Tag: Online Privacy

Over 2,000 Dangerous Apps Found On The Google Play Store

Google’s Android is by far one of the most accessible OS (operating system) available in the market. It is estimated that about 75% of all smartphone users are using the software. This implies that 3 out of every 4th person has an Android enabled device. Hence, there are bound to be shortcomings and problems related to such a high user base. Notably, a brand new report has claimed that over 2,040 of Google Play Store apps are harmful to the users, some of which are famous.

Research by the University of Sydney and Data6161 or CSIRO has administered over 1 million apps on the Google Play store. The two-year long study had found a large number of fake apps which weren’t malware but still required an unnecessary amount of permissions. These apps had no need for the data access that they were asking the users to provide. Certain software available on the Play store were famous, such as Hill Climb Racing and Temple Run. However, a few of these applications were downright malware.

Machine learning and Neural networking are being heavily implemented in the processing of all the 1 million applications. An algorithm was specifically developed to look for similar text description and icon designs in Google Play’s top 10,000 most popular apps. A massive number of 49,608 were seen as potential threats to users or their device’s integrity. VirusTotal flagged about 7,246 of the apps as outright malicious while the remaining 2,040 were fake and high-risk apps. Furthermore, 1,565 of such apps made at least 5 sensitive permissions request and 1,407 were embedded with 3rd party ad libraries.

Also Read: Honor 9X To Feature A Triple Camera Set Up And Kirin 810

The aforementioned dangerous applications have since been removed. Google has reported that the number of rejected app submissions has jumped by more than 55% over the previous year while app suspension has increased by up to 66%. Users should be wary of such applications and should ensure to always download only the official and recognised corporations applications from the Google Play store. If unavoidable, one should pay attention as to what permissions the apps are demanding. A game should have no right to making calls and sending messages or have access to customers contact details.

June 25, 2019
Instagram Testing Easier Recovery Of Hacked Accounts

Instagram has steadily been growing to become one of the most prominent social media platform over the last couple of years. With user base numbers easily crossing several hundreds of millions, there will always be “bad company”. Potential hackers that seek to harm or exploit are found in every major website or social platform. However, Instagram in its bid to strengthen its defences against these parties is now making accounts safer and easier than before to recover.

Numerous people had gone online to voice their grievances regarding their accounts that were broken into by hackers in 2018. Instagram now seeks to make the process of recovering users account easier in case of future attacks. The company is testing a new in-app account recovery process that will streamline the process while making it harder it to be hacked into.

Previously, users had to wait for an email or fill out support forms but now a new approach is being taken. The app will now ask for different types of information (like users original email address or even phone numbers). A six-digit code will then be sent on the details provided, and Instagram will thereon prevent hackers from accessing the user’s account using the email or phone number from a different device.

This method seeks to ensure users account recovery even if the thief has changed usernames and contact data. Instagram has also added a small period of time in which the original username cannot be claimed after being changed regardless of whether or not it was intended or unintended. This feature is already accessible to all Android and iOS users, however, the availability of the new in-app recovery system is still not certain.

Also Read: 1.4 Billion Apple iPhones And iPads Are Vulnerable To Hacks

Instagram is planning for a full in-app account recovery feature in the future without ever needing the security team. The social media giant’s security has been reportedly lax, with various exposed passwords and growing attacks on its systems occurring at frequent intervals. This new security feature cannot actually prevent all forms of hacking, but it may make it harder for hackers to take advantages of vulnerabilities in the recovery system that is currently live.

June 17, 2019
Google Chrome 76 Beta Update Now Offers Better Anonymity

Over the last few Google Chrome updates, build 73 was essentially the one that introduced a notable feature in the form of dark mode. Google Chrome builds 74 and 75 only focused on nominal aspects such as bug fixes and security. The tech giant, however, in a rather quiet manner added key new features that will make anonymity more easily achievable for users browsing online.

One of Google Chrome’s developer had conveyed that the browsers Incognito mode (or Private more) had always been detectable by a website. Basically, certain subscription-based online channels that had their revenue tied to the users that visit the website could ascertain whether or not it was the same person logging in from an anonymous private mode. This allowed such organizations to charge the user and disallow them from availing the initial first free entry over and over again. The aforementioned ability is now being taken away from developers for furthering user anonymity and privacy when browsing on Incognito Mode.

Chrome Incognito mode has been detectable for years, due to the FileSystem API implementation. As of Chrome 76, this is fixed.
Apologies to the "detect private mode" scripts out there. ? pic.twitter.com/3LWFXQyy7w
— Paul Irish (@paul_irish) June 11, 2019

Google’s Chromium blog post had another major focus, to have its latest Chrome builds putting more emphasis on phasing out Adobe Flash. The software already has been blocked by numerous major browser in different degree and manner for years now. With the adoption of the build 76 in Chrome, the browser takes new strides in keeping clear of it. Adobe Flash is now turned off by default in Google Chrome, including all of the individual flash items alongside the software. Interested users can discover this setting in the Beta build by going to “chrome://settings/content/flash” and finding the ‘Ask First’ settings turned off beforehand.

Also Read: Researchers Have Successfully Converted Type A Blood To Type O

Additionally, Google Chrome now features a more enhanced version of the coveted Dark mode. Furthermore, web developers now have the option to program their sites to automatically switch to a darker version of their websites when a user, with dark mode, visits. Chrome version 76’s stable build is scheduled to be available on the 30th of July 2019.

June 14, 2019
Apps On iOS Were Found Sending Large Amounts Of Data To Tracking Companies

Apple is one of the few companies that take into account the privacy and autonomy of its customer’s data. The cost of such high levels of user privacy is the tighter regulations by Apple on its own economy (especially in regards to maintenance and repairs). A report, however, has pointed towards various application in iOS sending a huge sum of data to tracking companies.

The Washington Post conducted research over a myriad of applications on iOS that yielded data that caught apps sending personal information of the user data to tracking companies. The research was conducted over a period of one month in conjunction with Disconnect, a privacy-related firm. The results had shown apps sending 1.5GB worth of user information.

The data was apparently sent during late hours when the user was generally asleep. Charging the phone overnight had seemed to activate the service. The trackers showed activity when the interactions with the device’s functions were to be really low. This process only occurs if the user has the “background app refresh” function enabled in the settings. Although this function is enabled by default on any Apple handset.

The apps from Apple store used in the research were from some of the top companies such as Nike, Yelp, Spotify, Microsoft OneDrive, Mint, IBM’s The Weather Channel, DoorDash, Citizen and surprisingly even the Washington Post’s very own application. Data had uncovered over 5,400 trackers in apps within a mere week into the research. Most trackers are said to work seamlessly without the user ever finding out that they were present in the background processes.

For those unaware, data that is acquired can be used to send ads tailored according to the user’s activities. In other words, after the personal information is received by such companies, users would then start receiving ads for something they looked up or searched for online. Ever since the Facebook-Cambridge Analytica data scandal in 2018 was uncovered, the public has been far more concerned and aware of their private information being traded without their knowledge. The aftermath of the fiasco had tech giants and social media companies have stricter regulations placed around them.

DoorDash the food delivery service from California was discovered to have sent data to nine 3rd party trackers, while Citizen the app that sends crime-reports for incidents near the user’s location was found sending phone numbers, email addresses and the actual GPS location of the iPhone owners to a tracker called Amplitude. The developers of Citizen had been contacted and an update has since gone online removing the tracker.

Also Read: Alaka’i Unveiled A Flying Taxi That Runs On Hydrogen Fuel Cells

Apple in an official statement had addressed applications that do not adhere to the App Stores rules and regulations, that require developers to clearly post privacy policies and ask for user’s permission to collect data, to either abide by the rules or be taken down from the App Store. The report had shown not all data collected was harmful or bad to the user as some data was anonymised and stored. However, some trackers have not made clear what kind of data was collected, for what amount of time, and whom it is sent to there on.

May 30, 2019
What Are VPNs, And Should You Use One?

The Internet has become an essential part of life in today’s day and age. It is really difficult to imagine what our lives would have been like if the invention of the internet didn’t happen. But if one stops and thinks how much of our life is shared through the medium; or how much of the data shared can be traced back to the user by someone with malicious intents, a feeling of trepidation is natural. To ensure that the data shared over the internet is secure and private, many people use a VPN. But what is it and should everyone get one?

What is a VPN?

Virtual Private Networks or VPNs for short is used to connect to another computer, usually called server anywhere on the internet. It then seems that the user is browsing through a private server. To explain it further, a VPN creates a virtual tunnel which is encrypted, so any data shared over the internet passes through the heavily encrypted tunnel; thus making it extremely difficult to track the user. The device that has the VPN installed will gain the IP address of the server, masking the original address and therefore, the user.

Why Is VPN Useful?

There are many scenarios where a VPN can genuinely be useful. But to realise whether you need it or not, one has to understand the advantages of using a VPN service, some of which are highlighted below.

Security over public networks: Each one of us has connected to a public Wi-Fi network or a shared network connection at least once. The threat of connecting to one remains higher than ever; as public or shared connections doesn’t restrict other people connected to the same network to spy on you. A VPN acts like taking you off the grid while still connected over the same network.

Anonymity over the internet: Using a VPN makes it extremely difficult to track the user’s IP address, which helps in making them anonymous. The service also allows switching between servers based on countries. This, while not being totally foolproof, lets them gain at least some anonymity, making internet usage a tad bit safer.

Keep prying eyes away: Be it the movies or an overgrowing paranoia, the fear of being tracked over the internet is growing substantially. In spite of using a private network, organizations like the Internet Service Provider (ISP) and the government; who have more access to the internet than regular people, can still track a person. Using a VPN might not eliminate the chances of them doing that entirely, but it reduces them to a great extent.

Bypassing censorships: There is no telling when someone’s favourite website is banned because of censorships. So if a website like Reddit or YouTube is banned in a country, it can be bypassed using a VPN service and can be used normally.

Prevent throttling: Conversations about Net Neutrality aside, major ISPs are known to favour a handful of websites over others. They also can throttle or restrict speeds to a particular website. Using a VPN bypasses that, and thus allows an unrestricted, fast internet.

So Should You Get A VPN?

The question of whether a VPN service is good for you or not depends on your usage, and ultimately how much do you value your privacy. Most quality VPNs offer paid subscriptions and the ones that are free offer dicey security support. The speeds of the free VPNs can also be slower than their paid counterparts. Another problem the service has is that while it advertises security over the internet, it doesn’t prevent the user from cookies employed on most websites, which can track data even after the particular website is closed. VPNs also don’t or simply can’t provide full anonymity as even after the connection is encrypted, the service can do only so much to keep you anonymous.

Also read: Call Of Duty Battle Royale Launching Soon For Android & iOS

One should decide if they value their internet privacy as a reason, which honestly, everyone should. To get started, there are many great options available if you want to try using a VPN service. Most of them also offer free trials to dip your feet once before diving all in. Some of the well-known VPN services available in the market are TunnelBear, NordVPN, StrongVPN, ExpressVPN and CyberGhost and Cloudfare’s 1.1.1.1.

March 19, 2019
Google Is Tracking User Location Without Consent

Google Maps is one of the most used services across all platforms. Even until Apple unveiled iOS 6 in 2012, the company relied on Google Maps. However, even to this date, many prefer Google over Apple maps for navigation. For a long time, Google has been optimizing its Maps services to provide better and more accurate results. However, there are times when the company goes above and beyond to ensure accuracy. According to reports, the company is secretly tracking its users’ location even after they turned their location history off. According to the company, if a user has turned his or her location history off then it will no longer be able to track their location. But, that does not seem to be the case.

As a new user, Google would ask the user to allow it to track his/her location for navigation. Once allowed, the entire location history of the user is recorded in a timeline fashion. This means that the company can keep a track of all the users who opted in for its map services, putting their privacy at risk. To deal with this, the company allows the user to turn off their location history. This, at least on paper, prevents the company from storing its users’ location. However, Google is still able to track its users with the help of some of the company’s apps. For instance, a simple Google search for a particular food item like a biscuit could help pinpoint your precise location. Moreover, the company even stores the instances of the times when you open its map service on a device. While mostly been open about tracking its users’ location, the company has never explicitly mentioned that it stores their location history even while turned off. It is with this privacy issue that more than two billion devices are at risk.

The issue of data privacy and the risks involved with it has always been a major concern. It does not help to know that big league companies like Google can misuse their users’ information. There is no word from the company on this issue but stay tuned as we will closely cover this news.

Have something to add? Leave a Comment Below!

August 14, 2018
Google Accused Of Allowing Third-Party Apps To Read Users’ Gmail

Online privacy has been at the centre stage of a global conversation for quite some time now. Every move by big tech companies is scrutinised for potentially risking the privacy of online users. The latest to join this ever-growing list is Google. One of the biggest tech companies in the world has been accused of allowing third-party apps to read users’ Gmail.

In a report published by The Wall Street Journal, it has been revealed that Google allows partner companies to read Gmail messages in order to offer better products and services. This is not the first time a company has been accused of using private user data for better-targeted advertisements. Facebook was involved in a global controversy after Cambridge Analytica was exposed.

Must Read: Google Sued For £3.2 Billion For Secretly Tracking Browsing Data For 4.4 Million iPhone Users

It has been a common practice by many companies to use machines to go through emails for keywords and phrases. This helps them identify what sort of goods or services that particular user is on the lookout for. This data once studied properly allows advertisers to make targeted ads and display them across the user’s web browsing experience. In fact, some companies allow human employees to read through the emails and not rely on machine learning.

Google, too, has been previously exposed for reading emails of users. In 2017, Google promised its users that it would stop reading Gmail content of users. However, this report claims that Google has done little to nothing to preserve the privacy of users. It is also worth noting that Gmail has over 1.4 billion users, making it the most popular email service in the world.

Must Read: New Facebook Patent Reveals Tech That Will Turn On Your Smartphone Microphone

WSJ quoted many representatives of partners that snoop through Gmail, claiming that this is indeed a “common practice.” There are, however, strict rules in place as specified by user agreements.

July 3, 2018
Baba Ramdev’s Kimbho Messaging App Disappears From Google Play Store Within 24 Hours Of Its Launch

Baba Ramdev, the infamous yoga guru launched a “swadeshi messaging app”, called Kimbho in India on May 30th. The app was launched as a competition to WhatsApp which is the world’s most used instant messaging app. Kimbho, however, is no longer available for download from either Google Play Store or iOS App Store. While many are bemused by the sudden vanishing, it appears that a recent takedown of the app’s security frailties might be the prime reason behind it.

A few hours after the launch, a Twitter user who goes by the name of Elliot Anderson tweeted a series of flaws that were found in the app. The French security researcher took to Twitter and posted a few screenshots and a video. According to the video, it’s possible to choose a security code between 0001 and 9999 and send it to the number of your choice. He also tweeted that he can access everyone’s messages and that the app is a security disaster.

The @KimbhoApp is a copy paste of another #application. The description and the screenshots in the app stores are the same. Moreover, the #Kimbho app is making request to bolomessenger[.]com pic.twitter.com/gOKOhash5X

— Baptiste Robert (@fs0c131y) May 31, 2018

An even more amusing fact that he discovered is that Kimbho is an identical version of another application. The screenshots and app description of Kimbho is the same as another messaging app called Bolo. To make matters worse for Kimbho, users started receiving OTP messages for Bolo Chat App instead of Kimbho. This proved Anderson’s finding that the app is indeed built on the Bolo app and the Kimbho developers didn’t even fix the OTP SMS format.

Hi @KimbhoApp before trying to compete #WhatsApp, you can try to secure your app. It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice #kimbhoApp pic.twitter.com/YQqK8lfIeI

— Baptiste Robert (@fs0c131y) May 30, 2018

Kimbho, however, has a completely different take on the issue. According to a new tweet, the app has “extremely high traffic,” and that it “will be back shortly.”

https://twitter.com/KimbhoApp/status/1002076004590895106

At the time of its launch, a company spokesperson explained the meaning behind the app’s unusual name. Kimbho is a Sanskrit word and according to Patanjali’s spokesperson SK Tijarawala, it means “How are you?” or “What’s new?” The app has, or rather had, all the features you’d want in a messaging app. Users could send text, video, images, GIFs, stickers, doodles and more. According to the app’s description, users can block unwanted conversations or users and is encrypted by AES for security.

It appears that the people over at Kimbho realised that its security shortcomings have been exposed. Taking down the app means it’s been worked upon and it might be released in the future with better security.

May 31, 2018
Google And Facebook Sued For US$ 8.8 Billion For Coercing Users Into Sharing Their Personal Data

In the past couple of day, you must have bee bombarded by every app notifying you of the change in their privacy policy. From Twitter, Facebook to Splitwise, every app has sent a notification to their users about the changes and these changes can have huge ramifications. Facebook and Google, for example, have been hit with lawsuits worth US$ 8.8 billion for coercing users into sharing personal data. The lawsuits were filed by Austrian privacy rights activist Max Schrems.

[amazon_link asins=’B0772YB7Y1′ template=’ProductAd’ store=’igyaan-21′ marketplace=’IN’ link_id=’c72e3f28-60af-11e8-b479-b7071a16be34′]

For context, GDPR or the General Data Protection Regulation is a rule passed by the European Union in 2016, resetting guidelines and rules for how companies manage and share a user’s personal data. While the rule applies to EU nations only, the internet’s global nature means that companies had to reset their policies in general. Hence, everyone received notifications about the privacy policies.

It is worth noting that Google and Facebook have rolled out the new policies since GDPR was enforced. Schrems believes, however, that those policies don’t go far enough. He has singled out the way Google and Facebook obtain consent for the privacy policies, asking users to check a box in order to access services. This is a very common practice of almost every internet service, but, the lawsuit argues that this method forces users into an all-or-nothing choice. That is a clear violation of the GDPR’s guidelines around particularised consent.

Both Google and Facebook have argued that the measures taken comply with the GDPR guidelines. In a statement, Google said:

We build privacy and security into our products from the very earliest stages, and are committed to complying with the EU GDPR.

Must Read: Android 9 P: Google I/O 2018 New Features

Facebook has said that, “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR.” This is not the first lawsuit Google is facing for violating the privacy of users. The company was recently sued for GBP 3.2 billion for secretly collecting browsing data of iPhone users in 2011 and 2012.

May 26, 2018
Google Sued For £3.2 Billion For Secretly Tracking Browsing Data For 4.4 Million iPhone Users

Google is in hot waters with the law in the UK. The search giant is being sued in the high court for as much as £3.2 billion for secretly tracking and collecting personal information of 4.4 million iPhone users in the UK. The lawsuit action again the company is being led by former Which? director Richard Lloyd. He claims that claims Google bypassed the privacy settings of Apple iPhones’ Safari browser between August 2011 and February 2012 to divide people into categories for advertisers.

The Guardian reports that Lloyd’s campaign group ‘Google You Owe Us’ told the court information collected by Google included race, physical and mental health, political leanings, sexuality, social class, financial, shopping habits and location data. The information was then aggregated and users were put into groups such as football lovers or current affairs enthusiasts for the targeting of advertising.

Must Read: OnePlus 6T To Follow OnePlus 6 In Q4 2018

Hugh Tomlinson QC, representing Lloyd and Google You Owe Us said that the data was gathered through “clandestine tracking and collation” of browsing on the iPhone, known as the “Safari Workaround.” This activity was first exposed by a PhD researcher in 2012. Ahead of the first hearing, Lloyd said:

I believe that what it did was quite simply against the law. Their actions have affected millions in England and Wales and we’ll be asking the judge to ensure they are held to account in our courts.

Google has already been fined in the US for similar practices. The company had to pay US$39.5 million to settle claims in the US, it was also fined US$ 22.5 million for the practice by the US Federal Trade Commission in 2012. Google You Owe Us, according to the filing, could be seeking as much as £3.2 billion. This would mean that every claimant could receive £750 per individual if successful.

May 24, 2018
WhatsApp Co-Founder Jan Koum Leaves Facebook Amid Data Privacy Concerns

Facebook has been embroiled in a huge debate about the internet as a whole. As social media has grown to become such an integral part of our lives, it is no secret that users have given more personal information than needed to various social media platforms over the years. Facebook has been under the cosh for allegedly, not using that information in an ethical manner. Now, it appears that the conversation of privacy has trickled down to Facebook-owned properties, mainly WhatsApp. Co-founder and CEO of WhatsApp, Jan Koum has announced that he will be leaving WhatsApp soon.

https://www.facebook.com/jan.koum/posts/10156227307390011

Jan took to his Facebook page to announce his departure, making sure he doesn’t give away any reasons that made him quit the company he started. A report by Washington Post claimed that he had a clash with Facebook and the company’s plans of using users’ private data. It also claimed that Jan plans to step down from Facebook’s board of directors.

In 2014, Facebook bought WhatsApp from Jan for a reported US$ 19 billion. The app has since become the most famous instant messaging service. In July 2017, the company announced that it had reached 1 billion active daily users who were sending 55 billion messages per day, 4.5 billion photos and 1 billion videos.

Jan Koum

WhatsApp has always pledged to protect user data and promised to protect that when Facebook bought the messaging service. In 2016, it further solidified its stance by introducing end-to-end encryption. However, Facebook, WhatsApp’s parent company has been accused of letting third parties use sensitive user data to their advantage. His departure will certainly be a blow for Facebook, especially after Brian Acton, co-founder of WhatsApp quit the company in November. Brian Acton, for that matter, has joined the rising voices of people concerned about data protection. The social media campaign, #DeleteFacebook has also gained impetus in the last few months.

Facebook is yet to respond to reports of Jan quitting due to differences with Facebook about handling user data. However, Mark Zuckerberg, CEO of Facebook did reply to Jan’s post, saying:

I will miss working so closely with you. I’m grateful for everything you’ve done to help connect the world, and for everything you’ve taught me, including about encryption and its ability to take power from centralized systems and put it back in people’s hands.

It’ll be interesting to see the repercussions now since both the founders have quit the company. Facebook will be eager to continue building the legacy of its largest-ever acquisition in the wake of questionable times for the parent company.

May 1, 2018
YouTube Removed 8.3 Million Videos For Violating Guidelines In Q3 Of 2017

YouTube has published its first-ever community guidelines enforcement report. According to the report, YouTube removed 8.3 million videos between October and December 2017. Along with the report, it also launched a Reporting Dashboard that lets users see the status of videos they’ve flagged for review.

This report comes after the video streaming company promised more transparency in terms of how it handles abuse and decides what videos will be removed. In a blog post, the video-streaming giant said:

This regular update will help show the progress we’re making in removing violative content from our platform. By the end of the year, we plan to refine our reporting systems and add additional data, including data on comments, speed or removal and policy removal reasons.

Google-owned YouTube came under the cosh last year when it was reported that a lot of disturbing videos were masquerading as kid-friendly content. Advertisers, in turn, were upset that their commercials had played before videos with violent extremist content. The report also mentions the competence of its bots as 6.7 million of the 8.3 million videos were flagged for review by machines without anyone even viewing them for the first time.

The company’s AI method of flagging off videos has been criticised time and again as many content creators have complained that they are unable to monetize their videos despite abiding the guidelines set by the company. The report by YouTube, however, differs from these claims. In 2017, about 8% videos were removed from the platform before anyone viewed them. After YouTube implemented machine learning, that number has increased to more than 50%.

The report seems like YouTube’s way of appeasing the upset advertisers after the controversy broke out regarding child-exploiting videos. It is, however, an insight of sorts into how YouTube handles offensive content and it should be useful in the long run for everyone.

April 24, 2018
Like WhatsApp, Facebook Will Let Users ‘Unsend’ Messages

Over the past few weeks, Facebook has been under the cosh from the media and its users alike. Facebook was accused of leaking private data of over 50 million users which were used by Cambridge Analytica during the 2016 US Presidential Elections. However, the outrage around Facebook and callous handling of sensitive data have increased when it was learned that Facebook deleted messages sent out by Mark Zuckerberg from the recipients’ inbox. It now appears that Facebook is ready to share this luxury with all of its users in the coming months.

According to a report by TechCrunch, a Facebook spokesperson has confirmed that the social networking company is currently working on the ‘Unsend’ feature’s development. This feature will soon be available for everyone across the globe. A few months ago, WhatsApp also rolled out a similar message wherein users could delete a sent message before it was read by the recipient.

However, it is worth noting that this feature will work very differently from WhatsApp’s. Another spokesperson told TechCrunch that the only way to implement ‘Unsend’ on Messenger is to set an expiration date for the message. This will, in fact, work very similar to what Snapchat has with its personal messages. Essentially, a user can set a timer on the message before pressing send, once the timer runs out, the message gets deleted. It is like a self-destruct mode but, for messages. It is not yet clear if the recipient will be made aware of the self-destruct mode of the messages they receive.

While it is okay to delete messages on WhatsApp because of the times you are either sending to or receiving from people you know, the implications of the ‘Unsend’ feature on Facebook are far more severe. On Facebook, users get a lot of messages from strangers which, if taken to court, can be used as evidence. Now, with the new feature, users will have to take a screenshot of every message they feel is important or suspicious.

April 7, 2018
Intel Facing Multiple Lawsuits Over Chip Security Flaw

The last couple of days have been frantic for the tech community. Ever since Google released two documents detailing the security flaws in almost every CPU in the world right now, the consumers have patiently waited for a fix for their devices. Some, however, have decided to take matters into their own hands. Owners of Intel-based CPUs in Oregon, California and Indiana have sued Intel over the security flaws that have been highlighted in its chipset.

They claim that the vulnerability in the chipset, which Intel learned about several months ago, make its chips inherently faulty. Intel has provided security patches ever since, but, the complaints raise concerns that these patches will hinder the performance of their computers and is not an adequate response to the serious issues raised against the company’s products.

A couple of days ago, Google along with other security researchers released a couple of documents which chronicled the major security flaws in Intel, AMD, and ARM processors. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

Google announced a fix for one Meltdown and Spectre vulnerability each and claimed that these fixes won’t result in system slowdowns which was feared by many.

January 6, 2018
This Could Trick You Into Giving Away Your Apple ID Password
If you are an iPhone user, you must be used to the random popup asking for your Apple ID and password because of some app running in the background. It is as normal as it gets and we barely think twice before entering the password. However, there is a new phishing attack which can trick you into giving up your password and cause serious privacy concerns.

A blog post from developer Felix Krause explains how a fake popup could be easily used to trick someone into handing over their Apple ID and password. The developer explains that creating a fake popup doesn’t require extraordinary coding skills. Any iOS engineer can make the Apple ID password prompt and send that popup. The password can then be logged in the app for anyone to access it. It takes less than 30 lines of code and could seemingly be dropped in any legitimate iOS app and sneak past App Store review teams.

Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it’s literally the examples provided in the Apple docs, with a custom text. I decided not to open source the actual popup code, however, note that it’s less than 30 lines of code and every iOS engineer will be able to quickly build their own phishing code.

He says he’s already filed this issue as a radar with Apple and explains that it could be fixed by Apple not allowing passwords to be entered in popups, but rather only in the Settings app/App Store. He notes in his blogs that this has been an issue with desktop browsers for years, with websites sending popups which look identical to the system popups.

This seems like a serious issue and until Apple comes up with a solution, Krause has pointed out a few ways you can protect yourself from this phishing attack:

Hit the home button, and see if the app quits:
- If it closes the app, and with it the dialog, then this was a phishing attack
- If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
- Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
- If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.
October 11, 2017