Several companies have ben named in a class-action lawsuit as a result of mobile applications uploading contacts to servers without users’ consent. The mobile app developers who were following this practice were doing so to provide more personalized recommendations regarding who they should follow on their social networks, however they did so without user consent [...]
There have been a number of recent stories with celebrities photos being leaked online, including Scarlet Johansson, Christine Hendricks, Olivia Munn and more. I was interviewed by Fox News regarding how celebrities can better protect themselves. The obvious answer is to not take the photos and store them on their devices or in the cloud [...]
Mobile smartphone apps represent a powerful technology that will only become more important in the years to come. But the unique advantages of the smartphone as a platform—a device that’s always on and connected, with access to real world information like user location or camera and microphone input—also raise privacy challenges. And given the sensitivity [...]
California Attorney General Harris announced an agreement committing the leading operators of mobile application platforms to improve privacy protections for millions of consumers around the globe who access the Internet through applications (“apps”) on their smartphones, tablets and other mobile devices. The agreement is with the six companies whose platforms comprise the majority of the [...]
Security software companies more and more prey on people’s fear in order to help sell more products. This shady marketing practice is commonly known as FUD which stands for Fear, Uncertainty and Doubt. They tend to over inflate threats in order to scare people into buying their product, usually through their own studies showing startling statistics. These [...]
It was recently discovery that social media startup Path has been uploading contact information to their servers without its users’ consent. The discovery was by Arun Thampi using Aldo Cortesi’s excellent mitmproxy tool which allows researchers to intercept data transmitted by apps to remote servers even if being sent via SSL. This discovery has led to quite [...]
Today the Supreme Court unanimously ruled that the police violated the Constitution when they placed a Global Positioning System tracking device on a suspect’s car and monitored its movements. This helps clarify in many regards the extent to which law enforcement can track private property without a warrant. This raises questions for some in the mobile realm [...]
I wrote an article for PenTest Magazine which was published today on how to attack networks from the inside using just a smartphone. When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network from a remotely. Companies focus most of the security [...]
An interesting bit of information came to light in the affidavit of a Bradley Morrison, an FBI agent in the Ridgemaiden case, where a Stingray device was used to locate him. Not only was Ridgemaiden’s device data captured, but also all data from people in the area as the device mimicked a Verizon cell tower [...]
Verizon recently modified their privacy policies such that unless you opt-out, they will begin using information about websites you visit, what apps you use, your location, websites you visit and search terms you use in business and marketing reports. The information will also be shared with third parties and advertising partners: Mobile Usage Information: Addresses [...]