[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-mobiles.de.html malware...
From: |
GNUN |
Subject: |
www/proprietary malware-mobiles.de.html malware... |
Date: |
Tue, 26 Sep 2017 07:00:50 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 17/09/26 07:00:50
Modified files:
proprietary : malware-mobiles.de.html malware-mobiles.it.html
proprietary/po : malware-mobiles.de-diff.html
malware-mobiles.it-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-mobiles.de.html?cvsroot=www&r1=1.17&r2=1.18
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-mobiles.it.html?cvsroot=www&r1=1.17&r2=1.18
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-mobiles.de-diff.html?cvsroot=www&r1=1.5&r2=1.6
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-mobiles.it-diff.html?cvsroot=www&r1=1.6&r2=1.7
Patches:
Index: malware-mobiles.de.html
===================================================================
RCS file: /web/www/www/proprietary/malware-mobiles.de.html,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -b -r1.17 -r1.18
--- malware-mobiles.de.html 20 Jul 2017 12:59:45 -0000 1.17
+++ malware-mobiles.de.html 26 Sep 2017 11:00:49 -0000 1.18
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/malware-mobiles.de.po">
+ https://www.gnu.org/proprietary/po/malware-mobiles.de.po</a>'
+ --><!--#set var="ORIGINAL_FILE" value="/proprietary/malware-mobiles.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/malware-mobiles.de-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2017-07-28" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.83 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
<!--#include virtual="/server/banner.de.html" -->
+<!--#include virtual="/server/outdated.de.html" -->
<h2>Schadprogramme auf Mobilgeräten</h2>
<p><a href="/proprietary/">Weitere Beispiele proprietärer
Schadsoftware</a></p>
@@ -635,7 +641,7 @@
<p class="unprintable"><!-- timestamp start -->
Letzte Ãnderung:
-$Date: 2017/07/20 12:59:45 $
+$Date: 2017/09/26 11:00:49 $
<!-- timestamp end -->
</p>
Index: malware-mobiles.it.html
===================================================================
RCS file: /web/www/www/proprietary/malware-mobiles.it.html,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -b -r1.17 -r1.18
--- malware-mobiles.it.html 6 Jul 2017 20:59:54 -0000 1.17
+++ malware-mobiles.it.html 26 Sep 2017 11:00:49 -0000 1.18
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/malware-mobiles.it.po">
+ https://www.gnu.org/proprietary/po/malware-mobiles.it.po</a>'
+ --><!--#set var="ORIGINAL_FILE" value="/proprietary/malware-mobiles.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/malware-mobiles.it-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2017-07-28" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
<!--#include virtual="/server/header.it.html" -->
<!-- Parent-Version: 1.83 -->
@@ -8,6 +13,7 @@
<!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
<!--#include virtual="/server/banner.it.html" -->
+<!--#include virtual="/server/outdated.it.html" -->
<h2>Malware nei dispositivi mobili</h2>
<p><a href="/proprietary/proprietary.html">Altri esempi di malware
@@ -512,7 +518,7 @@
<p class="unprintable"><!-- timestamp start -->
Ultimo aggiornamento:
-$Date: 2017/07/06 20:59:54 $
+$Date: 2017/09/26 11:00:49 $
<!-- timestamp end -->
</p>
Index: po/malware-mobiles.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-mobiles.de-diff.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -b -r1.5 -r1.6
--- po/malware-mobiles.de-diff.html 17 Jul 2017 05:30:12 -0000 1.5
+++ po/malware-mobiles.de-diff.html 26 Sep 2017 11:00:50 -0000 1.6
@@ -11,10 +11,15 @@
</style></head>
<body><pre>
<!--#include virtual="/server/header.html" -->
-<!-- Parent-Version: <span
class="removed"><del><strong>1.79</strong></del></span> <span
class="inserted"><ins><em>1.83</em></ins></span> -->
+<!-- Parent-Version: <span
class="removed"><del><strong>1.83</strong></del></span> <span
class="inserted"><ins><em>1.84</em></ins></span> -->
<title>Malware in Mobile Devices
- GNU Project - Free Software Foundation</title>
- <!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
+<span class="inserted"><ins><em><style type="text/css"
media="print,screen"><!--
+li dl { margin-top: .3em; }
+li dl dt { margin: .3em 0 0 0; font-weight: normal; font-style: italic; }
+li dl dd { margin: 0 3%; }
+--></style></em></ins></span>
+<!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
<!--#include virtual="/server/banner.html" -->
<h2>Malware in Mobile Devices</h2>
@@ -66,20 +71,20 @@
<h3 id="back-doors">Mobile Back Doors</h3>
<ul>
- <span
class="removed"><del><strong><li><p>The</strong></del></span>
- <span class="inserted"><ins><em><li id="back-door-microphone">
- <p>The</em></ins></span> universal back door in portable phones <a
-
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is
- employed to listen through their microphones</a>.</p>
- </li>
-
- <span
class="removed"><del><strong><li><p>Most</strong></del></span>
-
- <span class="inserted"><ins><em><li id="back-door-malicious">
- <p>Most</em></ins></span> mobile phones have a universal back door,
which has been
- used to <a
-
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
+ <span class="removed"><del><strong><li
id="back-door-microphone"></strong></del></span>
+ <span class="inserted"><ins><em><li></em></ins></span>
+ <p>The universal back door in portable phones
+ <a
+ <span
class="removed"><del><strong>href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
+ is</em></ins></span> employed to listen through their
microphones</a>.</p>
+ <span class="removed"><del><strong></li>
+
+ <li id="back-door-malicious"></strong></del></span>
+ <p>Most mobile phones have <span
class="removed"><del><strong>a</strong></del></span> <span
class="inserted"><ins><em>this</em></ins></span> universal back door, which has
been
+ used to
+ <a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
turn them malicious</a>.</p>
+ <span class="inserted"><ins><em><p>More about <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the
nature of this problem</a>.</p></em></ins></span>
</li>
<li><p><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
@@ -95,7 +100,7 @@
<li>
<p>In Android, <a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
- Google has a back door to remotely delete apps.</a> (It is in a
program
+ Google has a back door to remotely delete <span
class="removed"><del><strong>apps.</a> (It</strong></del></span> <span
class="inserted"><ins><em>apps</a> (it</em></ins></span> is in a program
called GTalkService).
</p>
@@ -127,6 +132,12 @@
<ul>
<li>
+ <span class="inserted"><ins><em><p>Siri, Alexa, and all the other
voice-control systems can be
+ <a
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">hijacked
by programs that play commands in ultrasound that humans can't hear</a>.
+ </p>
+</li>
+
+<li></em></ins></span>
<p>Many Android devices <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
can be hijacked through their Wi-Fi chips</a> because of a bug in
Broadcom's non-free firmware.</p>
@@ -136,7 +147,8 @@
<p>Samsung
phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
a security hole that allows an SMS message to install
-ransomeware</a>.</p>
+<span
class="removed"><del><strong>ransomeware</a>.</p></strong></del></span>
+<span
class="inserted"><ins><em>ransomware</a>.</p></em></ins></span>
</li>
<li>
@@ -160,9 +172,19 @@
<h3 id="surveillance">Mobile Surveillance</h3>
<ul>
+ <span class="inserted"><ins><em><li><p>The Sarahah app
+ <a
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers and email addresses</a> in user's address
+ book to developer's server. Note that this article misuses the words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring to zero price.</p>
+ </li>
+
+ <li><p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots of data to
China</a>.</p></li></em></ins></span>
<li>
- <span class="inserted"><ins><em><p>Facebook's app listens all the
time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
+ <p>Facebook's app listens all the time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
on what people are listening to or watching</a>. In addition, it may
be analyzing people's conversations to serve them with targeted
advertisements.</p>
@@ -231,7 +253,7 @@
perfectly.</p>
</li>
-<li></em></ins></span>
+<li>
<p>A study found 234 Android apps that track users by
<a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
to ultrasound from beacons placed in stores or played by TV
programs</a>.
@@ -358,7 +380,7 @@
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
- and <span class="inserted"><ins><em>in</em></ins></span> laptops</a>.
(I suspect this means Windows laptops.) Here is <a
+ and in laptops</a>. (I suspect this means Windows laptops.) Here is
<a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
</li>
@@ -386,7 +408,7 @@
<h3 id="drm">Mobile DRM</h3>
<ul>
-<span class="inserted"><ins><em><li id="android-apps-detect-rooting">
+<li id="android-apps-detect-rooting">
<p>Google now allows Android apps to detect whether a device has been
rooted, <a
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
refuse to install
if so</a>.</p>
@@ -394,7 +416,7 @@
<p>Update: Google <i>intentionally</i> <a
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">
changed Android so that apps can detect rooted devices and refuse to
run on them</a>.</p>
-</li></em></ins></span>
+</li>
<li>
<p>The iPhone 7 contains DRM specifically designed to <a
@@ -487,7 +509,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/07/17 05:30:12 $
+$Date: 2017/09/26 11:00:50 $
<!-- timestamp end -->
</p>
</div>
Index: po/malware-mobiles.it-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-mobiles.it-diff.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- po/malware-mobiles.it-diff.html 26 Mar 2017 19:00:34 -0000 1.6
+++ po/malware-mobiles.it-diff.html 26 Sep 2017 11:00:50 -0000 1.7
@@ -11,16 +11,15 @@
</style></head>
<body><pre>
<!--#include virtual="/server/header.html" -->
-<!-- Parent-Version: 1.79 -->
+<!-- Parent-Version: <span
class="removed"><del><strong>1.83</strong></del></span> <span
class="inserted"><ins><em>1.84</em></ins></span> -->
<title>Malware in Mobile Devices
- GNU Project - Free Software Foundation</title>
- <!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
-<span class="removed"><del><strong><style type="text/css"
media="print,screen">
-<!--
-#content div.toc li { list-style: none; margin-bottom: 1em; }
-#content div.toc { margin-top: 1em; }
--->
-</style></strong></del></span>
+<span class="inserted"><ins><em><style type="text/css"
media="print,screen"><!--
+li dl { margin-top: .3em; }
+li dl dt { margin: .3em 0 0 0; font-weight: normal; font-style: italic; }
+li dl dd { margin: 0 3%; }
+--></style></em></ins></span>
+<!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
<!--#include virtual="/server/banner.html" -->
<h2>Malware in Mobile Devices</h2>
@@ -50,21 +49,18 @@
the <a href="/proprietary/malware-apple.html">the Apple malware
page</a> for malicious functionalities specific to the Apple
iThings.</p>
-<div <span class="removed"><del><strong>class="toc">
-<div class="malfunctions"></strong></del></span> <span
class="inserted"><ins><em>class="summary" style="margin-top: 1em">
-<h3>Type of malware</h3></em></ins></span>
+<div class="summary" style="margin-top: 1em">
+<h3>Type of malware</h3>
<ul>
-<span class="removed"><del><strong><li><strong>Type of
malware</strong></li></strong></del></span>
<li><a href="#back-doors">Back doors</a></li>
<!--<li><a
href="#censorship">Censorship</a></li>-->
<li><a href="#insecurity">Insecurity</a></li>
<!--<li><a href="#sabotage">Sabotage</a></li>-->
<!--<li><a
href="#interference">Interference</a></li>-->
<li><a href="#surveillance">Surveillance</a></li>
-<span class="removed"><del><strong><!--<li><a</strong></del></span>
-<span class="inserted"><ins><em><li><a</em></ins></span>
href="#drm">Digital restrictions
+<li><a href="#drm">Digital restrictions
management</a> or “DRM” means functionalities designed
- to restrict what users can do with the data in their <span
class="removed"><del><strong>computers.</li>--></strong></del></span>
<span class="inserted"><ins><em>computers.</li></em></ins></span>
+ to restrict what users can do with the data in their computers.</li>
<li><a href="#jails">Jails</a>—systems
that impose censorship on application programs.</li>
<li><a href="#tyrants">Tyrants</a>—systems
@@ -72,19 +68,23 @@
manufacturer.</li>
</ul>
</div>
-<span class="removed"><del><strong></div></strong></del></span>
<h3 id="back-doors">Mobile Back Doors</h3>
<ul>
- <li><p>The universal back door in portable phones <a
-
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is
- employed to listen through their microphones</a>.</p>
- </li>
-
- <li><p>Most mobile phones have a universal back door, which has
been
- used to <a
-
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
+ <span class="removed"><del><strong><li
id="back-door-microphone"></strong></del></span>
+ <span class="inserted"><ins><em><li></em></ins></span>
+ <p>The universal back door in portable phones
+ <a
+ <span
class="removed"><del><strong>href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
+ is</em></ins></span> employed to listen through their
microphones</a>.</p>
+ <span class="removed"><del><strong></li>
+
+ <li id="back-door-malicious"></strong></del></span>
+ <p>Most mobile phones have <span
class="removed"><del><strong>a</strong></del></span> <span
class="inserted"><ins><em>this</em></ins></span> universal back door, which has
been
+ used to
+ <a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
turn them malicious</a>.</p>
+ <span class="inserted"><ins><em><p>More about <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the
nature of this problem</a>.</p></em></ins></span>
</li>
<li><p><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
@@ -100,7 +100,7 @@
<li>
<p>In Android, <a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
- Google has a back door to remotely delete apps.</a> (It is in a
program
+ Google has a back door to remotely delete <span
class="removed"><del><strong>apps.</a> (It</strong></del></span> <span
class="inserted"><ins><em>apps</a> (it</em></ins></span> is in a program
called GTalkService).
</p>
@@ -123,15 +123,35 @@
</ul>
<h3 id="insecurity">Mobile Insecurity</h3>
+
+<p>These bugs are/were not intentional, so unlike the rest of the file
+ they do not count as malware. We mention them to refute the
+ supposition that prestigious proprietary software doesn't have grave
+ bugs.</p>
+
<ul>
+
<li>
-<span class="inserted"><ins><em><p>Samsung
+ <span class="inserted"><ins><em><p>Siri, Alexa, and all the other
voice-control systems can be
+ <a
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">hijacked
by programs that play commands in ultrasound that humans can't hear</a>.
+ </p>
+</li>
+
+<li></em></ins></span>
+ <p>Many Android devices <a
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
+ can be hijacked through their Wi-Fi chips</a> because of a bug in
+ Broadcom's non-free firmware.</p>
+</li>
+
+<li>
+<p>Samsung
phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
a security hole that allows an SMS message to install
-ransomeware</a>.</p>
+<span
class="removed"><del><strong>ransomeware</a>.</p></strong></del></span>
+<span
class="inserted"><ins><em>ransomware</a>.</p></em></ins></span>
</li>
-<li></em></ins></span>
+<li>
<p>Many proprietary payment apps <a
href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
transmit personal data in an insecure way</a>.
@@ -152,9 +172,152 @@
<h3 id="surveillance">Mobile Surveillance</h3>
<ul>
-<span class="inserted"><ins><em><li><p>The Meitu photo-editing
+ <span class="inserted"><ins><em><li><p>The Sarahah app
+ <a
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers and email addresses</a> in user's address
+ book to developer's server. Note that this article misuses the words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring to zero price.</p>
+ </li>
+
+ <li><p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots of data to
China</a>.</p></li></em></ins></span>
+
+<li>
+ <p>Facebook's app listens all the time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
+ on what people are listening to or watching</a>. In addition, it may
+ be analyzing people's conversations to serve them with targeted
+ advertisements.</p>
+</li>
+
+
+<li>
+ <p>A
+ <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated the privacy and security
+ of 283 Android VPN apps concluded that “in spite of the
+ promises for privacy, security, and anonymity given by the
+ majority of VPN apps—millions of users may be unawarely subject
+ to poor security guarantees and abusive practices inflicted by
+ VPN apps.”</p>
+
+ <p>Following is a non-exhaustive list of proprietary VPN apps from
+ the research paper that tracks and infringes the privacy of
+ users:</p>
+
+ <dl>
+ <dt>SurfEasy</dt>
+ <dd>Includes tracking libraries such as NativeX and Appflood,
+ meant to track users and show them targeted ads.</dd>
+
+ <dt>sFly Network Booster</dt>
+ <dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
+ permissions upon installation, meaning it has full access to
+ users' text messages.</dd>
+
+ <dt>DroidVPN and TigerVPN</dt>
+ <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ for other apps and also core system logs. TigerVPN developers
+ have confirmed this.</dd>
+
+ <dt>HideMyAss</dt>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs
+ and may turn them over to the UK government if
+ requested.</dd>
+
+ <dt>VPN Services HotspotShield</dt>
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display
+ ads. Uses roughly 5 tracking libraries. Also, it redirects the
+ user's traffic through valueclick.com (an advertising
+ website).</dd>
+
+ <dt>WiFi Protector VPN</dt>
+ <dd>Injects JavaScript code into HTML pages, and also uses
+ roughly 5 tracking libraries. Developers of this app have
+ confirmed that the non-premium version of the app does
+ JavaScript injection for tracking and display ads.</dd>
+ </dl>
+</li>
+
+<li>
+ <p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90% of the top-ranked gratis
+ proprietary Android apps contained recognizable tracking libraries. For
+ the paid proprietary apps, it was only 60%.</p>
+
+ <p>The article confusingly describes gratis apps as “free”,
+ but most of them are not in fact
+ <a href="/philosophy/free-sw.html">free software</a>.
+ It also uses the ugly word “monetize”. A good replacement
+ for that word is “exploit”; nearly always that will fit
+ perfectly.</p>
+</li>
+
+<li>
+ <p>A study found 234 Android apps that track users by
+ <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or played by TV
programs</a>.
+ </p>
+</li>
+
+<li>
+ <p>Faceapp appears to do lots of surveillance, judging by
+ <a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access it demands to personal data in the
device</a>.
+ </p>
+ </li>
+
+<li>
+ <p>Pairs of Android apps can collude to transmit users' personal data
+ to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands of pairs that collude.</a></p>
+</li>
+
+<li>
+<p>Google Play intentionally sends app developers <a
+href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+the personal details of users that install the app</a>.</p>
+
+<p>Merely asking the “consent” of users is not enough
+to legitimize actions like this. At this point, most users have
+stopped reading the “Terms and Conditions” that spell out
+what they are “consenting” to. Google should clearly
+and honestly identify the information it collects on users, instead
+of hiding it in an obscurely worded EULA.</p>
+
+<p>However, to truly protect people's privacy, we must prevent Google
+and other companies from getting this personal information in the first
+place!</p>
+</li>
+
+<li>
+ <p>Google Play (a component of Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking. This is
+ yet another example of nonfree software pretending to obey the user,
+ when it's actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p>
+
+</li>
+<li>
+ <p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
+ announced an opt-in proprietary search app that it will</a>
+ pre-install on some of its phones. The app will give Verizon the same
+ information about the users' searches that Google normally gets when
+ they use its search engine.</p>
+
+ <p>Currently, the app is <a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
+ being pre-installed on only one phone</a>, and the
+ user must explicitly opt-in before the app takes effect. However, the
+ app remains spyware—an “optional” piece of spyware is
+ still spyware.</p>
+</li>
+<li><p>The Meitu photo-editing
app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
-user data to a Chinese
company</a>.</p></li></em></ins></span>
+user data to a Chinese company</a>.</p></li>
<li>
<p>A half-blind security critique of a tracking app: it found that <a
@@ -217,7 +380,7 @@
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
- and laptops</a>. (I suspect this means Windows laptops.) Here is <a
+ and in laptops</a>. (I suspect this means Windows laptops.) Here is
<a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
</li>
@@ -242,14 +405,37 @@
</li>
</ul>
-<h3 <span class="inserted"><ins><em>id="drm">Mobile DRM</h3>
+<h3 id="drm">Mobile DRM</h3>
<ul>
+
+<li id="android-apps-detect-rooting">
+<p>Google now allows Android apps to detect whether a device has been
+rooted, <a
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
refuse to install
+if so</a>.</p>
+
+<p>Update: Google <i>intentionally</i> <a
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">
+changed Android so that apps can detect rooted devices and refuse to
+run on them</a>.</p>
+</li>
+
+ <li>
+ <p>The iPhone 7 contains DRM specifically designed to <a
+
href="https://motherboard.vice.com/en_us/article/iphone-7-home-button-unreplaceable-repair-software-lock">
+ brick it if an “unauthorized” repair shop fixes it</a>.
+ “Unauthorized” essentially means anyone besides Apple.</p>
+
+ <p>The article uses the term “lock” to describe the DRM,
+ but we prefer to use the term <a
+ href="https://gnu.org/philosophy/words-to-avoid.html#DigitalLocks">
+ digital handcuffs</a>.</p>
+ </li>
+
<li><p>Android <a
href="https://developer.android.com/reference/android/drm/package-summary.html">contains
facilities specifically to support DRM</a>.</p>
</li>
</ul>
-<h3</em></ins></span> id="jails">Mobile Jails</h3>
+<h3 id="jails">Mobile Jails</h3>
<ul>
<li><p><a
href="https://fsf.org/campaigns/secure-boot-vs-restricted-boot/">Mobile
@@ -313,7 +499,7 @@
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2014, 2015, <span
class="removed"><del><strong>2016</strong></del></span> <span
class="inserted"><ins><em>2016, 2017</em></ins></span> Free Software
Foundation, Inc.</p>
+<p>Copyright © 2014, 2015, 2016, 2017 Free Software Foundation,
Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
@@ -323,7 +509,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/03/26 19:00:34 $
+$Date: 2017/09/26 11:00:50 $
<!-- timestamp end -->
</p>
</div>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary malware-mobiles.de.html malware...,
GNUN <=