Mobile apps sharing usernames, passwords, credit card details with third parties: Study

Agencies
July 8, 2018

Washington, Jul 8: Some popular smartphone apps may be secretly taking screenshots of your activity and sending them to third parties, a study has found. This is particularly disturbing because these screenshots - and videos of your activity on the screen - could include usernames, passwords, credit card numbers, and other important personal information, researchers said.

"We found that thousands of popular apps have the ability to record your screen and anything you type," said David Choffnes, a professor at Northeastern University in the US.

"That includes your username and password, because it can record the characters you type before they turn into those little black dots," said Choffnes.

The study was designed to investigate a persistent urban legend that phones are secretly recording our conversations and then selling that information to companies so they can pepper you with targeted advertisements.

While the researchers found no evidence of recorded conversations, they discovered activity that could be even more dangerous.

"We knew we were looking for a needle in a haystack, and we were surprised to find several needles," said Choffnes.

What they found is that some companies were sending screenshots and videos of user phone activities to third parties. Although these privacy breaches appeared to be benign, they emphasised how easily a phone's privacy window could be exploited for profit.

"This opening will almost certainly be used for malicious purposes," said Christo Wilson, a professor at Northeastern.

"It's simple to install and collect this information. And what's most disturbing is that this occurs with no notification to or permission by users," said Wilson.

"In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers," he said.

The researchers analysed over 17,000 of the most popular apps on the Android operating system, using an automated test programme written by the students.

Although the study was conducted on Android phones, researchers said there is no reason to believe that other phone operating systems would be less vulnerable.

In all, 9,000 of the 17,000 apps had the potential to take screenshots.

"In one case, the app took video of the screen activity and sent that information to a third party," said Wilson.

That app was GoPuff, a fast-food delivery service, which sent the screenshots to Appsee, a data analytics firm for mobile devices. All this was done without the awareness of app users.

Researchers emphasised that neither company appeared to have any nefarious intent. They said that web developers commonly use this type of information to debug their apps and improve the user experience.

However, that does not mean a malicious company could not use this privacy window to steal personal information for profit.

"That has the potential to be much worse than having the camera taking pictures of the ceiling or the microphone recording pointless conversations. There is no easy way to close this privacy opening," said Choffnes.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 21,2024

adani.jpg

Shares of Adani Group companies lost about $28 billion in market value in morning trade on Thursday after US prosecutors charged the billionaire chairman of the Indian conglomerate in an alleged bribery and fraud scheme.

Gautam Adani's flagship company Adani Enterprises tumbled 23 per cent, while Adani Ports, Adani Total Gas, Adani Green, Adani Power, Adani Wilmar and Adani Energy Solutions, ACC , Ambuja Cements and NDTV fell between 20 per cent and 90 per cent.

Adani group's 10 listed stocks had a total market capitalisation of about $141 billion at 0534 GMT, compared to $169.08 billion on Tuesday.

US authorities said Adani and seven other defendants, including his nephew Sagar Adani, agreed to pay about $265 million in bribes to Indian government officials to obtain contracts expected to yield $2 billion of profit over 20 years, and develop India's largest solar power plant project.

Adani Green in a statement on Thursday said the US Justice Department had issued a criminal indictment against board members Gautam Adani and Sagar Adani and the Securities and Exchange Commission had issued a civil complaint against them.

The US Justice Department also included Adani Green board member Vneet Jaain in the criminal indictment, it said.

Adani Green's units had decided not to proceed with the proposed US dollar denominated bond offerings due to developments, it added.

"Investors will shy away from Adani Group stocks ... and that's what this sharp selling is signifying," said Saurabh Jain, assistant vice president of retail equities research at SMC Global Securities.

"This could hurt the credibility of the group and maybe borrowing costs will rise," he said.

The indictment comes nearly two years after US shortseller Hindenburg Research alleged that Adani had improperly used tax havens and was involved in stock manipulation, allegations the conglomerate denied.

Also in early Asian trading on Thursday, Adani dollar bonds slumped, with prices down 3c-5c on bonds for Adani Ports and Special Economic Zone. The falls were the largest since the Adani Group came under a short-seller attack in February 2023.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 15,2024

iranarmy.jpg

Iran’s Islamic Revolution Guards Corps (IRGC) has killed or captured 69 terrorists linked to the Israeli spy agency Mossad during a major counterterrorism drill in the country's southeast, its spokesman says.  

General Ahmad Shafaei, the spokesman for the “Martyrs of Security” drill, said Friday that a total of 23 terrorists have been killed and another 46 arrested in various clean-up operations ever since the IRGC Ground Force launched it in the Sistan and Baluchestan province on November 1.

Seven terrorists have also turned themselves in during the period.

“The undeniable fact about terrorists is that they rely on arrogant powers, particularly the intelligence service of the wicked and vicious Zionist regime," Shafaei said.

“Unfortunately, weapons and munitions at terrorists’ disposal are among the most sophisticated ones in the world. This accounts for their heavy dependence.” 

The official stated that several members of the disbanded terror teams were non-Iranian nationals, who had been hired by foreign intelligence agencies to carry out acts of sabotage and terror inside Iran.

In a most recent operation, six terrorists were arrested and four others were eliminated, three of whom were non-Iranians, he added. 

On October 26, ten members of Iran's law enforcement forces were killed in a terrorist attack in the Gohar Kuh district of Taftan in the Sistan and Baluchestan province.

The so-called Jaish al-Adl terrorist group claimed responsibility for the assault, which was one of the deadliest in the province in recent months.

The group has carried out numerous terrorist attacks in Iran, primarily in Sistan and Baluchestan.

Its tactics include the abduction of border guards as well as targeting civilians and police stations within the province to incite chaos and disorder.

In January, Iran launched a military operation during which the headquarters of the Pakistan-based terrorist group was targeted in missile strikes, destroying its infrastructure.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 13,2024

buldozerjustice.jpg

New Delhi: The Supreme Court took a firm stance on ‘bulldozer justice’ today, affirming that the Executive cannot bypass the Judiciary and that the legal process must not prejudge the guilt of an accused. In a significant judgment, the bench led by Justices BR Gavai and KV Viswanathan set new guidelines for demolition practices, responding to petitions challenging the controversial bulldozer actions taken against individuals accused of crimes.

The rise of this practice, termed 'bulldozer justice,' has seen authorities in various states demolish what they claim to be illegal structures belonging to accused individuals. However, multiple petitions questioned the legality and fairness of this approach, bringing the matter before the court.

Justice Gavai highlighted that owning a home is a cherished goal for many families, and an essential question was whether the Executive should have the authority to strip individuals of their shelter. “In a democracy, the rule of law protects citizens from arbitrary actions by the state. The criminal justice system must not assume guilt,” stated the bench, underscoring that due process is a fundamental right under the Constitution.

On the principle of separation of powers, the bench reinforced that the Judiciary alone holds adjudicatory powers and that the Executive cannot overstep these boundaries. Justice Gavai remarked, “When the state demolishes a home purely because its resident is accused of a crime, it violates the doctrine of separation of powers.”

The court issued a strong warning about accountability, stating that public officials who misuse their power or act arbitrarily must face consequences. Justice Gavai observed that selectively demolishing one property while ignoring similar cases suggests that the aim might be to penalize rather than enforce legality. “For most citizens, a house is the product of years of labor and dreams. Taking it away must be an action of last resort, thoroughly justified,” he said.

In its directives under Article 142 of the Constitution, the Supreme Court established new demolition guidelines. These include:

Mandatory Show-Cause Notice: No demolition should occur without first issuing a show-cause notice. The person served has a minimum of 15 days or the duration stated in local laws to respond.

Transparency of Notice Content: The notice must include specifics about the alleged unauthorized construction, the nature of the violation, and the rationale for demolition.

Hearing and Final Order: Authorities are required to hear the response of the affected individual before issuing a final order. The homeowner will have 15 days to address the issue, with demolition proceeding only if no stay order is obtained from an appellate authority.

Contempt Proceedings: Any breach of these guidelines would lead to contempt proceedings. Officials who disregard these norms will be personally accountable for restitution, with costs deducted from their salaries.

Additionally, the court mandated that all municipal bodies establish digital portals within three months, displaying show-cause notices and final orders on unauthorized structures to ensure public transparency and accountability.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.