Curious about what’s possible when partnering with S&T? Check out the final Tech Impact video to learn about @AppCensusInc’s success + how to work with us through the Silicon Valley Innovation Program. ⬇️
https://t.co/XKo1fOmoAQ
This press article is based on the findings of our last USENIX'23 paper:
https://t.co/IQZGn6AbR7
Co-authored by A. Lyons, J. Gamba, A. Shawaga, J. Reardon, @0xjet, @v0max and myself, from @UCalgary@IMDEA_Networks@uc3m @ICSIatBerkeley and @AppCensusInc
ICYMI: An FTC complaint confirmed findings I first reported in 2020 that the fertility app Premom was sharing user data with Chinese advertisers without user permission.
The company has settled for $200,000 w/ the FTC and state AGs.
https://t.co/SyANomjGnq
(We exist, but are currently focused on serving our existing paying customers, so can’t keep our free services updated in the short term. Rather than having people use data that is now several years old, we removed the free dataset from the website.)
@AppCensusInc and Lumen Privacy Monitor by @narseo exist no more. What other/new tools are there for investigating private data sharing in apps? Using it for teacher education #twitterhjerne
@bjarkeLA@narseo Yes, we made it very clear why on the website: https://t.co/52D3ybXClB
We repurposed that infrastructure to better serve our customers. Long term, we would like to rebuild it and continue offering it as a free service. But unfortunately we’re way too busy in the short term.
New blog post: https://t.co/1Q86nHT2ro
We discovered a spyware SDK that collects various identifiers, the contents of the clipboard, scans home networks to identify devices, as well as hashes of files on the user’s phone.
@TommyBurazin They definitely were removed a week or so ago. We assume that after they were booted, they were allowed to submit updates that removed the SDK. There was evidence the app devs didn’t know what the SDK did, so forcing them to fix it vs. permanently banning them seems appropriate.
New blog post: https://t.co/1Q86nHT2ro
We discovered a spyware SDK that collects various identifiers, the contents of the clipboard, scans home networks to identify devices, as well as hashes of files on the user’s phone.
It’s being distributed by a Panamanian shell company, Measurement Systems, which appears to be affiliated with a US defense contractor, Vostrom Holdings.
Developers are being lied to about what it does, which may induce them to violate various privacy laws.
@AEPD_es@AlvaroFeal@primalw@AmitElazari@v0max Today, we received the AEPD Emilio Aced Award in privacy research. It is very satisfying and a great honour seeing how our research contributions to improve online privacy are recognized by public data protection agencies.
Another research award recognizing our co-founders for their contributions to online privacy!
The award is for this paper: https://t.co/SWY98azLZj
We're also happy to report that Google has fixed many of these privacy vulnerabilities.
In the same vulnerability report, we noted that the Huq SDK contained code to do the same thing. They’ve also been in the news recently…
https://t.co/5x6cShuici
Glad to see the FTC taking action on this!
We reported the underlying vulnerability to Google in 2018, which allowed Android apps to access location data (BSSIDs) without permission by accessing the ARP cache.
Advertising platform OpenX will pay $2 Million for collecting personal information from children in violation of children’s privacy law: https://t.co/JFQIystNgK