1. Home
  2. Mobile apps sharing usernames, passwords, credit card details with third parties: Study

Mobile apps sharing usernames, passwords, credit card details with third parties: Study

Agencies
July 8, 2018

Washington, Jul 8: Some popular smartphone apps may be secretly taking screenshots of your activity and sending them to third parties, a study has found. This is particularly disturbing because these screenshots - and videos of your activity on the screen - could include usernames, passwords, credit card numbers, and other important personal information, researchers said.

"We found that thousands of popular apps have the ability to record your screen and anything you type," said David Choffnes, a professor at Northeastern University in the US.

"That includes your username and password, because it can record the characters you type before they turn into those little black dots," said Choffnes.

The study was designed to investigate a persistent urban legend that phones are secretly recording our conversations and then selling that information to companies so they can pepper you with targeted advertisements.

While the researchers found no evidence of recorded conversations, they discovered activity that could be even more dangerous.

"We knew we were looking for a needle in a haystack, and we were surprised to find several needles," said Choffnes.

What they found is that some companies were sending screenshots and videos of user phone activities to third parties. Although these privacy breaches appeared to be benign, they emphasised how easily a phone's privacy window could be exploited for profit.

"This opening will almost certainly be used for malicious purposes," said Christo Wilson, a professor at Northeastern.

"It's simple to install and collect this information. And what's most disturbing is that this occurs with no notification to or permission by users," said Wilson.

"In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers," he said.

The researchers analysed over 17,000 of the most popular apps on the Android operating system, using an automated test programme written by the students.

Although the study was conducted on Android phones, researchers said there is no reason to believe that other phone operating systems would be less vulnerable.

In all, 9,000 of the 17,000 apps had the potential to take screenshots.

"In one case, the app took video of the screen activity and sent that information to a third party," said Wilson.

That app was GoPuff, a fast-food delivery service, which sent the screenshots to Appsee, a data analytics firm for mobile devices. All this was done without the awareness of app users.

Researchers emphasised that neither company appeared to have any nefarious intent. They said that web developers commonly use this type of information to debug their apps and improve the user experience.

However, that does not mean a malicious company could not use this privacy window to steal personal information for profit.

"That has the potential to be much worse than having the camera taking pictures of the ceiling or the microphone recording pointless conversations. There is no easy way to close this privacy opening," said Choffnes.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 15,2024

amitshah.jpg

Union minister Amit Shah on Friday, November 15, said PM Narendra Modi will amend the Waqf Act despite opposition from leaders like Uddhav Thackeray and Sharad Pawar.

"Modi ji wants to change the Waqf Board law, but Uddhav ji, Sharad Pawar and Supriya Sule are opposing it," Shah said, addressing a rally at Umarkhed in Maharashtra's Yavatmal district.

"Uddhav ji, listen carefully, you all can protest as much as you want, but Modi ji will amend the Waqf Act," he said. Shah said there are two camps in the November 20 Maharashtra assembly polls, one of 'Pandavas' represented by the BJP-led Mahayuti and the other of 'Kauravas' represented by Maha Vikas Aghadi.

"Uddhav Thackeray claims that his Shiv Sena is the real one. Can the real Shiv Sena go against renaming Aurangabad to Sambhajinagar? Can the real Shiv Sena go against renaming Ahmednagar to Ahilyanagar? The real Shiv Sena stands with the BJP," Shah said.

"Rahul Baba used to say that his government would credit money in the accounts of the people instantly. You were unable to fulfil your promises in Himachal, Karnataka, and Telangana," he said.

Shah said the Mahayuti alliance has promised that women will get Rs 2,100 per month under the Ladki Bahin Yojana. "Kashmir is an integral part of India and no power in the world can snatch it away from us," Shah said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2024

Mangaluru: A man fell victim to an online scam, losing Rs 1.7 crore after fraudsters posed as officials from TRAI. According to a complaint filed at the CEN police station, the incident began on November 11, when the complainant received a call from an unknown number at 9:49 am.

The caller, claiming to represent TRAI, alleged that another mobile number registered under the complainant's name was involved in illegal activities in Andheri (East), Mumbai. The caller further stated that an FIR was lodged against the complainant for harassment under the guise of marketing. He was instructed to contact Andheri (East) police station immediately or risk his mobile service being deactivated within two hours.

The complainant was subsequently connected to an individual named Pradeep Sawant, who claimed the complainant was implicated in a money laundering scheme linked to the Naresh Goyal fraud case. Sawant alleged that a fraudulent bank account under the complainant's name was opened at Canara Bank, Andheri, and used to purchase a SIM card for illegal activities. He warned that the complainant could face arrest.

Later, the complainant was contacted via WhatsApp video call by individuals posing as Rahul Kumar (a police officer) and Akanksha (a CBI officer). They allegedly sent fabricated CBI documents to his WhatsApp number. The fraudsters demanded money to "resolve" the case. Fearing threats, the complainant allegedly transferred Rs 1.7 crore through RTGS in batches of Rs 53 lakh, Rs 74 lakh, and Rs 44 lakh between November 13 and 19. A case has been registered at the CEN police station and an investigation is ongoing.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 17,2024

Mangaluru: District-in-Charge Minister and Minister for Health and Family Welfare, Dinesh Gundu Rao, announced that a day-care chemotherapy centre will soon be established at District Wenlock Hospital. Speaking to mediapersons after reviewing the activities at Wenlock and Government Lady Goschen Hospital, he shared the government’s plans to enhance healthcare services in the region.

Key Initiatives Announced

•    Day-Care Chemotherapy Centre:

  • Ten beds will be reserved for cancer patients.
  • The government will collaborate with Yenepoya Hospital to provide chemotherapy treatments.
  • All required facilities for the centre are already in place, awaiting inauguration by the Chief Minister.

•    Wenlock Hospital Facelift:

  • Critical Care Block: To be built at a cost of ₹24 crore.
  • Integrated Public Health (IPH) Lab: Planned with a budget of ₹1 crore.
  • New OPD Block: As per a 2017 agreement, KMC Hospital will take up construction. Discussions with KMC management are underway.

•    Additional Requirements:

  • A new mortuary and post-mortem building.
  • Paramedical college building.
  • Modern kitchen.
  • Bridge connecting two buildings within the hospital.

•    Total facelift cost: ₹6 crore to ₹10 crore, utilizing funds from the Department of Health and Family Welfare and CSR contributions.

•    Timeline:
By December or January, priority works will be finalized. The superintendents of Wenlock and Lady Goschen Hospitals are scheduled to visit Bengaluru next week to discuss these projects.

•    MRI Fee Allegations:
The minister assured that allegations of patients being charged for MRI scans at Wenlock Hospital will be resolved at the earliest.
These measures aim to improve healthcare accessibility and infrastructure, positioning Wenlock Hospital as a state-of-the-art facility in the region.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.