Saturday, July 20, 2019

“Google has removed 7 ‘stalkerware’ apps from its Play Store - The Next Web” plus 2 more

“Google has removed 7 ‘stalkerware’ apps from its Play Store - The Next Web” plus 2 more


Google has removed 7 ‘stalkerware’ apps from its Play Store - The Next Web

Posted: 18 Jul 2019 05:39 AM PDT

For the ongoing series, Code Word, we're exploring if — and how — technology can protect individuals against sexual assault and harassment, and how it can help and support survivors.

Google has pulled seven tracking apps from the Play Store after Avast, a cybersecurity company, found they allowed people to stalk on their employees, children, or partner.

Stalkerware, which once seemed inaccessible, now takes the form of applications that allow someone to remotely monitor another person's activity. For example, one of the apps Google removed was "Spy Kids Tracker," a parental surveillance app that allowed people to read texts, view photos, and access the GPS location of a phone it had secretly been installed on — and there's countless more apps out there like this

Combined, the apps pulled from Google's Play Store had been installed approximately 130,000 times. The most installed apps were "Spy Tracker" and "SMS Tracker," which had more than 50,000 downloads each.

"These apps are highly unethical and problematic for people's privacy and shouldn't be on Google's Play Store, as they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims," Avast said in a statement.

There has been little research on stalkerware or attempts to grasp its true scale, but a 2018 study by researchers at Cornell University found that there are dozens of stalkerware tools easily available. But the majority are "dual use" apps masquerading as child safety or anti-theft tools, which can easily be repurposed for spying on a partner or spouse.

Last month, Citizen Labs' study called "The Predator in your Pocket" found that consumer spyware companies' blogs and search engine optimization (SEO) content revealed most companies had extensive references to partner monitoring. One company, mSpy, encoded secret HTML text which advertised spousal spying on their website as a way to make their products easily discoverable by people searching for ways to spy on their partners. 

When the researchers viewed the source code for mSpy's site, they found: "Have you ever considered using SMS tracker to know who your spouse or children are texting with?" This text was originally hidden in the web browser and was only visible when reading the "page's source code."

While developers who create these apps are to blame, the responsibility also falls into the hands of Google and Apple to prevent stalkerware apps being available to install. Earlier this year, Google refused to remove Absher, a Saudi Arabian tracking app which limited women's movement in the country, from its app store as it "did not violate Google's terms of services."

Parental apps that claim to keep children safe can be used in not-so-obvious malicious ways which allows them to pass the Play Store's automated app detector. Although seven stalkerware apps have been removed, this doesn't mean abusers won't develop more ways to control and manipulate their partner. 

Like this article and want to see more like it? We have a monthly feminist tech newsletter called "Lady Bits" — subscribe here.

Read next: Google's Parrotron AI helps people with speech impediments talk freely

You downloaded FaceApp. Here’s what you’ve just done to your privacy. - The Washington Post

Posted: 17 Jul 2019 04:34 PM PDT

Technology columnist

When an app goes viral, how can you know whether it's all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?

That's the burning question about FaceApp, a program that takes photos of people and "ages" them using artificial intelligence. Soon after it shot to the top of the Apple and Google store charts this week, privacy advocates began waving warning flags about the Russian-made app's vague legalese. Word spread quickly that the app might be a disinformation campaign or secretly downloading your entire photo album. Leaders of the Democratic party warned campaigns to delete the app 'immediately.'

I got some answers by running my own forensic analysis and talking to the CEO of the company that made the app. But the bigger lesson was how much app-makers and the stores run by Apple and Google leave us flying blind when it comes to privacy.

I raised similar questions a few weeks ago when I ran an experiment to find out what my iPhone did while I slept at night. I found apps sending my personal information to all sorts of tracking companies I'd never heard of.

So what about FaceApp? It was vetted by Apple's App Store and Google's Play Store, which even labeled it an "Editors' Choice." They both link to its privacy policy — which they know nobody reads.

Looking under the hood of FaceApp with the tools from my iPhone test, I found it sharing information about my phone with Facebook and Google AdMob, which probably help it place ads and check the performance of its ads. The most unsettling part was how much data FaceApp was sending to its own servers, after which … who knows what happens. It's not just your own face that FaceApp might gobble up — if you age friends or family members, their face gets uploaded, too.


FaceApp, which uses artificial intelligence to "age" people, has gone viral. Tech columnist Geoffrey A. Fowler tried it himself — and explored the privacy implications. (Geoffrey Fowler/The Washington Post)

In an email exchange, FaceApp CEO Yaroslav Goncharov tried to clarify some of that.

These five questions are basics we ought to know about any app or service that wants something as personal as our faces.

1. What data do they take?

FaceApp uploads and processes our photos in the cloud, Goncharov said, but the app will "only upload a photo selected by a user for editing." The rest of your camera roll stays on your phone. You can also use FaceApp without giving it your name or email — and 99 percent of users do just that, he said.

2. How long do they hold on my data?

The app's terms of service grant it a "perpetual" license to our photos. Goncharov said FaceApp deletes "most" of the photos from its servers after 48 hours.

3. What are they doing with my data?

Is FaceApp using our faces and the maps it makes of them for anything other than the express purpose of the app, such as running facial identification on us? "No," Goncharov said. Legally, though, the app's terms give it — and whoever might buy it or work with it in the future — the right to do whatever it wants, through an "irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferrable sub-licensable license." (Clear as mud?)

4. Who has access to my data?

Do government authorities in Russia have access to our photos? "No," Goncharov said. FaceApp's engineers are based in Russia, so our data is not transferred there. He said the company also doesn't "sell or share any user data with any third parties" — aside, I pointed out, from what it shares with trackers from Facebook and AdMob. (Another exception: Users in Russia may have their data stored in Russia.)

5. How can I delete my data?

Just deleting the app won't get rid of the photos FaceApp may have in the cloud. Goncharov said people can put in a request to delete all data from FaceApp's servers, but the process is convoluted. "For the fastest processing, we recommend sending the requests from the FaceApp mobile app using 'Settings->Support->Report a bug' with the word 'privacy' in the subject line. We are working on the better UI [user interface] for that," he said.

Why not post this information to FaceApp's website, beyond the legalese? "We are planning to make some improvements," Goncharov said.

Same question for the app stores run by Apple and Google. Those giant companies make money from a cut of upgrades you can purchase in the app. We're literally paying them to read the privacy policies — and vet that companies such as FaceApp are telling the truth. Why not better help us understand right where we download what's really going on? Neither company replied with an on-the-record comment.

Much better to help us sort through all of this before millions of us upload our faces somewhere we might regret.

Read more tech advice and analysis from Geoffrey A. Fowler:

Goodbye, Chrome: Google's Web browser has become spy software

Not all iPhones are the same. These cost less and are better for the Earth.

Rock this way: AirPods, Beats and Bose wireless ear buds take the headbang test

Microsoft Word passes 1 billion installs on Play Store - Android Police

Posted: 12 Jul 2019 12:00 AM PDT

Even though cloud-based productivity suites like Google Docs are incredibly popular, many people (and large corporations) still operate on good ol' Microsoft Office. The Word text processor was Microsoft's first Android app to pass 500 million installs on the Play Store, and a little over a year later, it has now passed the 1 billion mark.

As with most apps that reach this many installations, the count isn't made up entirely of downloads from the Play Store. Microsoft has agreements with Samsung and other manufacturers to pre-install Word (and several other apps) on phones and tablets, so there's a good chance many of those billion installations come from devices where the app has never been opened.

Still, this is an important milestone for Microsoft, as Word has become the company's first Android app to reach that many installs. Personally, I still prefer Word XP.

Microsoft Word: Write, Edit & Share Docs on the Go
Microsoft Word: Write, Edit & Share Docs on the Go
Price: Free+

“Google has removed 7 ‘stalkerware’ apps from its Play Store - The Next Web” plus 2 more


Google has removed 7 ‘stalkerware’ apps from its Play Store - The Next Web

Posted: 18 Jul 2019 05:39 AM PDT

For the ongoing series, Code Word, we're exploring if — and how — technology can protect individuals against sexual assault and harassment, and how it can help and support survivors.

Google has pulled seven tracking apps from the Play Store after Avast, a cybersecurity company, found they allowed people to stalk on their employees, children, or partner.

Stalkerware, which once seemed inaccessible, now takes the form of applications that allow someone to remotely monitor another person's activity. For example, one of the apps Google removed was "Spy Kids Tracker," a parental surveillance app that allowed people to read texts, view photos, and access the GPS location of a phone it had secretly been installed on — and there's countless more apps out there like this

Combined, the apps pulled from Google's Play Store had been installed approximately 130,000 times. The most installed apps were "Spy Tracker" and "SMS Tracker," which had more than 50,000 downloads each.

"These apps are highly unethical and problematic for people's privacy and shouldn't be on Google's Play Store, as they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims," Avast said in a statement.

There has been little research on stalkerware or attempts to grasp its true scale, but a 2018 study by researchers at Cornell University found that there are dozens of stalkerware tools easily available. But the majority are "dual use" apps masquerading as child safety or anti-theft tools, which can easily be repurposed for spying on a partner or spouse.

Last month, Citizen Labs' study called "The Predator in your Pocket" found that consumer spyware companies' blogs and search engine optimization (SEO) content revealed most companies had extensive references to partner monitoring. One company, mSpy, encoded secret HTML text which advertised spousal spying on their website as a way to make their products easily discoverable by people searching for ways to spy on their partners. 

When the researchers viewed the source code for mSpy's site, they found: "Have you ever considered using SMS tracker to know who your spouse or children are texting with?" This text was originally hidden in the web browser and was only visible when reading the "page's source code."

While developers who create these apps are to blame, the responsibility also falls into the hands of Google and Apple to prevent stalkerware apps being available to install. Earlier this year, Google refused to remove Absher, a Saudi Arabian tracking app which limited women's movement in the country, from its app store as it "did not violate Google's terms of services."

Parental apps that claim to keep children safe can be used in not-so-obvious malicious ways which allows them to pass the Play Store's automated app detector. Although seven stalkerware apps have been removed, this doesn't mean abusers won't develop more ways to control and manipulate their partner. 

Like this article and want to see more like it? We have a monthly feminist tech newsletter called "Lady Bits" — subscribe here.

Read next: Google's Parrotron AI helps people with speech impediments talk freely

You downloaded FaceApp. Here’s what you’ve just done to your privacy. - The Washington Post

Posted: 17 Jul 2019 04:34 PM PDT

Technology columnist

When an app goes viral, how can you know whether it's all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?

That's the burning question about FaceApp, a program that takes photos of people and "ages" them using artificial intelligence. Soon after it shot to the top of the Apple and Google store charts this week, privacy advocates began waving warning flags about the Russian-made app's vague legalese. Word spread quickly that the app might be a disinformation campaign or secretly downloading your entire photo album. Leaders of the Democratic party warned campaigns to delete the app 'immediately.'

I got some answers by running my own forensic analysis and talking to the CEO of the company that made the app. But the bigger lesson was how much app-makers and the stores run by Apple and Google leave us flying blind when it comes to privacy.

I raised similar questions a few weeks ago when I ran an experiment to find out what my iPhone did while I slept at night. I found apps sending my personal information to all sorts of tracking companies I'd never heard of.

So what about FaceApp? It was vetted by Apple's App Store and Google's Play Store, which even labeled it an "Editors' Choice." They both link to its privacy policy — which they know nobody reads.

Looking under the hood of FaceApp with the tools from my iPhone test, I found it sharing information about my phone with Facebook and Google AdMob, which probably help it place ads and check the performance of its ads. The most unsettling part was how much data FaceApp was sending to its own servers, after which … who knows what happens. It's not just your own face that FaceApp might gobble up — if you age friends or family members, their face gets uploaded, too.


FaceApp, which uses artificial intelligence to "age" people, has gone viral. Tech columnist Geoffrey A. Fowler tried it himself — and explored the privacy implications. (Geoffrey Fowler/The Washington Post)

In an email exchange, FaceApp CEO Yaroslav Goncharov tried to clarify some of that.

These five questions are basics we ought to know about any app or service that wants something as personal as our faces.

1. What data do they take?

FaceApp uploads and processes our photos in the cloud, Goncharov said, but the app will "only upload a photo selected by a user for editing." The rest of your camera roll stays on your phone. You can also use FaceApp without giving it your name or email — and 99 percent of users do just that, he said.

2. How long do they hold on my data?

The app's terms of service grant it a "perpetual" license to our photos. Goncharov said FaceApp deletes "most" of the photos from its servers after 48 hours.

3. What are they doing with my data?

Is FaceApp using our faces and the maps it makes of them for anything other than the express purpose of the app, such as running facial identification on us? "No," Goncharov said. Legally, though, the app's terms give it — and whoever might buy it or work with it in the future — the right to do whatever it wants, through an "irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferrable sub-licensable license." (Clear as mud?)

4. Who has access to my data?

Do government authorities in Russia have access to our photos? "No," Goncharov said. FaceApp's engineers are based in Russia, so our data is not transferred there. He said the company also doesn't "sell or share any user data with any third parties" — aside, I pointed out, from what it shares with trackers from Facebook and AdMob. (Another exception: Users in Russia may have their data stored in Russia.)

5. How can I delete my data?

Just deleting the app won't get rid of the photos FaceApp may have in the cloud. Goncharov said people can put in a request to delete all data from FaceApp's servers, but the process is convoluted. "For the fastest processing, we recommend sending the requests from the FaceApp mobile app using 'Settings->Support->Report a bug' with the word 'privacy' in the subject line. We are working on the better UI [user interface] for that," he said.

Why not post this information to FaceApp's website, beyond the legalese? "We are planning to make some improvements," Goncharov said.

Same question for the app stores run by Apple and Google. Those giant companies make money from a cut of upgrades you can purchase in the app. We're literally paying them to read the privacy policies — and vet that companies such as FaceApp are telling the truth. Why not better help us understand right where we download what's really going on? Neither company replied with an on-the-record comment.

Much better to help us sort through all of this before millions of us upload our faces somewhere we might regret.

Read more tech advice and analysis from Geoffrey A. Fowler:

Goodbye, Chrome: Google's Web browser has become spy software

Not all iPhones are the same. These cost less and are better for the Earth.

Rock this way: AirPods, Beats and Bose wireless ear buds take the headbang test

Microsoft Word passes 1 billion installs on Play Store - Android Police

Posted: 12 Jul 2019 12:00 AM PDT

Even though cloud-based productivity suites like Google Docs are incredibly popular, many people (and large corporations) still operate on good ol' Microsoft Office. The Word text processor was Microsoft's first Android app to pass 500 million installs on the Play Store, and a little over a year later, it has now passed the 1 billion mark.

As with most apps that reach this many installations, the count isn't made up entirely of downloads from the Play Store. Microsoft has agreements with Samsung and other manufacturers to pre-install Word (and several other apps) on phones and tablets, so there's a good chance many of those billion installations come from devices where the app has never been opened.

Still, this is an important milestone for Microsoft, as Word has become the company's first Android app to reach that many installs. Personally, I still prefer Word XP.

Microsoft Word: Write, Edit & Share Docs on the Go
Microsoft Word: Write, Edit & Share Docs on the Go
Price: Free+

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.