privacy

Mobile Security and Privacy Weekly Digest - 2023.10

cookie Your weekly digest of Mobile Security and Privacy News in under 9 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy. If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video. Here’s links to the briefings covered in this weekly digest:

China's top Android phones exfil significant data without consent - Mobile Privacy Briefing 2023.104

cookie If you’re in the market for a new Android device and value your privacy, avoid purchasing it in China! While this is not likely for most folks following my content, it was eye opening to see just how much data is exfiltrated from mainland China devices. I first came across this research in an article by The Register titled “Surprise! China’s top Android phones collect way more info”.

Fraudulent trading apps in Apple and Google app stores - Mobile Security Briefing 2023.102

cookie Sophos released some great analysis last month on fraudulent trading apps in Apple and Google app stores. What really caught my interest was how the apps passed the app approval processes at both Apple and Google. As a mobile security researcher, I’ve long known that the review processes on both the App Store and Play Store are no substitute for bespoke mobile app security and privacy testing (full disclosure: I’m the co-founder of NowSecure).

BetterHelp shares mental health data without consent - Mobile Privacy Briefing 2023.101

cookie “BetterHelp will be required to pay $7.8 million for deceiving consumers after promising to keep sensitive personal data private” reads the subtitle to the FTC press release on 2 Mar 2023. While BetterHelp roll out the tired response that the settlement “is no admission of wrongdoing”, it can still be true if you don’t admit it. What exactly did they do? From the FTC complaint: BetterHelp used and revealed consumers’ email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes, according to the FTC’s complaint

Mobile Security and Privacy Weekly Digest - 2023.09

Your weekly digest of Mobile Security and Privacy News in under 8 minutes (shoot, 17 mins this week, sorry)! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy. If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video. Here’s links to the briefings covered in this weekly digest:

Unofficial ChatGPT mobile apps pose privacy risk - Mobile Privacy Briefing 2023.095

Top10VPN researchers uncovered privacy violations in the top 10 unofficial ChatGPT apps on the Apple App and Android Play Stores. I say unofficial because OpenAI does not offer official ChatGPT mobile apps (you should use ChatGPT via the web interface). It’s not surprising that a technology that exploded into the mainstream so quickly would also create an opportunity for privacy (and probably security) abuse. Many folks are probably not aware that these apps are unofficial and certainly don’t inspect what sort of data is collected.

Mobile Security and Privacy Weekly Digest - 2003.08

Your weekly digest of Mobile Security and Privacy News in under 8 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy. If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video. Here’s links to the briefings covered in this weekly digest:

TikTok privacy insights via reverse engineering - Mobile Privacy Briefing 2023.084

On the more technical side, my friend Sebas creates a curated weekly summary of security (and other) topics in the Security Pills Newsletter. In Issue 27, he linked to an interesting technical write up of the great lengths TikTok has gone to obfuscate how their code works and in particular related to the sensitive personal data collected (shout our to vetias at nullpt.rs for the excellent re work and write up).

Scandinavian Airlines mobile app cyberattack - Mobile Security Briefing 2023.083

On 14 Feb 2023, Scandinavian Airlines warned users to stop using their mobile app as they were under an active cyberattack and user’s may receive incorrect data, including other customer’s personal information including: contact details previous and upcoming flights last four digits of the credit card number The incident was resolved several hours later but additional details are not available at this time. The last updated was posted in the Newsroom section of the SAS website on February 15, 2023 12:56.

Mobile app privacy enforcement push from California Attorney General Bonta - Mobile Privacy Briefing 2023.081

In late January 2023, California Attorney General Rob Bonta announced a CCPA (California Consumer Privacy Act) enforcement focus on mobile apps. The enforcement focuses on “popular apps in the retail, travel, and food service industries” that don’t allow or comply with consumer opt-out requests. A recent CCPA settlement involving Sephora cost the company $1.2m in penalties and obviously compliance with CCPA plus regular reporting to the AG’s office. We’re also seeing federal enforcement of mobile app privacy issues from the FTC, most recently with a $1.