>Proprietary Surveillance - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <style type="text/css" media="print,screen"></style>    <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By type / </div>   <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Proprietary Surveillance</h2> <div class="infobox"> <hr class="full-width" /> Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve. <div class="announcement"> This document attempts to track clearly established cases of proprietary software that spies on or tracks users. <a href="/proprietary/proprietary.html"> Other examples typically takes the form of proprietary malware</a> malicious functionalities. <hr class="full-width" /> </div> <div id="surveillance"> <div class="pict medium"> id="surveillance" class="pict"> <a href="/graphics/dog.html"> <img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a> “How did they find out I'm a dog?” </div> <div class="toc"> class="article"> A common malicious functionality is to snoop on the user. This page records clearly established cases of proprietary software that spies on or tracks users. Manufacturers even refuse to <a href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say whether they snoop on users for the state</a>. All appliances and applications that are tethered to a specific server are snoopers by nature. We do not list them here because they have their own page: <a href="/proprietary/proprietary-tethers.html#about-page">Proprietary Tethers</a>. There is a similar site named <a href="https://spyware.neocities.org">Spyware Watchdog</a> that classifies spyware programs, so that users can be more aware that they are installing spyware. <div class="important" style="clear: both"> If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation. </div> <div id="TOC" class="toc-inline"> <h3 id="TableOfContents">Table of Contents</h3> <ul> <li><a href="#Introduction">Introduction</a></li> <li><a <h4><a href="#Introduction">Introduction</a></h4> <h4><a href="#OSSpyware">Spyware in Operating Systems</a> Laptops and Desktops</a></h4> <ul> <li><a href="#SpywareInWindows">Spyware in Windows</a></li> href="#SpywareInWindows">Windows</a></li> <li><a href="#SpywareInMacOS">Spyware in MacOS</a></li> href="#SpywareInMacOS">MacOS</a></li> <li><a href="#SpywareInAndroid">Spyware in Android</a></li> href="#SpywareInBIOS">BIOS</a></li> </ul> </li> <li><a <h4><a href="#SpywareOnMobiles">Spyware on Mobiles</a> Mobiles</a></h4> <ul> <li><a href="#SpywareIniThings">Spyware in iThings</a></li> href="#SpywareInTelephones">All “Smart” Phones</a></li> <li><a href="#SpywareInTelephones">Spyware in Telephones</a></li> href="#SpywareIniThings">iThings</a></li> <li><a href="#SpywareInMobileApps">Spyware in Mobile Applications</a></li> href="#SpywareInAndroid">Android Telephones</a></li> <li><a href="#SpywareInGames">Spyware href="#SpywareInElectronicReaders">E-Readers</a></li> </ul> <h4><a href="#SpywareInApplications">Spyware in Games</a></li> Applications</a></h4> <ul> <li><a href="#SpywareInToys">Spyware in Toys</a></li> </ul> </li> href="#SpywareInDesktopApps">Desktop Apps</a></li> <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a> <ul> href="#SpywareInMobileApps">Mobile Apps</a></li> <li><a href="#SpywareInBIOS">Spyware in BIOS</a></li>  href="#SpywareInGames">Games</a></li> </ul> </li> <li><a href="#SpywareAtWork">Spyware at Work</a> <h4><a href="#SpywareInEquipment">Spyware in Connected Equipment</a></h4> <ul> <li><a href="#SpywareInSkype">Spyware in Skype</a></li> </ul> </li> href="#SpywareInTVSets">TV Sets</a></li> <li><a href="#SpywareOnTheRoad">Spyware on the Road</a> <ul> href="#SpywareInCameras">Cameras</a></li> <li><a href="#SpywareInCameras">Spyware in Cameras</a></li> href="#SpywareInToys">Toys</a></li> <li><a href="#SpywareInElectronicReaders">Spyware in e-Readers</a></li> href="#SpywareInDrones">Drones</a></li> <li><a href="#SpywareInVehicles">Spyware in Vehicles</a></li> </ul> </li> href="#SpywareAtHome">Other Appliances</a></li> <li><a href="#SpywareAtHome">Spyware at Home</a> href="#SpywareOnWearables">Wearables</a> <ul> <li><a href="#SpywareInTVSets">Spyware in TV Sets</a></li> href="#SpywareOnSmartWatches">“Smart” Watches</a></li> </ul> </li> <li><a href="#SpywareAtPlay">Spyware at Play</a></li> href="#SpywareInVehicles">Vehicles</a></li> <li><a href="#SpywareInVR">Virtual Reality</a></li> </ul> <h4><a href="#SpywareOnTheWeb">Spyware on the Web</a> Web</a></h4> <ul> <li><a href="#SpywareInChrome">Spyware in Chrome</a></li> <li><a href="#SpywareInFlash">Spyware in Flash</a></li> </ul> </li> href="#SpywareInChrome">Chrome</a></li> <li><a href="#SpywareEverywhere">Spyware Everywhere</a></li> href="#SpywareInJavaScript">JavaScript</a></li> <li><a href="#SpywareInVR">Spyware In VR</a></li> href="#SpywareInFlash">Flash</a></li> </ul> <h4><a href="#SpywareInNetworks">Spyware in Networks</a></h4> </div> </div> <div style="clear: left;"></div>  <div class="big-section"> <h3 id="Introduction">Introduction</h3> </div> <div style="clear: left;"></div> For decades, the Free Software movement has been denouncing the abusive surveillance machine of <a href="/proprietary/proprietary.html">proprietary software</a> companies such as <a href="/proprietary/malware-microsoft.html">Microsoft</a> and <a href="/proprietary/malware-apple.html">Apple</a>. In the recent years, this tendency to watch people has spread across industries, not only in the software business, but also in the hardware. Moreover, it also spread dramatically away from the keyboard, in the mobile computing industry, in the office, at home, <a href="https://www.theguardian.com/world/2023/sep/07/uk-owners-of-smart-home-devices-being-asked-for-swathes-of-personal-data"> home</a>, in transportation systems, and in the classroom. <h3 <h4 id="AggregateInfoCollection">Aggregate Information Collection</h3> or anonymized data</h4> Many companies, in their privacy policy, have a clause that claims they share aggregate, non-personally identifiable information with third parties/partners. Such claims are worthless, for several reasons: <ul> <li>They could change the policy at any time.</li> <li>They can twist the words by distributing an “aggregate” of “anonymized” data which can be reidentified and attributed to individuals.</li> <li>The raw data they don't normally distribute can be taken by data breaches.</li> <li>The raw data they don't normally distribute can be taken by subpoena.</li> </ul> Therefore, we must never pay any attention to not be distracted by companies' statements of what companies say they will do with the data they collect. The wrong is that they collect it at all. <h3 <h4 id="LatestAdditions">Latest additions</h3> Latest additions additions</h4> Entries in each category are found in reverse chronological order, based on top under each category.   the <a href="/proprietary/proprietary.html#latest">main page</a> of the Malware section. <div class="big-section"> <h3 id="OSSpyware">Spyware in Operating Systems</h3> Laptops and Desktops</h3> (<a href="#OSSpyware">#OSSpyware</a>) </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInWindows">Spyware in Windows</h4> id="SpywareInWindows">Windows</h4> (<a href="#SpywareInWindows">#SpywareInWindows</a>) </div> <ul> <li>Windows DRM files <ul class="blurbs">  <li id="M202302080">  As soon as it boots, and without asking any permission, <a href="https://www.techspot.com/news/97535-windows-11-spyware-machine-out-users-control.html">Windows 11 starts to send data to online servers</a>. The user's personal details, location or hardware information are reported to Microsoft and other companies to be used as telemetry data. All of this is done is the background, and users have no easy way to prevent it—unless they switch the computer offline. </li>  <li id="M202301190">  Microsoft <a href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/"> released an “update” that installs a surveillance program</a> on users' computers to gather data on some installed programs for Microsoft's benefit. The update is rolling out automatically, and the program runs “one time silently.” </li>  <li id="M202209220">  Windows 11 Home and Pro now <a href="https://www.microsoft.com/windows/windows-11-specifications"> require internet connection and a Microsoft account</a> to complete the installation. Windows 11 Pro had an option to create a local account instead, but the option has been removed. This account can (and most certainly will) be used for surveillance and privacy violations. Thankfully, a free software tool named <a href="https://gothub.frontendfriendly.xyz/pbatard/rufus/blob/master/README.md">Rufus</a> can bypass those requirements, or help users install a <a href="/distros/distros.html"> free operating system</a> instead. </li>  <li id="M201912160">  Microsoft is <a href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking users to create an account on their network</a> to be able to install and use the Windows operating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product. </li>  <li id="M201712110">  HP's proprietary operating system <a href="https://www.bbc.com/news/technology-42309371">includes a proprietary keyboard driver with a key logger in it</a>. </li>  <li id="M201710134">  Windows 10 telemetry program sends information to Microsoft about the user's computer and their use of the computer. Furthermore, for users who installed the fourth stable build of Windows 10, called the “Creators Update,” Windows maximized the surveillance <a href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law/"> by force setting the telemetry mode to “Full”</a>. The <a href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level"> “Full” telemetry mode</a> allows Microsoft Windows engineers to access, among other things, registry keys <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)"> which can contain sensitive information like administrator's login password</a>. </li>  <li id="M201702020">  DRM-restricted files can be used to <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users"> identify people browsing through Tor</a>. The vulnerability exists only if you use Windows. </li> <li>By Windows. </li>  <li id="M201611240">  By default, Windows 10 <a href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends href="https://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties/">sends debugging information to Microsoft, including core dumps</a>. Microsoft now distributes them to another company.</li> <li>Some portable phones <a href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lots of data to China</a>.</li> <li>In company. </li>  <li id="M201608170.1">  In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate" href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive"> blatantly disregards user choice and privacy</a>. privacy</a>. </li> <li><a href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">  <li id="M201603170">  <a href="https://duo.com/decipher/bring-your-own-dilemma-oem-laptops-and-windows-10-security"> Windows 10 comes with 13 screens of snooping options</a>, all enabled by default, and turning them off would be daunting to most users.</li> <li><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> Microsoft has already backdoored its disk encryption</a>.</li> <li>It users. </li>  <li id="M201601050">  It appears <a href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/"> href="https://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/"> Windows 10 sends data to Microsoft about what applications are running</a>.</li> <li>A running</a>. </li>  <li id="M201512280">  Microsoft has <a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> backdoored its disk encryption</a>. </li>  <li id="M201511264">  A downgrade to Windows 10 deleted surveillance-detection applications. Then another downgrade inserted a general spying program. Users noticed this and complained, so Microsoft renamed it <a href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"> href="https://www.theregister.com/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"> to give users the impression it was gone</a>. To use proprietary software is to invite such treatment. </li> <li>  <li id="M201508180">  <a href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping"> Intel devices will be able to listen for speech all the time, even when “off.”</a> </li>  <li id="M201508130">  <a href="https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10 sends identifiable information to Microsoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings. </li>  <li id="M201507300">  Windows 10 <a href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/"> href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/"> ships with default settings that show no regard for the privacy of its users</a>, giving Microsoft the “right” to snoop on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.</li> <li> <a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10 sends identifiable information to Microsoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.</li> <li> ads. We can suppose Microsoft looks at users' files for the US government on demand, though the “privacy policy” does not explicitly say so. Will it look at users' files for the Chinese government on demand? </li>  <li id="M201506170">  Microsoft uses Windows 10's “privacy policy” to overtly impose a “right” to look at users' files at any time. Windows 10 full disk encryption <a href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/"> href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/"> gives Microsoft a key</a>. Thus, Windows is overt malware in regard to surveillance, as in other issues. We can suppose Microsoft look at users' files for the US government on demand, though the “privacy policy” does not explicit say so. Will it look at users' files for the Chinese government on demand? The unique “advertising ID” for each user enables other companies to track the browsing of each specific user. It's as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn't drop Windows now.</li> <li>It now. </li>  <li id="M201410040">  It only gets worse with time. <a href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html"> href="https://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html"> Windows 10 requires users to give permission for total snooping</a>, including their files, their commands, their text input, and their voice input. </li> <li><a href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">  <li id="M201405140">  <a href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/"> Microsoft SkyDrive allows the NSA to directly examine users' data</a>. </li>  <li id="M201401150">  <a href="https://web.archive.org/web/20140219183154/http://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/"> Baidu's Japanese-input and Chinese-input apps spy on users</a>. </li>  <li id="M201307080">  Spyware in older versions of Windows: <a href="https://www.theregister.com/2003/02/28/windows_update_keeps_tabs/"> Windows Update snoops on the user</a>. <a href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"> Windows 8.1 snoops on local searches.</a>. </li> <li>And searches</a>. And there's a <a href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA key in Windows</a>, whose functions we don't know. </li> </ul> Microsoft's snooping on users did not start with Windows 10. There's a lot more <a href="/proprietary/malware-microsoft.html"> Microsoft malware</a>. <div class="big-subsection"> <h4 id="SpywareInMacOS">Spyware in MacOS</h4> id="SpywareInMacOS">MacOS</h4> (<a href="#SpywareInMacOS">#SpywareInMacOS</a>) </div> <ul> <li><a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/"> MacOS automatically sends to Apple servers unsaved documents being edited</a>. The <a href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/"> things you have <ul class="blurbs">  <li id="M202011120">  Apple has <a href="https://sneak.berlin/20201112/your-computer-isnt-yours/">implemented a malware in its computers that imposes surveillance</a> on users and reports users' computing to save Apple. The reports are even more sensitive than the things you have stored unencrypted and they've been leaking this data for two years already. This malware is reporting to Apple what user opens what program at what time. It also gives Apple power to sabotage users' computing. </li>  <li id="M201809070">  Adware Doctor, an ad blocker for MacOS, <a href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports the user's browsing history</a>. </li> <li>Apple  <li id="M201411040">  Apple has made various <a href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud"> href="https://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud"> MacOS programs send files to Apple servers without asking permission</a>. This exposes the files to Big Brother and perhaps to other snoops. It also demonstrates how you can't trust proprietary software, because even if today's version doesn't have a malicious functionality, tomorrow's version might add it. The developer won't remove the malfeature unless many users push back hard, and the users can't remove it themselves. </li> <li>Various operations  <li id="M201410300">  MacOS send reports automatically <a href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/"> sends to Apple</a> servers. Apple servers unsaved documents being edited</a>. The things you have not decided to save are <a href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/"> even more sensitive</a> than the things you have stored in files. </li> <li>Apple  <li id="M201410220">  Apple admits the <a href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/"> href="https://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/"> spying in a search facility</a>, but there's a lot <a href="https://github.com/fix-macosx/yosemite-phone-home"> href="https://gothub.frontendfriendly.xyz/fix-macosx/yosemite-phone-home/blob/master/README.md"> more snooping that Apple has not talked about</a>. </li> <li><a href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">  <li id="M201410200">  Various operations in <a href="https://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540"> the latest MacOS send reports to Apple</a> servers. </li>  <li id="M201401100.1">  <a href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> Spotlight search</a> sends users' search terms to Apple. </li> </ul> There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and <a href="/proprietary/malware-apple.html">Apple malware</a>. <div class="big-subsection"> <h4 id="SpywareInAndroid">Spyware in Android</h4> id="SpywareInBIOS">BIOS</h4> (<a href="#SpywareInAndroid">#SpywareInAndroid</a>) href="#SpywareInBIOS">#SpywareInBIOS</a>) </div> <ul> <li> <a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study <ul class="blurbs">  <li id="M201509220">  <a href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html"> Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows installs. Note that 90% of the top-ranked gratis specific sabotage method Lenovo used did not affect GNU/Linux; also, a “clean” Windows install is not really clean since <a href="/proprietary/malware-microsoft.html">Microsoft puts in its own malware</a>. </li> </ul> <div class="big-section"> <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3> (<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>) </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInTelephones">All “Smart” Phones</h4> (<a href="#SpywareInTelephones">#SpywareInTelephones</a>) </div> <ul class="blurbs">  <li id="M202106250">  <a href="https://www.elsalvador.com/eldiariodehoy/app-chivo-bitcoin-pone-en-riesgo-datos-personales-de-usuarios/852310/2021/">El Salvador Dictatorship's Chivo wallet is spyware</a>, it's a proprietary Android apps contained recognizable tracking libraries. For program that breaks users' freedom and spies on people; demands personal data such as the paid proprietary apps, national ID number and does face recognition, and it was only 60%. is bad security for its data. It also asks for almost every malware permission in people's smartphones. The article confusingly describes gratis apps as “free”, but most of them are not criticizes it for faults in fact “data protection”, though <a href="/philosophy/free-sw.html">free software</a>. It also uses the ugly word “monetize”. A good replacement for that word href="/philosophy/surveillance-vs-democracy.html">“data protection” is “exploit”; nearly always that will fit perfectly. the wrong approach to privacy anyway</a>. </li> <li> Apps for BART <a href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop on users</a>. With free software apps, users could make sure that they don't snoop. With  <li id="M202106170">  <a href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost all proprietary apps, one can only hope that they don't. </li> <li> A study found 234 Android health apps that harvest users' data</a>, including sensitive health information, tracking identifiers, and cookies to track user activities. Some of these applications are tracking users by <a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening to ultrasound across different platforms. </li>  <li id="M202102200">  The proprietary program Clubhouse is malware and a privacy disaster. Clubhouse <a href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects people's personal data such as recordings of Android apps can collude people's conversations</a>, and, as a secondary problem, does not encrypt them, which shows a bad security part of the issue. A user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora (the company behind the app) would likely have access to transmit users' raw audio, potentially providing access to the Chinese government. Even with good security of data transmission, collecting personal data to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands people is wrong and a violation of pairs that collude</a>. people's privacy rights. </li> <li> Google Play intentionally sends app developers <a href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the personal details  <li id="M202101080">  As of users that install the app</a>. Merely asking the “consent” 2021, WhatsApp (one of Facebook's subsidiaries) is <a href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing its users to hand over sensitive personal data</a> to its parent company. This increases Facebook's power over users, and further jeopardizes people's privacy and security. Instead of WhatsApp you can use <a href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>, which is free software and will not enough to legitimize actions collect your data. </li>  <li id="M202006260">  Most apps are malware, but Trump's campaign app, like this. At this point, most Modi's campaign app, is <a href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/"> especially nasty malware, helping companies snoop on users have stopped reading the “Terms and Conditions” that spell out what they are “consenting” to. Google should clearly and honestly identify the information it collects as well as snooping on users, instead of hiding them itself</a>. The article says that Biden's app has a less manipulative overall approach, but that does not tell us whether it in an obscurely worded EULA. However, to truly protect people's privacy, has functionalities we must prevent Google consider malicious, such as sending data the user has not explicitly asked to send. </li>  <li id="M201809121">  Tiny Lab Productions, along with online ad businesses run by Google, Twitter and three other companies are facing a lawsuit <a href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for violating people's privacy by collecting their data from getting this personal information mobile games and handing over these data to other companies/advertisers</a>. </li>  <li id="M201601110">  The natural extension of monitoring people through “their” phones is <a href="https://news.northwestern.edu/stories/2016/01/fool-activity-tracker"> proprietary software to make sure they can't “fool” the first place! monitoring</a>. </li> <li> Google Play (a component of Android)  <li id="M201510050">  According to Edward Snowden, <a href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks href="https://www.bbc.com/news/uk-34444233">agencies can take over smartphones</a> by sending hidden text messages which enable them to turn the users' movements without their permission</a>. Even if you disable Google Maps phones on and location tracking, you must disable Google Play itself off, listen to completely stop the tracking. microphone, retrieve geo-location data from the GPS, take photographs, read text messages, read call, location and web browsing history, and read the contact list. This malware is yet another example of nonfree software pretending designed to obey the user, when it's actually doing something else. Such a thing would be almost unthinkable with free software. disguise itself from investigation. </li> <li>More than 73% of  <li id="M201311120">  <a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the most popular Android apps universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href="http://jots.pub/a/2015103001/index.php">share personal, behavioral and location information</a> href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/"> lots of bugs in the phones' radio software</a>. </li>  <li id="M201307000">  Portable phones with GPS <a href="https://www.aclu.org/issues/privacy-technology/location-tracking/you-are-being-tracked"> will send their GPS location on remote command, and users with cannot stop them</a>. (The US says it will eventually require all new portable phones to have GPS.) </li> </ul> <div class="big-subsection"> <h4 id="SpywareIniThings">iThings</h4> (<a href="#SpywareIniThings">#SpywareIniThings</a>) </div> <ul class="blurbs">  <li id="M202211140">  <a href="https://web.archive.org/web/20230101185726/https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558"> The iMonster app store client programs collect many kinds of data</a> about the user's actions and private communications. “Do not track” options are available, but tracking doesn't stop if the user activates them: Apple keeps on collecting data for itself, although it claims not to send it to third parties. <a href="https://www.theregister.com/2022/11/14/apple_data_collection_lawsuit/"> Apple is being sued</a> for that. </li> <li>“Cryptic communication,” unrelated  <li id="M202105240">  <a href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple is moving its Chinese customers' iCloud data to a datacenter controlled by the app's functionality, was Chinese government</a>. Apple is already storing the encryption keys on these servers, obeying Chinese authority, making all Chinese user data available to the government. </li>  <li id="M202009183">  Facebook <a href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"> found href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops on Instagram</a> users by surreptitously turning on the device's camera. </li>  <li id="M202004200">  Apple whistleblower Thomas Le Bonniec reports that Apple made a practice of surreptitiously activating the 500 most popular gratis Android apps</a>. The article should Siri software to <a href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf"> record users' conversations when they had not have described activated Siri</a>. This was not just occasional, it was systematic practice. His job was to listen to these apps as “free”—they are recordings, in a group that made transcripts of them. He does not free software. The clear believes that Apple has ceased this practice. The only reliable way to say “zero price” is “gratis.” The article takes prevent this is, for granted that the usual analytics tools are legitimate, but is program that valid? Software developers have no right controls access to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as the microphone to decide when the user has “activated” any other snooping. service, to be free software, and the operating system under it free as well. This way, users could make sure Apple can't listen to them. </li> <li>Gratis Android apps (but  <li id="M201910131">  Safari occasionally <a href="/philosophy/free-sw.html">free software</a>) connect href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/"> sends browsing data from Apple devices in China to 100 <a href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking and advertising</a> URLs, on the average. Tencent Safe Browsing service</a>, to check URLs that possibly correspond to “fraudulent” websites. Since Tencent collaborates with the Chinese government, its Safe Browsing black list most certainly contains the websites of political opponents. By linking the requests originating from single IP addresses, the government can identify dissenters in China and Hong Kong, thus endangering their lives. </li> <li>Spyware is present  <li id="M201905280">  In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night <a href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> send href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html"> sending users' personal data information to Motorola</a>. </li> <li>Some manufacturers add a <a href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package third parties</a>. The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as Carrier IQ.</a> </li> <li><a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access to any file on phone fingerprint, exact location, email address, phone number or even delivery address (in the system. case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for. </li> </ul>   The DMCA and the EU Copyright Directive make sure it <a href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html"> illegal to place new items study how iOS cr…apps spy on top under each subsection users</a>, because this would require circumventing the iOS DRM. </li>  <div class="big-section"> <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3> (<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>) </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareIniThings">Spyware <li id="M201709210">  In the latest iThings system, “turning off” WiFi and Bluetooth the obvious way <a href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off"> doesn't really turn them off</a>. A more advanced way really does turn them off—only until 5am. That's Apple for you—“We know you want to be spied on”. </li>  <li id="M201702150">  Apple proposes <a href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a fingerprint-scanning touch screen</a> — which screen</a>—which would mean no way to use it without having your fingerprints taken. Users would have no way to tell whether the phone is snooping on them.</li> <li>iPhones them. </li>  <li id="M201611170">  iPhones <a href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send lots of personal data to Apple's servers</a>. Big Brother can get them from there. </li> <li>The  <li id="M201609280">  The iMessage app on iThings <a href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells a server every phone number that the user types into it</a>; the server records these numbers for at least 30 days. </li> <li>Users cannot make an Apple ID <a href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary to install even gratis apps)</a> without giving a valid email address and receiving the code Apple sends to it. </li> <li>Around 47% of the most popular iOS apps <a class="not-a-duplicate" href="http://jots.pub/a/2015103001/index.php">share personal, behavioral and location information</a> of their users with third parties. </li> <li>iThings  <li id="M201509240">  iThings automatically upload to Apple's servers all the photos and videos they make. <blockquote> iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. [...] […] </blockquote> (From <a href="https://www.apple.com/icloud/photos/">Apple's href="https://web.archive.org/web/20150921152044/https://www.apple.com/icloud/photos/">Apple's iCloud information</a> as accessed on 24 Sep 2015.) The iCloud feature is <a href="https://support.apple.com/en-us/HT202033">activated by the startup of iOS</a>. The term “cloud” means “please don't ask where.” There is a way to <a href="https://support.apple.com/en-us/HT201104"> deactivate iCloud</a>, but it's active by default so it still counts as a surveillance functionality. Unknown people apparently took advantage of this to <a href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get nude photos of many celebrities</a>. They needed to break Apple's security to get at them, but NSA can access any of them through <a href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>. </li> <li>Spyware href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>. </li>  <li id="M201409220">  Apple can, and regularly does, <a href="https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data from iPhones for the state</a>. This may have improved with <a href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/"> iOS 8 security improvements</a>; but <a href="https://theintercept.com/2014/09/22/apple-data/"> not as much as Apple claims</a>. </li>  <li id="M201407230">  <a href="https://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services"> Several “features” of iOS seem to exist for no possible purpose other than surveillance</a>. Here is the <a href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf"> Technical presentation</a>. </li>  <li id="M201401100">  The <a class="not-a-duplicate" href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> iBeacon</a> lets stores determine exactly where the iThing is, and get other info too. </li> <li>There  <li id="M201312300">  <a href="https://web.archive.org/web/20190924053515/https://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep"> Either Apple helps the NSA snoop on all the data in an iThing, or it is totally incompetent</a>. </li>  <li id="M201308080">  The iThing also <a href="https://www.theregister.com/2013/08/08/ios7_tracking_now_its_a_favourite_feature/"> tells Apple its geolocation</a> by default, though that can be turned off. </li>  <li id="M201210170">  There is also a feature for web sites to track users, which is <a href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/"> href="https://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/"> enabled by default</a>. (That article talks about iOS 6, but it is still true in iOS 7.) </li> <li>The iThing also <a href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/"> tells Apple its geolocation</a> by default, though that can be turned off. </li> <li>Apple can, and regularly does, <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data  <li id="M201204280">  Users cannot make an iThing, or it is totally incompetent.</a> </li> <li><a href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services"> Several “features” of iOS seem Apple ID (<a href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary to exist for no possible purpose other than surveillance</a>. Here is install even gratis apps</a>) without giving a valid email address and receiving the <a href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf"> Technical presentation</a>. verification code Apple sends to it. </li> </ul> <div class="big-subsection"> <h4 id="SpywareInTelephones">Spyware in id="SpywareInAndroid">Android Telephones</h4> (<a href="#SpywareInTelephones">#SpywareInTelephones</a>) href="#SpywareInAndroid">#SpywareInAndroid</a>) </div> <ul> <li>According to Edward Snowden, <ul class="blurbs">  <li id="M202012070">  Baidu apps were <a href="http://www.bbc.com/news/uk-34444233">agencies href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/"> caught collecting sensitive personal data</a> that can take over smartphones</a> by sending hidden text messages which enable be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to turn the Chinese government, possibly putting Chinese people in danger. </li>  <li id="M202010120">  Samsung is forcing its smartphone users in Hong Kong (and Macau) <a href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to use a public DNS in Mainland China</a>, using software update released in September 2020, which causes many unease and privacy concerns. </li>  <li id="M202004300">  Xiaomi phones on <a href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report many actions the user takes</a>: starting an app, looking at a folder, visiting a website, listening to a song. They send device identifying information too. Other nonfree programs snoop too. For instance, Spotify and off, listen other streaming dis-services make a dossier about each user, and <a href="/malware/proprietary-surveillance.html#M201508210"> they make users identify themselves to pay</a>. Out, out, damned Spotify! Forbes exonerates the microphone, retrieve geo-location data same wrongs when the culprits are not Chinese, but we condemn this no matter who does it. </li>  <li id="M201812060">  Facebook's app got “consent” to <a href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent"> upload call logs automatically from Android phones</a> while disguising what the “consent” was for. </li>  <li id="M201811230">  An Android phone was observed to track location even while in airplane mode. It didn't send the GPS, take photographs, read text messages, read call, location data while in airplane mode. Instead, <a href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/"> it saved up the data, and web browsing history, sent them all later</a>. </li>  <li id="M201711210">  Android tracks location for Google <a href="https://www.techdirt.com/2017/11/21/investigation-finds-google-collected-location-data-even-with-location-services-turned-off/"> even when “location services” are turned off, even when the phone has no SIM card</a>. </li>  <li id="M201611150">  Some portable phones <a href="https://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lots of data to China</a>. </li>  <li id="M201609140">  Google Play (a component of Android) <a href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks the users' movements without their permission</a>. Even if you disable Google Maps and read location tracking, you must disable Google Play itself to completely stop the contact list. tracking. This malware is designed yet another example of nonfree software pretending to disguise itself from investigation. obey the user, when it's actually doing something else. Such a thing would be almost unthinkable with free software. </li> <li>Samsung  <li id="M201507030">  Samsung phones come with <a href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps href="https://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps that users can't delete</a>, and they send so much data that their transmission is a substantial expense for users. Said transmission, not wanted or requested by the user, clearly must constitute spying of some kind.</li> <li>A Motorola phone <a href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/"> listens for voice all kind. </li>  <li id="M201403120">  <a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access to any file on the time</a>. system. </li> <li>Spyware  <li id="M201308010">  Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that <a href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> href="https://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the FBI can remotely activate the GPS and microphone in Android phones and laptops</a>. (I suspect this means laptops</a> (presumably Windows laptops.) laptops). Here is <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more href="https://cryptome.org/2013/08/fbi-hackers.htm">more info</a>. </li> <li>Portable phones with GPS will send their GPS location on remote command and users cannot stop them:  <li id="M201307280">  Spyware is present in some Android devices when they are sold. Some Motorola phones, made when this company was owned by Google, use a modified version of Android that <a href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers"> http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>. (The US says it will eventually require all new portable phones href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> sends personal data to have GPS.) Motorola</a>. </li> <li>The nonfree Snapchat app's principal purpose  <li id="M201307250">  A Motorola phone <a href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/"> listens for voice all the time</a>. </li>  <li id="M201302150">  Google Play intentionally sends app developers <a href="https://gadgets360.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the personal details of users that install the app</a>. Merely asking the “consent” of users is not enough to restrict legitimize actions like this. At this point, most users have stopped reading the use of data on “Terms and Conditions” that spell out what they are “consenting” to. Google should clearly and honestly identify the user's computer, but information it does surveillance too: <a href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"> collects on users, instead of hiding it tries in an obscurely worded EULA. However, to get the user's list of other truly protect people's phone numbers.</a> privacy, we must prevent Google and other companies from getting this personal information in the first place! </li>  <li id="M201111170">  Some manufacturers add a <a href="https://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package such as Carrier IQ</a>. </li> </ul> <div class="big-subsection"> <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4> id="SpywareInElectronicReaders">E-Readers</h4> (<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>) href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>) </div> <ul> <li> Faceapp appears to do lots of surveillance, judging by <ul class="blurbs">  <li id="M201603080">  E-books can contain JavaScript code, and <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much access it demands to personal data href="https://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds"> sometimes this code snoops on readers</a>. </li>  <li id="M201410080">  Adobe made “Digital Editions,” the device</a>. </li> <li> Verizon e-reader used by most US libraries, <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that it will</a> pre-install on some href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/"> send lots of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine. Currently, data to Adobe</a>. Adobe's “excuse”: it's needed to check DRM! </li>  <li id="M201212030">  Spyware in many e-readers—not only the app is Kindle: <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installed on only one phone</a>, and href="https://www.eff.org/pages/reader-privacy-chart-2012"> they report even which page the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware. reads at what time</a>. </li> <li>The Meitu photo-editing app </ul> <div class="big-section"> <h3 id="SpywareInApplications">Spyware in Applications</h3> (<a href="#SpywareInApplications">#SpywareInApplications</a>) </div> <div style="clear: left;"></div> <ul class="blurbs">  <li id="M202306120">  Edge <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends href="https://www.neowin.net/news/edge-sends-images-you-view-online-to-microsoft-here-is-how-to-disable-that/">sends the URLs of images the user data views to a Chinese company</a>.</li> <li>A pregnancy test controller application not only can Microsoft's servers</a> by default, supposedly to “enhance” them. And these images <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy href="/proprietary/proprietary-surveillance.html#M201405140">may end up on many sorts of data in the phone, and in NSA's servers</a>. Microsoft claims its nonfree browser sends the URLs without identifying you, which cannot be true, since at least your IP address is known to the server accounts, it can alter them too</a>. </li> <li>The Uber app tracks if you don't take extra measures. Either way, such enhancer service is unjust because any image editing <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients' movements before and after the ride</a>. This example illustrates href="/philosophy/who-does-that-server-really-serve.html">should be done on your own computer using installed free software</a>. The article describes how “getting to disable sending the user's consent” URLs. That makes a change for surveillance is inadequate as the better, but we suggest that you instead switch to a protection against massive surveillance. </li> <li>Google's new voice messaging app freedom-respecting browser with additional privacy features such as <a href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs all conversations</a>. href="/software/gnuzilla/">IceCat</a>. </li> <li>Apps that include  <li id="M202305300">  Some employers are <a href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/"> Symphony surveillance software snoop href="https://www.theguardian.com/money/2023/may/30/i-feel-constantly-watched-employees-working-under-surveillance-monitorig-software-productivity"> forcing employees to run “monitoring software”</a> on what radio and TV their computers. These extremely intrusive proprietary programs are playing nearby</a>. Also on what users post on various sites such as Facebook, Google+ can take screenshots at regular intervals, log keystrokes, record audio and Twitter. </li> <li>Facebook's new Magic Photo app video, etc. Such practices have been shown to <a href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"> scans your mobile phone's photo collections for known faces</a>, href="https://www.eurofound.europa.eu/publications/report/2020/employee-monitoring-and-surveillance-the-challenges-of-digitalisation"> deteriorate employees' well-being</a>, and suggests you to share the picture you take according to who is trade unions in the frame. This spyware feature seems to require online access to some known-faces database, European union have voiced their concerns about them. The requirement for employee's consent, which means exists in some countries, is a sham because most often the pictures are likely employee is not free to refuse. In short, these practices should be sent across the wire to Facebook's servers and face-recognition algorithms. If so, none of Facebook users' pictures are private anymore, even if the user didn't “upload” them to the service. abolished. </li> <li>Like  <li id="M202205240">  A worldwide investigation found that most “music screaming” disservices, Spotify is based on proprietary malware (DRM and snooping). In August 2015 it <a href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy"> demanded users submit to increased snooping</a>, and some are starting to realize of the applications that it is nasty. This article shows school districts recommended for remote education during the COVID-19 pandemic <a href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/"> twisted ways that they present snooping href="https://web.archive.org/web/20220525011540/https://www.washingtonpost.com/technology/2022/05/24/remote-school-app-tracking-privacy/">track and collect personal data from children as a way young as below the age of five</a>. These applications, and their websites, send the collected information to “serve” users better</a>—never mind whether ad giants such as Facebook and Google, and they want that. This is a typical example of are still being used in the attitude classrooms even after some of the proprietary software industry towards those they have subjugated. Out, out, damned Spotify! schools reopened. </li> <li>Many proprietary apps for mobile devices report which other apps the user has installed.  <li id="M201805170">  The Verify browser extension by Storyful <a href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies on the reporters that use it</a>. </li> </ul> <div class="big-subsection"> <h4 id="SpywareInDesktopApps">Desktop Apps</h4> (<a href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>) </div> <ul class="blurbs">  <li id="M202011260">  Microsoft's Office 365 suite enables employers <a href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to snoop on each employee</a>. After a way public outburst, Microsoft stated that at least is visible and optional</a>. Not as bad as what the others do. </li> <li>FTC says most mobile apps for children don't respect privacy: <a href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/"> http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>. href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it would remove this capability</a>. Let's hope so. </li> <li>Widely used  <li id="M201912190">  Some Avast and AVG extensions for Firefox and Chrome were found to <a href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary QR-code scanner apps href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome"> snoop on users' detailed browsing habits</a>. Mozilla and Google removed the user</a>. This is in addition problematic extensions from their stores, but this shows once more how unsafe nonfree software can be. Tools that are supposed to protect a proprietary system are, instead, infecting it with additional malware (the system itself being the snooping done by the phone company, and perhaps by the OS original malware). </li>  <li id="M201904210">  As of whether the app developers get users April 2019, it is <a href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no longer possible to say “I agree”. That disable an unscrupulous tracking anti-feature</a> that <a href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports users when they follow ping links</a> in Apple Safari, Google Chrome, Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is no excuse for malware. going to be based on Chromium. </li> <li>The Brightest Flashlight app  <li id="M201811020">  Foundry's graphics software <a href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers"> sends user data, including geolocation, for use by companies.</a> href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/"> reports information to identify who is running it</a>. The result is often a legal threat demanding a lot of money. The FTC criticized fact that this app because is used for repression of forbidden sharing makes it asked the user to approve sending personal data to the app developer but did even more vicious. This illustrates that making unauthorized copies of nonfree software is not ask about sending it to other companies. This shows a cure for the weakness injustice of nonfree software. It may avoid paying for the reject-it-if-you-dislike-snooping “solution” to surveillance: why should a flashlight app send any information to anyone? A free software flashlight app would not. nasty thing, but cannot make it less nasty. </li> </ul> <div class="big-subsection"> <h4 id="SpywareInGames">Spyware in Games</h4> id="SpywareInMobileApps">Mobile Apps</h4> (<a href="#SpywareInGames">#SpywareInGames</a>) href="#SpywareInMobileApps">#SpywareInMobileApps</a>) </div> <ul> <li>nVidia's proprietary GeForce Experience <ul class="blurbs">  <li id="M202308080">  The Yandex company has started to <a href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes users identify themselves and then sends personal href="https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b"> give away Yango taxi ride data about them to nVidia servers</a>. </li> <li>Angry Birds <a href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html"> spies for companies, and Russia's Federal Security Service (FSB)</a>. The Russian government (and whoever else receives the NSA takes advantage to spy the data) thus has access to a wealth of personal information, including who traveled where, when, and with which driver. Yandex <a href="https://yandex.ru/legal/confidential/?lang=en"> claims that it complies with European regulations</a> for data collected in the European Economic Area, Switzerland or Israel. But what about the rest of the world? </li>  <li id="M202304030">  The Pinduoduo app <a href="https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html"> snoops on other apps, and takes control of them</a>. It also installs additional malware that is hard to remove. </li>  <li id="M202206020">  Canada has fined the company Tim Hortons for making <a href="https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/"> an app that tracks people's movements</a> to learn things such as where they live, where they work, and when they visit competitors' stores. </li>  <li id="M202204040">  New Amazon worker chat app <a href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would ban specific words Amazon doesn't like</a>, such as “union”, “restrooms”, and “pay raise”. If the app was free, workers could modify the program so it acts as they wish, not how Amazon wants it. </li>  <li id="M202203010">  The nonfree app “Along,” developed by a company controlled by Zuckerberg, <a href="https://kappanonline.org/dont-go-along-with-corporate-schemes-to-gather-up-student-data/"> leads students to reveal to their teacher personal information</a> about themselves and their families. Conversations are recorded and the collected data sent to the company, which grants itself the right to sell it. See also <a href="/education/educational-malware-app-along.html#content">Educational Malware App “Along”</a>. </li>  <li id="M202201270">  The data broker X-Mode <a href="https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker">bought location data about 20,000 people collected by around 100 different malicious apps</a>. </li>  <li id="M202111090">  A building in LA, with a supermarket in it, <a href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands customers load a particular app to pay for parking in the parking lot</a>, and accept pervasive surveillance. They also have the option of entering their license plate numbers in a kiosk. That is an injustice, too. </li>  <li id="M202106030">  <a href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok apps collect biometric identifiers and biometric information from users' smartphones</a>. The company behind it does whatever it wants and collects whatever data it can. </li>  <li id="M202104060">  The <a href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire app saves people's wedding photos forever and hands over data to others</a>, giving users no control over their personal information/data. The app also sometimes shows old photos and memories to users, without giving them any control over this either. </li>  <li id="M202102010">  Many cr…apps, developed by various companies for various organizations, do <a href="https://www.expressvpn.com/digital-security-lab/investigation-xoth"> location tracking unknown to those companies and those organizations</a>. It's actually some widely used libraries that do the tracking. What's unusual here is that proprietary software developer A tricks proprietary software developers B1 … B50 into making platforms for A to mistreat the end user. </li>  <li id="M202003260">  The Apple iOS version of Zoom <a href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is sending users' data to Facebook</a> even if the user doesn't have a Facebook account. According to the article, Zoom and Facebook don't even mention this surveillance on their privacy policy page, making this an obvious violation of people's privacy even in their own terms. </li>  <li id="M202003010">  The Alipay Health Code app estimates whether the user has Covid-19 and <a href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html"> tells the cops directly</a>. </li>  <li id="M202001290">  The Amazon Ring app does <a href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report"> surveillance for other companies as well as for Amazon</a>. </li>  <li id="M201912220">  The ToToc messaging app seems to be a <a href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html"> spying tool for the government of the United Arab Emirates</a>. Any nonfree program could be doing this, and that is a good reason to use free software instead. Note: this article uses the word “free” in the sense of “gratis.” </li>  <li id="M201912090">  iMonsters and Android phones, when used for work, give employers powerful <a href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy"> snooping and sabotage capabilities</a> if they install their own software on the device. Many employers demand to do this. For the employee, this is simply nonfree software, as fundamentally unjust and as dangerous as any other nonfree software. </li>  <li id="M201910130">  The Chinese Communist Party's “Study the Great Nation” app requires users to grant it <a href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962"> access to the phone's microphone, photos, text messages, contacts, and internet history</a>, and the Android version was found to contain a back-door allowing developers to run any code they wish in the users' phone, as “superusers.” Downloading and using this app is mandatory at some workplaces. Note: The <a href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html"> Washington Post version of the article</a> (partly obfuscated, but readable after copy-pasting in a text editor) includes a clarification saying that the tests were only performed on the Android version of the app, and that, according to Apple, “this kind of ‘superuser' surveillance could not be conducted on Apple's operating system.” </li>  <li id="M201909091">  The Facebook app <a href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/"> tracks users even when it is turned off</a>, after tricking them into giving the app broad permissions in order to use one of its functionalities. </li>  <li id="M201909090">  Some nonfree period-tracking apps including MIA Fem and Maya <a href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem"> send intimate details of users' lives to Facebook</a>. </li>  <li id="M201909060">  Keeping track of who downloads a proprietary program is a form of surveillance. There is a proprietary program for adjusting a certain telescopic rifle sight. <a href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/"> A US prosecutor has demanded the list of all the 10,000 or more people who have installed it</a>. With a free program there would not be a list of who has installed it. </li>  <li id="M201907081">  Many unscrupulous mobile-app developers keep finding ways to <a href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/"> bypass user's settings</a>, regulations, and privacy-enhancing features of the operating system, in order to gather as much private data as they possibly can. Thus, we can't trust rules against spying. What we can trust is having control over the software we run. </li>  <li id="M201907080">  Many Android apps can track users' movements even when the user says <a href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location"> not to allow them access to locations</a>. This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps. </li>  <li id="M201905300">  The Femm “fertility” app is secretly a <a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"> tool for propaganda</a> by natalist Christians. It spreads distrust for contraception. It snoops on users, too, as you must expect from nonfree programs. </li>  <li id="M201905060">  BlizzCon 2019 imposed a <a href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/"> requirement to run a proprietary phone app</a> to be allowed into the event. This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has <a href="https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/"> near-complete control</a> over the phone. </li>  <li id="M201904131">  Data collected by menstrual and pregnancy monitoring apps is often <a href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance"> available to employers and insurance companies</a>. Even though the data is “anonymized and aggregated,” it can easily be traced back to the woman who uses the app. This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do so. A free-software app that does more or less the same thing without spying on you is available from <a href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f"> a new one is being developed</a>. </li>  <li id="M201904130">  Google tracks the movements of Android phones and iPhones running Google apps, and sometimes <a href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html"> saves the data for years</a>. Nonfree software in the phone has to be responsible for sending the location data to Google. </li>  <li id="M201903251">  Many Android phones come with a huge number of <a href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html"> preinstalled nonfree apps that have access to sensitive data without users' knowledge</a>. These hidden apps may either call home with the data, or pass it on to user-installed apps that have access to the network but no direct access to the data. This results in massive surveillance on which the user has absolutely no control. </li>  <li id="M201903211">  The MoviePass dis-service <a href="https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/"> is planning to use face recognition to track people's eyes</a> to make sure they won't put their phones down or look away during ads—and trackers. </li>  <li id="M201903201">  A study of 24 “health” apps found that 19 of them <a href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows"> send sensitive personal data to third parties</a>, which can use it for invasive advertising or discriminating against people in poor medical condition. Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping. </li>  <li id="M201902230">  Facebook offered a convenient proprietary library for building mobile apps, which also <a href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html"> sent personal data to Facebook</a>. Lots of companies built apps that way and released them, apparently not realizing that all the personal data they collected would go to Facebook as well. It shows that no one can trust a nonfree program, not even the developers of other nonfree programs. </li>  <li id="M201902140">  The AppCensus database gives information on <a href="https://www.appcensus.io/"> how Android apps use and misuse users' personal data</a>. As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the <a href="/proprietary/proprietary-surveillance.html#M201812290"> Advertising ID</a> to other companies, and <a href="https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/"> 18,000 (23% of the total) link this ID to hardware identifiers</a>, so that users cannot escape tracking by resetting it. Collecting hardware identifiers is in apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to take action. This proves that the policies of a development platform are ineffective at preventing nonfree software developers from including malware in their programs. </li>  <li id="M201902060">  Many nonfree apps have a surveillance feature for <a href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/"> recording all the users' actions</a> in interacting with the app. </li>  <li id="M201902041.1">  Twenty nine “beauty camera” apps that used to be on Google Play had one or more malicious functionalities, such as <a href="https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/"> stealing users' photos instead of “beautifying” them</a>, pushing unwanted and often malicious ads on users, and redirecting them to phishing sites that stole their credentials. Furthermore, the user interface of most of them was designed to make uninstallation difficult. Users should of course uninstall these dangerous apps if they haven't yet, but they should also stay away from nonfree apps in general. All nonfree apps carry a potential risk because there is no easy way of knowing what they really do. </li>  <li id="M201902010">  An investigation of the 150 most popular gratis VPN apps in Google Play found that <a href="https://www.top10vpn.com/research/free-vpn-investigations/risk-index/"> 25% fail to protect their users' privacy</a> due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well. Moreover, a previous investigation had found that <a href="https://www.top10vpn.com/research/free-vpn-investigations/ownership/">half of the top 10 gratis VPN apps have lousy privacy policies</a>. (It is unfortunate that these articles talk about “free apps.” These apps are gratis, but they are not <a href="/philosophy/free-sw.html">free software</a>.) </li>  <li id="M201901050">  The Weather Channel app <a href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling"> stored users' locations to the company's server</a>. The company is being sued, demanding that it notify the users of what it will do with the data. We think that lawsuit is about a side issue. What the company does with the data is a secondary issue. The principal wrong here is that the company gets that data at all. <a href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps"> Other weather apps</a>, including Accuweather and WeatherBug, are tracking people's locations. </li>  <li id="M201812290">  Around 40% of gratis Android apps <a href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report"> report on the user's actions to Facebook</a>. Often they send the machine's “advertising ID,” so that Facebook can correlate the data it obtains from the same machine via various apps. Some of them send Facebook detailed information about the user's activities in the app; others only say that the user is using that app, but that alone is often quite informative. This spying occurs regardless of whether the user has a Facebook account. </li>  <li id="M201810244">  Some Android apps <a href="https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/"> track the phones of users that have deleted them</a>. </li>  <li id="M201808030">  Some Google apps on Android <a href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile"> record the user's location even when users disable “location tracking”</a>. There are other ways to turn off the other kinds of location tracking, but most users will be tricked by the misleading control. </li>  <li id="M201806110">  The Spanish football streaming app <a href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks the user's movements and listens through the microphone</a>. This makes them act as spies for licensing enforcement. We expect it implements DRM, too—that there is no way to save a recording. But we can't be sure from the article. If you learn to care much less about sports, you will benefit in many ways. This is one more. </li>  <li id="M201804160">  More than <a href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50% of the 5,855 Android apps studied by researchers were found to snoop and collect information about its users</a>. 40% of the apps were found to insecurely snitch on its users. Furthermore, they could detect only some methods of snooping, in these proprietary apps whose source code they cannot look at. The other apps might be snooping in other ways. This is evidence that proprietary apps generally work against their users. To protect their privacy and freedom, Android users need to get rid of the proprietary software—both proprietary Android by <a href="https://replicant.us">switching to Replicant</a>, and the proprietary apps by getting apps from the free software only <a href="https://f-droid.org/">F-Droid store</a> that <a href="https://f-droid.org/docs/Anti-Features/"> prominently warns the user if an app contains anti-features</a>. </li>  <li id="M201804020">  Grindr collects information about <a href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status"> which users are HIV-positive, then provides the information to companies</a>. Grindr should not have so much information about its users. It could be designed so that users communicate such info to each other but not to the server's database. </li>  <li id="M201803050">  The moviepass app and dis-service spy on users even more than users expected. It <a href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records where they travel before and after going to a movie</a>. Don't be tracked—pay cash! </li>  <li id="M201802280">  Spotify app <a href="https://www.sec.gov/Archives/edgar/data/1639920/000119312518063434/d494294df1.htm">harvests users' data to personally identify and know people</a> through music, their mood, mindset, activities, and tastes. There are over 150 billion events logged daily on the program which contains users' data and personal information. </li>  <li id="M201711240">  Tracking software in popular Android apps is pervasive and sometimes very clever. Some trackers can <a href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/"> follow a user's movements around a physical store by noticing WiFi networks</a>. </li>  <li id="M201709020">  <a href="https://web.archive.org/web/20230607090524/https://old.reddit.com/r/Instagram/comments/6xkhi8/ig_suddenly_asking_for_phone_number_not_visible/">Instagram is forcing users to give away their phone numbers</a> and won't let people continue using the app if they refuse. </li>  <li id="M201708270">  The Sarahah app <a href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/"> uploads all phone numbers and email addresses</a> in user's address book to developer's server. (Note that this article misuses the words “<a href="/philosophy/free-sw.html">free software</a>” referring to zero price.) </li>  <li id="M201707270">  20 dishonest Android apps recorded <a href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/">phone calls and sent them and text messages and emails to snoopers</a>. Google did not intend to make these apps spy; on the contrary, it worked in various ways to prevent that, and deleted these apps after discovering what they did. So we cannot blame Google specifically for the snooping of these apps. On the other hand, Google redistributes nonfree Android apps, and therefore shares in the responsibility for the injustice of their being nonfree. It also distributes its own nonfree apps, such as Google Play, <a href="/philosophy/free-software-even-more-important.html">which are malicious</a>. Could Google have done a better job of preventing apps from cheating? There is no systematic way for Google, or Android users, to inspect executable proprietary apps to see what they do. Google could demand the source code for these apps, and study the source code somehow to determine whether they mistreat users in various ways. If it did a good job of this, it could more or less prevent such snooping, except when the app developers are clever enough to outsmart the checking. But since Google itself develops malicious apps, we cannot trust Google to protect us. We must demand release of source code to the public, so we can depend on each other. </li>  <li id="M201705230">  Apps for BART <a href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/"> snoop on users</a>. With free software apps, users could make sure that they don't snoop. With proprietary apps, one can only hope that they don't. </li>  <li id="M201705040">  A study found 234 Android apps that track users by <a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening to ultrasound from beacons placed in stores or played by TV programs</a>. </li>  <li id="M201704260">  Faceapp appears to do lots of surveillance, judging by <a href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much access it demands to personal data in the device</a>. </li>  <li id="M201704190">  Users are suing Bose for <a href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a spyware app for its headphones</a>. Specifically, the app would record the names of the audio files users listen to along with the headphone's unique serial number. The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should be flat out <a href="/philosophy/surveillance-vs-democracy.html"> illegal to design the app to snoop at all</a>. </li>  <li id="M201704074">  Pairs of Android apps can collude to transmit users' personal data to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands of pairs that collude</a>. </li>  <li id="M201703300">  Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that it will</a> pre-install on some of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine. Currently, the app is <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installed on only one phone</a>, and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware. </li>  <li id="M201701210">  The Meitu photo-editing app <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends user data to a Chinese company</a>. </li>  <li id="M201611280">  The Uber app tracks <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients' movements before and after the ride</a>. This example illustrates how “getting the user's consent” for surveillance is inadequate as a protection against massive surveillance. </li>  <li id="M201611160">  A <a href="https://research.csiro.au/isp/wp-content/uploads/sites/106/2016/08/paper-1.pdf"> research paper</a> that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.” Following is a non-exhaustive list, taken from the research paper, of some proprietary VPN apps that track users and infringe their privacy: <dl class="compact"> <dt>SurfEasy</dt> <dd>Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads.</dd> <dt>sFly Network Booster</dt> <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code> permissions upon installation, meaning it has full access to users' text messages.</dd> <dt>DroidVPN and TigerVPN</dt> <dd>Requests the <code>READ_LOGS</code> permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this.</dd> <dt>HideMyAss</dt> <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested.</dd> <dt>VPN Services HotspotShield</dt> <dd>Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly five tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website).</dd> <dt>WiFi Protector VPN</dt> <dd>Injects JavaScript code into HTML pages, and also uses roughly five tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking the user and displaying ads.</dd> </dl> </li>  <li id="M201609210">  Google's new voice messaging app <a href="https://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs all conversations</a>. </li>  <li id="M201606050">  Facebook's new Magic Photo app <a href="https://www.theregister.com/2015/11/10/facebook_scans_camera_for_your_friends/"> scans your mobile phone's photo collections for known faces</a>, and suggests you circulate the picture you take according to who is in the frame. This spyware feature seems to require online access to some known-faces database, which means the pictures are likely to be sent across the wire to Facebook's servers and face-recognition algorithms. If so, none of Facebook users' pictures are private anymore, even if the user didn't “upload” them to the service. </li>  <li id="M201605310">  Facebook's app listens all the time, <a href="https://www.independent.co.uk/tech/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to snoop on what people are listening to or watching</a>. In addition, it may be analyzing people's conversations to serve them with targeted advertisements. </li>  <li id="M201604250">  A pregnancy test controller application not only can <a href="https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security"> spy on many sorts of data in the phone, and in server accounts, it can alter them too</a>. </li>  <li id="M201601130">  Apps that include <a href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/"> Symphony surveillance software snoop on what radio and TV programs are playing nearby</a>. Also on what users post on various sites such as Facebook, Google+ and Twitter. </li>  <li id="M201511190">  “Cryptic communication,” unrelated to the app's functionality, was <a href="https://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"> found in the 500 most popular gratis Android apps</a>. The article should not have described these apps as “free”—they are not free software. The clear way to say “zero price” is “gratis.” The article takes for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any other snooping. </li>  <li id="M201510300">  More than 73% and 47% of mobile applications, for Android and iOS respectively <a href="https://techscience.org/a/2015103001/">hand over personal, behavioral and location information</a> of their users to third parties. </li>  <li id="M201508210">  Like most “music screaming” disservices, Spotify is based on proprietary malware (DRM and snooping). In August 2015 it <a href="https://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy"> demanded users submit to increased snooping</a>, and some are starting to realize that it is nasty. This article shows the <a href="https://www.theregister.com/2015/08/21/spotify_worse_than_the_nsa/"> twisted ways that they present snooping as a way to “serve” users better</a>—never mind whether they want that. This is a typical example of the attitude of the proprietary software industry towards those they have subjugated. Out, out, damned Spotify! </li>  <li id="M201507281">  Many retail businesses publish cr…apps that ask to <a href="https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/"> spy on the user's own data</a>—often many kinds. Those companies know that snoop-phone usage trains people to say yes to almost any snooping. </li>  <li id="M201506264">  <a href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf"> A study in 2015</a> found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%. The article confusingly describes gratis apps as “free”, but most of them are not in fact <a href="/philosophy/free-sw.html">free software</a>. It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly. </li>  <li id="M201505060">  Gratis Android apps (but not <a href="/philosophy/free-sw.html">free software</a>) connect to 100 <a href="https://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking and advertising</a> URLs, on the average. </li>  <li id="M201504060">  Widely used <a href="https://freedom-to-tinker.com/2015/04/06/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary QR-code scanner apps snoop on the user</a>. This is in addition to the snooping done by the phone company, and perhaps by the OS in the phone. Don't be distracted by the question of whether the app developers get users to say “I agree”. That is no excuse for malware. </li>  <li id="M201411260">  Many proprietary apps for mobile devices report which other apps the user has installed. <a href="https://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this in a way that at least is visible and optional</a>. Not as bad as what the others do. </li>  <li id="M201401150.1"> <!--#echo ...; http://www.gnu.org/proprietary/po/proprietary-surveillance.it-diff.html - [detail] - [similar]

PREV NEXT