[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-mobiles.html proprietar...
|
From: |
rsiddharth |
|
Subject: |
www/proprietary malware-mobiles.html proprietar... |
|
Date: |
Sat, 10 Jun 2017 19:22:05 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: rsiddharth <rsd> 17/06/10 19:22:05
Modified files:
proprietary : malware-mobiles.html
proprietary-surveillance.html
Log message:
[1192333] Add proprietary VPN screws.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-mobiles.html?cvsroot=www&r1=1.38&r2=1.39
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-surveillance.html?cvsroot=www&r1=1.129&r2=1.130
Patches:
Index: malware-mobiles.html
===================================================================
RCS file: /web/www/www/proprietary/malware-mobiles.html,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -b -r1.38 -r1.39
--- malware-mobiles.html 29 May 2017 05:43:46 -0000 1.38
+++ malware-mobiles.html 10 Jun 2017 23:22:05 -0000 1.39
@@ -147,6 +147,55 @@
<ul>
<li>
+ <p>A
+ <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf";>
+ research paper</a> that investigated the privacy and security
+ of 283 Android VPN apps concluded that “in spite of the
+ promises for privacy, security, and anonymity given by the
+ majority of VPN appsâmillions of users may be unawarely subject
+ to poor security guarantees and abusive practices inflicted by
+ VPN apps ”</p>
+
+ <p>Following is a non-exhaustive list of proprietary VPN apps from
+ the research paper that tracks and infringes the privacy of
+ users:</p>
+
+ <dl>
+ <dt>SurfEasy</dt>
+ <dd>Includes tracking libraries such as NativeX andAppflood,
+ meant to track users and show them targeted ads.</dd>
+
+ <dt>sFly Network Booster</dt>
+ <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
+ permissions upon installation, meaning it has full access to
+ users' text messages.</dd>
+
+ <dt>DroidVPN and TigerVPN</dt>
+ <dd>Requests the <code>READ_LOGS</code> permission to read logs
+ for other apps and also core system logs. TigerVPN developers
+ have confirmed this.</dd>
+
+ <dt>HideMyAss</dt>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs
+ and may turn them over to the UK government if
+ requested.</dd>
+
+ <dt>VPN Services HotspotShield</dt>
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display
+ ads. Uses roughly 5 tracking libraries. Also, it redirects the
+ user's traffic through valueclick.com (an advertising
+ website).</dd>
+
+ <dt>WiFi Protector VPN</dt>
+ <dd>Injects JavaScript code into HTML pages, and also uses
+ roughly 5 tracking libraries. Developers of this app have
+ confirmed that the non-premium version of the app does
+ JavaScript injection for tracking and display ads.</dd>
+ </dl>
+</li>
+
+<li>
<p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf";>A
study in 2015</a> found that 90% of the top-ranked gratis
proprietary Android apps contained recognizable tracking libraries. For
the paid proprietary apps, it was only 60%.</p>
@@ -415,7 +464,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/05/29 05:43:46 $
+$Date: 2017/06/10 23:22:05 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary-surveillance.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-surveillance.html,v
retrieving revision 1.129
retrieving revision 1.130
diff -u -b -r1.129 -r1.130
--- proprietary-surveillance.html 29 May 2017 05:43:46 -0000 1.129
+++ proprietary-surveillance.html 10 Jun 2017 23:22:05 -0000 1.130
@@ -323,6 +323,54 @@
<ul>
<li>
+ <p>A
+ <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf";>
+ research paper</a> that investigated the privacy and security
+ of 283 Android VPN apps concluded that “in spite of the
+ promises for privacy, security, and anonymity given by the
+ majority of VPN appsâmillions of users may be unawarely subject
+ to poor security guarantees and abusive practices inflicted by
+ VPN apps ”</p>
+
+ <p>Following is a non-exhaustive list of proprietary VPN apps from
+ the research paper that tracks and infringes the privacy of
+ users:</p>
+
+ <dl>
+ <dt>SurfEasy</dt>
+ <dd>Includes tracking libraries such as NativeX andAppflood,
+ meant to track users and show them targeted ads.</dd>
+
+ <dt>sFly Network Booster</dt>
+ <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
+ permissions upon installation, meaning it has full access to
+ users' text messages.</dd>
+
+ <dt>DroidVPN and TigerVPN</dt>
+ <dd>Requests the <code>READ_LOGS</code> permission to read logs
+ for other apps and also core system logs. TigerVPN developers
+ have confirmed this.</dd>
+
+ <dt>HideMyAss</dt>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs
+ and may turn them over to the UK government if
+ requested.</dd>
+
+ <dt>VPN Services HotspotShield</dt>
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display
+ ads. Uses roughly 5 tracking libraries. Also, it redirects the
+ user's traffic through valueclick.com (an advertising
+ website).</dd>
+
+ <dt>WiFi Protector VPN</dt>
+ <dd>Injects JavaScript code into HTML pages, and also uses
+ roughly 5 tracking libraries. Developers of this app have
+ confirmed that the non-premium version of the app does
+ JavaScript injection for tracking and display ads.</dd>
+ </dl>
+</li>
+<li>
<p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf";>A
study in 2015</a> found that 90% of the top-ranked gratis
proprietary Android apps contained recognizable tracking libraries. For
the paid proprietary apps, it was only 60%.</p>
@@ -1345,7 +1393,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/05/29 05:43:46 $
+$Date: 2017/06/10 23:22:05 $
<!-- timestamp end -->
</p>
</div>
- www/proprietary malware-mobiles.html proprietar...,
rsiddharth <=