Voice of Reason – The question of the recent decades has been how much of our liberty can we and should we give up in the name of security. And while that question continues to persist, the new question of the modern age is how much privacy can we and should we give up in the name of convenience?

We have apps that make life infinitely easier and more convenient, but with each app we use we give them some of our personal data. And while most of us think we can control what data each app gets, new research shows we might be gravely mistaken.

In the following video, Right Wing News looks at the latest research, which shows how some Android apps are bypassing user permissions by simply getting information from other apps. And while most of this is quite innocuous, what happens when malware apps get data from your other apps? And while this research may be new on the consumer front, you can rest assured that this is old news for the spy agencies.

Android apps are ‘secretly colluding’ to share information with one another without asking for permission, new research has found.

This data sharing could lead to security breaches with user location, contact details and other private information at risk.

Apps designed around the personalization of ringtones, widgets, and emojis are the most at risk, the researchers said.

In a study of more than 100,000 of Google Play’s most popular apps, the team found 23,495 colluding pairs of apps.

Once downloaded, apps can communicate with one another without user permission, and some take advantage of this feature to read personal data. 

‘Apps that don’t have a good reason to ask for extra permissions sometimes don’t bother. Instead, they manage to get information through other apps,’ study co-author Professor Gang Wang, a computer scientist at Virginia Tech University, told New Scientist.

The types of threats arising from app data sharing fall into two major categories, the team said.

User data could be breached using a malware app that is specifically designed to launch a cyberattack, or using normal apps that simply allow for collusion.

In the latter category, it is not possible to know the intentions of the app developer, so collusion – while still a security breach – can in many cases be unintentional, the researchers said.

The analysis is the first ever large-scale and systematic study of how the apps on Android phones are able to talk to one another and trade information.

“Researchers were aware that apps may talk to one another in some way, shape, or form,” said Professor Wang.

What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.

To test different pairs of apps, the team developed a tool called ‘DIALDroid’ to perform a large inter-app security analysis that took 6,340 hours.

“Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorized apps to gain access to privileged data,” said co-author Professor Daphne Yao.

The team studied 110,150 apps over three years including 100,206 of Google Play’s most popular apps.

They also studied 9,994 malware apps from Virus Share, a private collection of malware app samples.

The set-up for cybersecurity leaks works when a sender app colludes with a receiver app to share key information.

This means that a seemingly innocuous app, such as the phone’s flashlight, can share contacts, geolocation, and other private information with malware apps.

The team found that the biggest security risks were some of the least useful apps – software designed for the personalization of ringtones, widgets, and emojis.

Professor Wang stated:

“App security is a little like the Wild West right now with few regulations.

We hope this paper will be a source for the industry to consider re-examining their software development practices and incorporate safeguards on the front end.

We can’t quantify what the intention is for app developers in the non-malware cases.

But we can at least raise awareness of this security problem with mobile apps for consumers who previously may not have thought much about what they were downloading onto their phones.”

Network World Repots:

With Pokémon Go currently enjoying, what I would call, a wee-bit-o-success, now seems like a good time to talk about a few things people may not know about the world’s favorite new smartphone game.

This is not an opinion piece. I am not going to tell you Pokémon Go is bad or that it invades your privacy. I’m merely presenting verifiable facts about the biggest, most talked about game out there. Let’s start with a little history.

Way back in 2001, Keyhole, Inc. was founded by John Hanke (who previously worked in a “foreign affairs” position within the U.S. government). The company was named after the old “eye-in-the-sky” military satellites. One of the key, early backers of Keyhole was a firm called In-Q-Tel.

In-Q-Tel is the venture capital firm of the CIA. Yes, the Central Intelligence Agency. Much of the funding purportedly came from the National Geospatial-Intelligence Agency (NGA). The NGA handles combat support for the U.S. Department of Defense and provides intelligence to the NSA and CIA, among others.

Keyhole’s noteworthy public product was “earth” Renamed to “Google Earth” after Google acquired Keyhole in 2004.

In the following video, tech journalist Bryan Lunduke joins one of my favorite radio hosts, Jimmy Church to talk about the crazy connections between the CIA, NSA, Google and Pokemon Go. This is one story for conspiracy theorists that can be officially confirmed…it is real. What is really going on? Well, this is the broadcast that tells the entire saga…from beginning to end…this is a true, not-to-miss show. The discussion about Pokeman and the intelligence community begins around the 52:00 mark…

Over the next few years, Niantic created two location-based apps/games. The first was Field Trip, a smartphone application where users walk around and find things. The second was Ingress, a sci-fi-themed game where players walk around and between locations in the real world.

In 2015, Niantic was spun off from Google and became its own company. Then Pokémon Go was developed and launched by Niantic. It’s a game where you walk around in the real world (between locations suggested by the service) while holding your smartphone.

Data the game can access

Let’s move on to what information Pokémon Go has access to, bearing the history of the company in mind as we do.

When you install Pokémon Go on an Android phone, you grant it the following access (not including the ability to make in-app purchases):

Identity

• Find accounts on the device

Contacts

• Find accounts on the device

Location

• Precise location (GPS and network-based)
• Approximate location (network-based)

Photos/Media/Files

• Modify or delete the contents of your USB storage
• Read the contents of your USB storage

Storage

• Modify or delete the contents of your USB storage
• Read the contents of your USB storage

Camera

• Take pictures and videos

Other

• Receive data from the internet
• Control vibration
• Pair with Bluetooth devices
• Access Bluetooth settings
• Full network access
• Use accounts on the device
• View network connections
• Prevent the device from sleeping

Based on the access to your device (and your information), coupled with the design of Pokémon Go, the game should have no problem discerning and storing the following information (just for a start):

Where you are

Where you were

What route you took between those locations

When you were at each location

How long it took you to get between them

What you are looking at right now

What you were looking at in the past

What you look like

What files you have on your device and the entire contents of those files

I’m not going to tell people what they should think of all this. I’m merely presenting the information. I recommend looking over the list of what data the game has access to, then going back to the beginning of this article and re-reading the history of the company.

SF Source The Last Great Stand April 2017