SoylentNews is people
SoylentNews
Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud:
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.
According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.
The malicious iOS SDK has been named "SourMint" by Snyk researchers.
"The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information."
"Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application," Miller added.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK (6.3.5.0), with the first version of the malicious SDK dating back to July 17, 2019 (5.5.1). The Android version of the SDK, however, doesn't appear to be affected.
(Score: 5, Informative) by Runaway1956 on Tuesday August 25 2020, @04:28PM (15 children)
More news at 11:00?
Forget the news. Your smart phone is a spy device. If you must have one, lock it down, and lock it tight. Dump all the apps, FFS. Each and every app you install, authorizes yet another bad actor to track you.
(Score: 1, Informative) by Anonymous Coward on Tuesday August 25 2020, @04:50PM
yes, most smartphones are nothing more than Slave Trackers (tm). phones with GrapheneOS, Postmarket OS and /or Ubuntu Touch are reasonable alternatives.
(Score: 3, Funny) by DannyB on Tuesday August 25 2020, @04:50PM
This is shocking.
At least I can take comfort that no malicious software ever makes it into the Android platform.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Disagree) by SomeGuy on Tuesday August 25 2020, @05:22PM
Only with the FREE news app/malware. Download it now!
(Score: 4, Interesting) by Mojibake Tengu on Tuesday August 25 2020, @05:53PM (11 children)
My advice to people is, a partial solution to this problem is strong diversity, by purpose:
Get one device for just work. Keep it on only during work hours.
Get another device for just banking. Do not install shit or browse the internets with that one. Never. Just banking. Only your bank knows the number.
If you must do gaming, get yet another for gaming.
For going outdoors, get another, trackable of course but not easily associable with your typical network activity indoors.
Dedicate yet another device for wardriving, if you able enough to do that.
I own 7 different mobile phones by today, and undisclosed number of portable computers. One of them was cheap as 10$, serves as a call receiver. The top one is fresh LG Velvet dual, the Internet. iPhones currently on deprecation for increased unreliability (dying batteries, self-overheating by 'just apps').
In ideal world, that would be one device per (really useful) app. It's easy to recover when something goes broken. Do not put everything you have in one device, that's fools' way.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 0) by Anonymous Coward on Tuesday August 25 2020, @06:21PM
can't keep track of all eight of my fingers and you want me to track as many phones?
(Score: 3, Insightful) by requerdanos on Tuesday August 25 2020, @06:21PM (1 child)
Fixed that for you.
In ideal world, we control the devices we own and there would be outcry if anyone tried spying, malware pushing, and the like.
(Score: 2) by barbara hudson on Wednesday August 26 2020, @12:14AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by SomeGuy on Tuesday August 25 2020, @07:16PM (1 child)
Holy crap. Just saying, cell phone salesmen must REALLY love you.
Yea, ok, one for work if they really require one. Some do. Hopefully they require it for a real reason, not just because they think cell phones are somehow cool. In an office environment, I'd want a real desk telephone so other similar professionals can actually HEAR me.
Unless you do piles of banking every day, just drive to the bank and use pencil and paper. (Drive thrus are still open). For electronic, why not just use a regular computer with a VM?
Or perhaps a game console instead of "phone"?
Personal mobile phone, if you are out and about enough to justify that, sure, that is standard. Don't bother with any "smart" phone applications.
Uh. Just don't do that.
The others? I think I had better not ask.
Having zero smart phones is much more secure. And much simpler. And less expensive.
(Score: 2) by barbara hudson on Wednesday August 26 2020, @01:10AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Tuesday August 25 2020, @10:12PM (5 children)
You ignore that your bank pays marketing firms to give them intelligence for where to target advertising (in exchange for their handing over data on you), who then readily trade data with Google. Your gaming device is naturally linked through to Facebook and Google. When you turn your work phone on for your commute, or you bring your kid (who has his/her own device) to work with you, or just make a mistake, all those devices get linked together..... And very soon some specialized firm connects the dots and you get tagged in their database as someone to be hard sold on all-in-one phone plans, or a hardcore . They might even just figure out you're just using a whole bunch of different devices, thus revealing much more about who you are then you ever wanted them to know.
On top of all that, you're not that special. You're a microscopic speck in a microscopic speck, and your data is only really valuable when it gets aggregated together with all the other people in your neighborhood. Unless you're being targeted for police or intelligence surveillance, in which case your unusual patterns make you even more a person of interest to them but ultimately will offer you no true defense. Business and government are still getting all the information they need about you.
All you're really doing is spending extra money for devices and data plans. You're not hiding yourself nearly as effectively as you think you are.
Sorry to burst your bubble, but you're not going to believe me anyway.
(Score: 2) by barbara hudson on Wednesday August 26 2020, @12:28AM (4 children)
Simple solution - do your banking by phone (interactive voice menus), not the Internet. Don't install games. Block all images in your browser. For news, use an app like The Guardian, , turn on Internet access, download just the text diffs of the news, then turn off internet access to the app. No images, no tracking while you spend the next hour reading everything, because text-only supplies a lot more information per byte than images, logos, etc. And you'll never see an ad because you have to be connected to actually download the dynamic ads.
People who have screen after screen after screen of apps need to be far more selective. And get a life
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday August 26 2020, @01:20AM (3 children)
Please! It's not worth the hassle. Just use burner email...
And... Try our new *JBiden Network Sniffer*™ to find those nasty old spyware cooties!
(Score: 2) by barbara hudson on Wednesday August 26 2020, @02:00AM (2 children)
No more looking for a wifi hotspot to help save mobile data, along with their tracking you.
A one-minute one-time adjustment that can save you hundreds of dollars a year in data overages and cut down on tracking. How is that "too much of a hassle?" How is not having to deal with ads and auto play videos too much of a hassle? How is a more responsive browser too much of a hassle? How is doubling your battery life too much of a hassle?
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday August 26 2020, @03:53AM
I guess you will never understand. I just wanna turn the thing on and go. Just put in a burner email and done! I don't want to spend half the day reading a bunch of mumbo jumbo in tiny little fonts on a tiny little screen doing phony baloney "privacy" shit. Anything goes wrong, and the neighbor's kid can fix it for me. And who uses a damn browser on a damn phone anyway? What kind of masochist do you have to be to do that??
(Score: 2) by etherscythe on Wednesday August 26 2020, @11:40PM
If only it were so simple. Pages these days often use graphics to create the menus you use to navigate. If you see fifty placeholders on a site with no ALT text, how do you know which link you want? Hover over it with your cur- oh, wait.
"Fake News: anything reported outside of my own personally chosen echo chamber"