Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label App security. Show all posts
User Data Leak
App security Apple criticism Apple Security Data Breach Data Privacy iPhone iPhone Features Personal Data User Data Leak

Is iPhone’s Journal App Sharing Your Personal Data Without Permission?

 

In the digital age, where convenience often comes at the cost of privacy, the Journal app stands as a prime example of the fine line between utility and intrusion. Marketed as a tool for reflection and journaling, its functionality may appeal to many, but for some, the constant stream of notifications and data access raises legitimate concerns. 

While the Journal app offers a seemingly innocuous service, allowing users to jot down thoughts and reflections, its behind-the-scenes operations paint a different picture. Upon installation, users unwittingly grant access to a wealth of personal data, including location, contacts, photos, and more. This data serves as fodder for the app's suggestions feature, which prompts users to reflect on their daily activities. For those who engage with the app regularly, these suggestions may prove helpful, fostering a habit of mindfulness and self-reflection. 

However, for others who have no interest in journaling or who simply prefer to keep their personal data private, the constant barrage of notifications can quickly become overwhelming. The issue extends beyond mere annoyance; it touches on fundamental questions of privacy and consent in the digital realm. Users may find themselves grappling with the realisation that their every move is being tracked and analyzed by an app they never intended to use beyond a cursory exploration. 

Moreover, the implications of this data collection extend beyond the confines of the Journal app itself. As Apple's Journaling Suggestions feature allows for data sharing between journaling apps, users may inadvertently find their personal information circulating within a broader ecosystem, with potential consequences for their privacy and security. 

Fortunately, there are steps that users can take to regain control over their digital lives and mitigate the impact of unwanted notifications from the Journal app. Disabling Journaling Suggestions and revoking the app's access to sensitive data are simple yet effective measures that can help restore a sense of privacy and autonomy. Additionally, users may wish to reconsider their relationship with technology more broadly, adopting a more discerning approach to app permissions and data sharing. 

By scrutinising the terms of service and privacy policies of the apps they use, individuals can make more informed decisions about which aspects of their digital lives they are comfortable surrendering to third-party developers. Ultimately, the Journal app serves as a poignant reminder of the complex interplay between convenience and privacy in the digital age. While its intentions may be benign, its implementation raises important questions about the boundaries of personal data and the need for greater transparency and control over how that data is used. 

As users continue to grapple with these issues, it is incumbent upon developers and policymakers alike to prioritize user privacy and empower individuals to make informed choices about their digital identities. Only through concerted effort and collaboration can we ensure that technology remains a force for good, rather than a source of concern, in our increasingly connected world.
Read more »
device protection
App installation App privacy App security Cyber Security device protection

5 Things to Consider Before Downloading an App


Apps have become an essential means in today’s world whether it comes to communication, shopping, gaming, research, or almost anything else. And since apps are being used so widely, it has also become popular for threat actors to use them to target their next victims. 

Thus, it has become crucial to take caution before installing any app on your device. Here, we are mentioning five steps to consider, so you do not fall for any trouble after installing an app:  

Check Reviews And Ratings of Apps

Examining the reviews and ratings of an app is one of the finest ways to learn about its quality. It is easy to see user reviews of the software you wish to download if you browse app stores. It is most likely that you will certainly not go after an app which has got a bad review by many of its users. Moreover, if the app is not available in any well-known app store, you must make sure to look into it over the internet to check whether the app is trustworthy (or even real). 

It has been advised to not follow the reviews from only one review forum, but also from other review sites or discussion board 

Beware of What Information the App is Asking for

Threats to privacy are increasing as more individuals connect to the internet. You should carefully review the permissions the app asks for in order to access it before downloading it. You can easily determine what permissions an app needs if you download it from the app store.

In case you are not sure whether or not to put in certain information requested in order to grant access to an app, it is advised to avoid downloading it. However, if you have a positive view of the app, it is advised to first install the app on a test device to analyze the app’s workings (and look for any suspicious behaviour) before installing it on your main device. Try the free trial if a premium subscription is required to see whether it's requesting too much information before purchasing a membership. 

Check the App's Update Frequency and Support

An essential indicator of an app's long-term performance is how often it receives updates. It is also critical to ascertain how quickly and efficiently the app development team handles customer support issues and answers questions.

For app developers, pushing updates to their apps is essential to making sure they work properly and receive bug fixes and new features. Try to find out when the app was last updated when you are installing it. It is likely that you would not get the experience you are seeking if it was a long time ago.

Compare the App with Alternatives

There are a number of apps that carry out the same task, where one does it better than the other. Consider searching for alternatives to the app and contrasting their performance before installing it on your smartphone. To choose the one that works best for you, you should also review their privacy policies.

Once, you have analyzed what the alternative options have to offer, it will make it easier for you to understand which app to go for. A better app should be the one with better privacy and performance.

Back-Up Your Device

It is always a good idea to back up your devices, even before you install an app. By doing this, you safeguard all of your crucial data from being permanently lost in case of unfortunate cyber issues.

Unexpected problems might occasionally arise after installing an app, particularly if you downloaded it from an unreliable source. It can damage your device, contaminate your data, and more. By retrieving your data from the backup, you can avoid all of these. Thus, remember to back up your devices, especially before installing a large software update or an app.    

Read more »
Kaspersky
App security Cyber Crime Cybercrime Actors Darknet Markets Google Apps Google Play Google Play Threats Kaspersky

Cybercriminals Set Android Apps For Sale for Up to $20K a Piece


Cyber threat actors have lately been targeting the official Google Play app store’s security by developing trojan malwares for existing Android apps, selling the malwares for up to $20,000 a piece on darknet markets. 

In a blog post published on April 10, Kaspersky researchers reported their findings of a thorough analysis of nine of the most well-known Dark Web forums. They discovered a booming market of buyers and sellers exchanging access to botnets, malicious Android applications, and app developer accounts for hundreds of dollars at a time by monitoring activities between 2019 and 2023. 

Some highly valuable products, such as source code that can let a threat actor hack into an existing cryptocurrency or a dating app on Google Play can cost several thousand dollars. 

"It's an infinite cat and mouse game[…]The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn't happen again. Then the attackers find new flaws. And it goes on and on," says Georgy Kucherin, Kaspersky research with regards to Google’s app security. 

The Marketplace for Google Play Hacks 

Any program that is posted to the Apple or Google app stores undergoes a rigorous inspection. However, according to the Kaspersky researchers “just like any security solution that exists in the world, it's not 100% effective[…]Every scanner contains flaws that threat actors exploit to upload malware to Google Play." 

Commonly, there are two methods by with a hacker attempts to sneak malware onto an app store: 

  • The first method entails publishing a completely safe software to the app store. If it has been approved, or even better, if it has attracted a sizable enough audience, hackers will submit an update that contains the malicious code. 
  • The second involves hackers compromising legitimate app developers, accessing their accounts to upload malware to already-existing programs. With no two-factor authentication and strong password restrictions in place, app developer accounts are more vulnerable to hacking. Credential leaks occasionally enable hackers to accomplish the majority of their goals by giving them access to important company development systems and accounts. 

Moreover, depending on the developer, access to a Google Play account may only cost as little as $60, depending on the developer. However, other, more beneficial accounts, resources, and services have significantly greater costs. 

For example, considering the power they hold, loaders — the software necessary to deploy malicious code into an Android app — can cost big bucks on the darknet markets, ranging up to a whopping $5,000 each for an instance. 

A well-resourced criminal could well go with a premium package, like the source code for a loader. 

 "You can do whatever you want with that — deploy it to as many apps as you want[…]You can modify the code as much as you want, adapting it to your needs. And the original developer of the code may even provide support, like updates for the code, and maybe new ways to bypass security measures," Kucherin explains. 

How Can a Company Protect Itself from Google Play Threats 

The threats posed by Google Play are a cause of great concern to organizations, especially the ones with feeble enterprise security. Kucherin notes that many businesses still have lax bring-your-own-device arrangements in place, which extend the security perimeter outside of corporate networks and right into the hands of its employees. 

"Say an employee installs a malicious app on the phone[…]If this app turns out to be a stealer, cybercriminals can get access to, for example, corporate emails or sensitive corporate data, then they can upload it to their servers and sell it on the Dark Web. Or even worse: An employee might keep their passwords in, for example, their phone's notes app. Then hackers can steal those notes and get access to corporate infrastructure," he explains. 

In order to prevent such severe outcomes, Kucherin suggests two simple precautionary measures: 

One, you can teach the employees cyber-hygiene principles, like not downloading apps that are not trusted. However, this might not suffice, so "another thing you can do — though it's more expensive — is give your employees a separate phone, which they will use only for purposes of work. Those devices will contain a limited number of apps — just the essentials like email, phone, no other apps allowed,” he adds. 

Just as it is for the cybercriminals, you have to pay more to get more, he notes: "Using dedicated work devices is more effective, but more expensive."  

Read more »
Subscribe to: Posts (Atom)