How to slow Google Sensorvault from tracking your location on iOS, Android

By: Rick Broida

Not only is Google Maps tracking you, but a program called Google Sensorvault is potentially turning over your location data to law enforcement, according to a report from The New York Times. We’ll show you how you make it more difficult for Google or at least not hand over the most granular data.

Keep in mind that a 2018 Associated Press investigation reported that even if you manually disable Google Location History, Google Maps and other apps may retain data about your whereabouts.

We also recently learned that Facebook is tracking you even after you deactivate your account, so it’s not just Google that you have to worry about. (Alternatively, you may want to at least turn off Facebook’s facial recognition feature.)

google-activity-controls-web-and-app-activity
The Web & App Activity toggle will fully disable Google location tracking, but good luck finding it unless you know exactly where to look.Screenshot by Rick Broida/CNET

 

“Google maintains that such location-tracking features are intended to improve your experience. But that notion is at odds with the definition of “off,” said Princeton computer scientist Jonathan Mayer. “If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off,” he said.

android-web-app-activity
Feel free to disable Web & App Activity on Android, but keep in mind you’ll lose out on a lot of location-based services.Screenshot by Rick Broida/CNET

 

Indeed, even when Location History is toggled off in your Google account settings, AP discovered, actions like searching for something in your browser, checking automatic weather updates and opening Google Maps will record your location. Princeton researchers were able to verify AP’s claims.

If you want to fully disable location tracking (which, keep in mind, will limit certain apps’ location-driven capabilities), you need to disable another setting called Web & App Activity.

More: https://www.cnet.com/google-amp/news

Sistemas operacionais móveis e segurança – evolução

By: Alexandre Vasconcelos

Sistemas Operacionais são a base da computação desde seus primórdios, pois sempre foi necessário ter uma fundação e plataforma base, a partir de onde outros programas serão executados. É um tema fascinante e extenso, cadeira obrigatória nos cursos de computação.

Sistemas Operacionais de dispositivos Móveis, mais recentes, inevitavelmente são derivações (ou até mesmo adaptações) de sistemas existentes, mas nem por isso perdem em sua virtude executar tarefas nobres – e obrigatórias – como gerenciamento de recursos de hardware, por exemplo.

E a Segurança? Esta tem sido negligenciada por muitos no decorrer das últimas décadas. No entanto, na medida em que a computação em nuvem e a massificação do uso de dispositivos móveis aumenta, inevitavelmente torna-se um assunto de grande relevância.

Um dos principais pontos que definem o sucesso em maior ou menor intensidade é como um determinado produto é planejado e, consequentemente, concebido. Sem a intenção em voltar demais no tempo, os medalhões da tecnologia que iniciaram suas carreiras lá pelos anos 80 se lembrarão (saudosamente, muitas vezes) dos mainframes e dos monitores que exibiam apenas caracteres, devotados à eficiência computacional e ao máximo aproveitamento dos poucos recursos de hardware existentes na época. Não existia mobilidade e a segurança desempenhava seu papel, a conectividade era bem restrita e as ameaças limitadas.

Um pouco mais adiante, nos anos 90, o uso da Internet se intensifica, as interfaces gráficas tornam-se cada vez mais populares, mas a segurança ainda continua sendo coadjuvante nesta história. O nascimento do Google, iMac, players portáteis de MP3, além da telefonia móvel também que avançava. Os sistemas operacionais continuavam a evoluir, não apenas com o progresso da interface gráfica, mas também com o surgimento de opções como o Linux, que influenciaria decisivamente o mercado. Aqui a segurança ainda tinha um papel secundário, fraudes e roubo de identidade eram eventos de até certa forma isolados e que causavam poucos danos, apesar das falhas crescentes no flash e plugins em navegadores, por exemplo.

No início dos anos 2000 temos um cenário muito mais sólido e empolgante, muitas soluções disponíveis e um mercado de tecnologia muito mais maduro. Com a Internet cada vez mais presente, distribuída e com mais velocidade, redes sociais e YouTube abrirão caminho para que dispositivos móveis, como o iPhone, bem como as primeiras versões do Android (entre 2007 e 2009) ocupem espaço definitivo. Eis que a segurança começa a ocupar um papel de destaque, uma vez que os dados iniciam o processo de migração para estes dispositivos.

Nos últimos anos alguns eventos causaram impacto no uso da tecnologia. No campo da política, quando pairaram dúvidas a respeito da influência dos Russos nas eleições Americanas; além de inúmeros casos de vazamento de dados.

More: http://tiinside.com.br/tiinside/seguranca/

Dozens of US spies killed after Iran and China uncovered CIA messaging service using Google

By: Margi Murphy

Dozens of American spies were killed in Iran and China after a flawed communications service that allowed foreign foes to see what the agents were up to using Google, official sources have claimed.

Between 2009 and 2013 the US Central Intelligence Agency suffered a “catastrophic” secret communications failure in a website used by officers and their field agents around the world to speak to each other, according to a report in Yahoo News, which heard from 11 former intelligence and government officials about the previously unreported disaster.

“We’re still dealing with the fallout,” said one former national security official. “Dozens of people around the world were killed because of this.”

The internet-based communications platform was first used in the Middle East to communicate with soldiers in war zones and had not been intended for widespread use but due to its ease of use and efficacy, it was adopted by agents despite its lack of sophistication, the sources claimed.

Cracks only began to show when Iran, angered that the government under Barack Obama had discovered a secret Iranian nuclear weapon factory, went out with a fine tooth comb to find moles.

It discovered the existence of one of the websites used by US agents using Google. US officials believe that Iranian spies were able to use Google as a search tool to find secret CIA websites, unbeknown to those using them.

By 2011, Iran had infiltrated the CIA spy network and in May it announced that they had broken up a 30-strong ring of American spies.

Some informants were executed and others imprisoned as a result, the sources claimed.

This was corroborated by a report on ABC news at the time, which referred to a compromised communications system after a tip off from the CIA.

Meanwhile in China 30 agents working for the US were executed by the government after compromising the spy network using a similar means. Beijing had managed to break into a second temporary communications system,  splintered from the initial platform and were able to see every single agent the CIA had placed in the country, the sources told Yahoo.

The sources said that it the general consensus was that that Iran and China had traded technical information with each other to form a two-pronged attack.

A CIA agent in Russia who was warned about the attacks were able to change communication channels before anyone was uncovered.

More: https://www.telegraph.co.uk/technology/2018/11/03/dozens-us-spies-killed-iran-china-uncovered-cia-messaging-service/amp/

Google’s prototype Chinese search engine reportedly links searches to phone numbers

By: Adi Robertson

Google is reportedly building a prototype system that would tie Chinese users’ Google searches to their personal phone numbers, as part of a new search service that would comply with the Chinese government’s censorship requirements. The Intercept writes that the “Dragonfly” Android app, a secret project revealed by a whistleblower last month, could be linked to a user’s phone number — making it simple to track individual users’ searches.

This tracking would be in addition to Dragonfly’s blacklisting of terms like “human rights,” “student protest,” and “Nobel Prize,” which might normally pull up news about Chinese activist and Nobel laureate Liu Xiaobo. Sources have also told The Intercept that it’s “essentially hardcoded” to replace weather and air pollution results with potentially doctored data from a source in China.

Google hasn’t confirmed the existence of Dragonfly, and it’s mostly declined to comment on reports about the project. (It didn’t immediately respond to a request for comment on this latest news.) It’s previously said that it’s only doing “exploratory” work on a search service in China and that it’s “not close to launching a search product” in the country.

But these reports have drawn opposition inside and outside the company. Around 1,400 Google employees have allegedly signed a letter demanding more information about the project, which has been shrouded in secrecy and reportedly runs in partnership with a Chinese company. Earlier today, a bipartisan group of House representatives asked Google to answer questions about its plans for a Chinese search app, saying Congress has “a responsibility to ensure that American companies are not perpetuating human rights abuses abroad.” And The Interceptreported yesterday that Google senior research scientist Jack Poulson resigned to protest the decision, saying a total of five employees have left because of Dragonfly.

More: https://www.theverge.com/platform/amp

 

Google paid million dollars to track offline purchases using Mastercard Data

By: Pierluigi Paganini

Google has paid Mastercard millions of dollars to access offline transactions of its users, the news was revealed by Bloomberg.

New problems for Google, experts discovered a secret agreement of the tech giant with Mastercard to track user purchases offline.

Google has paid Mastercard millions of dollars to access offline transactions of its users.

The embarrassing agreement was revealed by Bloomberg that cited four unidentified people with knowledge of the deal.

Google used Mastercard data to track whether its ads led to a sale at a physical store in the U.S.

Google and Mastercard signed the agreement after a four-year negotiation, it gives the company all Mastercard transaction data in the US.

Neither Mastercard or Google have never disclosed the deal, roughly two billion Mastercard holders aren’t aware that Big G was tracking them.

“Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations, according to four people with knowledge of the deal, three of whom worked on it directly.” reads the report published by Bloomberg.

“The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others.”

Google used the data to fuel a new tool for advertisers, called Store Sales Measurement, that is currently in a test phase for a restricted group of advertisers. The tool aims at tracking the conversion rate of online advertisements into real-world retail sales.

Google never revealed that the source of data used by its Store Sales Measurement service since its presentation, the company only declared that its customers had access to approximately 70% of U.S. credit and debit cards through partners.

“People don’t expect what they buy physically in a store to be linked to what they are buying online,” said Christine Bannan, counsel with the advocacy group Electronic Privacy Information Center (EPIC).

“There’s just far too much burden that companies place on consumers and not enough responsibility being taken by companies to inform users what they’re doing and what rights they have.”

This suggests that not just Mastercard, Google has deals with other credit card companies as well, which total of 70% of the people who use credit and debit cards in the United States.

However, it seems that users can reportedly opt out of offline ad tracking by merely turning off “Web and App Activity” in their Google account.

Mastercard denied that it has provided personal information to any third parties.

More: https://securityaffairs.co/wordpress/75871/security/mastercard-data-google-deal.html

WhatsApp confirma que las copias de seguridad almacenadas en iCloud y Google Drive pierden el cifrado de extremo a extremo

By: Raúl Álvarez

Hace unos días WhatsApp y Google anunciaron con bombo y platillo un nuevo acuerdo que beneficiaría a todos los usuarios de la plataforma en Android. Y es que a partir del 12 de noviembre, todos aquellos usuarios de Android podrán hacer copias de seguridad de sus conversaciones en Google Drive, sin que éstos ocupen espacio de la cuota de almacenamiento.

Sin embargo, hay aquí hay un detalles que se pasó por alto en ese entonces y que hoy se deja en claro: las copias de seguridad gratuitas de WhatsApp en Google Drive pierden su cifrado, algo que también aplica para las copias en iCloud desde un iPhone

Información privada sin ningún tipo de protección

Cuando se hizo el anuncio, WhatsApp actualizó su página de soporte para reflejar estos cambios, donde también explicaba paso a paso cómo configurar esta característica. Lo que por supuesto levantó sospechas al ser “demasiado bello para ser cierto”.

Y así ha sido, hoy WhatsApp nuevamente ha actualizado su web de soporte para mencionar explícitamente la pérdida del cifrado en las copias de seguridad en Google Drive:

“Importante: Los archivos multimedia y mensajes que guardes no estarán protegidos por el cifrado de extremo a extremo de WhatsApp mientras están en Google Drive.”

Whatsapp Google Drive Cifrado

Pero eso no es todo, ya que también se confirma que esto aplica de igual forma a los respaldos que actualmente tenemos en Google Drive y iCloud. Es decir, todas las copias de seguridad almacenadas están guardadas sin ningún tipo de protección, por lo que cualquier persona con acceso a estos respaldos podría tener acceso a mensajes, fotos, vídeos, ubicación y todo lo que compartimos en WhatsApp.

Pero ojo, la mayoría de los comentarios se están centrando en lo que ocurre en Android con WhatsApp y Google Drive, pero la realidad es que las copias de seguridad en iPhone que se guardan en iCloud también pierden el cifrado una vez almacenadas. Es decir, ni en Android ni en iOS tenderemos copias de seguridad de WhatsApp protegidas por cifrado.

Más: https://m-xataka-com.cdn.ampproject.org

New Man-in-the-Disk attack leaves millions of Android phones vulnerable

By: Swati Khandelwal

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks.

Dubbed Man-in-the-Disk, the attack takes advantage of the way Android apps utilize ‘External Storage’ system to store app-related data, which if tampered could result in code injection in the privileged context of the targeted application.

It should be noted that apps on the Android operating system can store its resources on the device in two locations—internal storage and external storage.

Google itself offers guidelines to Android application developers urging them to use internal storage, which is an isolated space allocated to each application protected using Android’s built-in sandbox, to store their sensitive files or data.

However, researchers found that many popular apps—including Google Translate itself, along with Yandex Translate, Google Voice Typing, Google Text-to-Speech, Xiaomi Browser—were using unprotected external storage that can be accessed by any application installed on the same device.

How Android Man-in-the-Disk Attack Works?

Similar to the “man-in-the-middle” attack, the concept of “man-in-the-disk” (MitD) attack involves interception and manipulation of data being exchanged between external storage and an application, which if replaced with a carefully crafted derivative “would lead to harmful results.”

man-in-the-disk android hacking apps

 

More: https://thehackernews.com/2018/08/man-in-the-disk-android-hack.html

Google Tracks Android, iPhone Users Even With ‘Location History’ Turned Off

By: Mohit Kumar

Google tracks you everywhere, even if you explicitly tell it not to.

Every time a service like Google Maps wants to use your location, Google asks your permission to allow access to your location if you want to use it for navigating, but a new investigation shows that the company does track you anyway.

An investigation by Associated Press revealed that many Google services on Android and iPhone devices store records of your location data even when you have paused “Location History” on your mobile devices.

Disabling “Location History” in the privacy settings of Google applications should prevent Google from keeping track of your every movement, as its own support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

However, AP found that even with Location History turned off, some Google apps automatically store “time-stamped location data” on users without asking them, eventually misleading its claim.

“For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are,” the AP explains.

 

“And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude—accurate to the square foot—and save it to your Google account.”

To demonstrate the threat of this Google’s practice, the AP created a visual map of the movements of Princeton postdoctoral researcher Gunes Acar, who carried an Android smartphone with ‘Location History’ switched off to prevent location data collection.

More: https://thehackernews.com/2018/08/google-mobile-location-tracking.html

Facebook and Google use ‘dark patterns’ around privacy settings, report says

By: BBC NEWS Technology

Facebook, Google and Microsoft push users away from privacy-friendly options on their services in an “unethical” way, according to a report by the Norwegian Consumer Council.

It studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.

The firms gave users “an illusion of control”, its report suggested.

Both Google and Facebook said user privacy was important to them.

The report – Deceived by Design – was based on user tests which took place in April and May, when all three firms were making changes to their privacy policies to be in compliance with the EU’s General Data Protection Regulation (GDPR).

Illusion

It found examples of

  • privacy-friendly choices being hidden away
  • take-it-or-leave it choices
  • privacy-intrusive defaults with a longer process for users who want privacy-friendly options
  • some privacy settings being obscured
  • pop-ups compelling users to make certain choices, while key information is omitted or downplayed
  • no option to postpone decisions
  • threats of loss of functionality or deletion of the user account if certain settings not chosen

For example, Facebook warns anyone who wishes to disable facial recognition that doing so means that the firm “won’t be able to use this technology if a stranger uses your photo to impersonate you”.

The report concluded that users are often given the illusion of control through their privacy settings, when they are not getting it.

“Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears,” the report said.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/technology-44642569