Android apps leaking data to Facebook

  • I’ve been thinking a lot about this since I read the article and findings over a week ago. It’s probably old news by now, but just in case it’s been missed:


    Privacy international have used a MITM proxy to see what a collection of popular android apps are doing without user knowledge. They found that a lot of them send data to Facebook as soon as the app is open (over 60%), regardless of if you have a Facebook account. I verified this using a popular firewall app and some of the apps mentioned - on opening the app tries to communicate with a FB server using the Facebook SDK. This obviously presents a massive breach of the GDPR for EU users, but more importantly a massive failing on part of FB and a concern for all worldwide.


    The findings are here: https://privacyinternational.o…ractions-facebook-android


    Leaked information ranges from the ‘benign’ such as your google ad ID (to track non FB users outside of the platform) to how many times you’ve opened and closed apps and what they are, and in the case of some apps, they communicated with FB how many children you have and your flight departure and destination info. Nice one FB...



    Sent from my iPhone using Tapatalk

  • Privacy? In the US telco providers even sell your location to everyone: https://motherboard.vice.com/e…-microbilt-zumigo-tmobile


    Some insights into why those companies are interested in collecting every information they can get of us to store infinitely: https://medium.com/s/story/the…e-tracks-you-3c3abc10781d


    And we all help them by using Google DNS which provides the missing link to be able to track us across devices and generate insights about entities like households or who is a colleague of whom and so on...


    • Offizieller Beitrag

    I didn't adopt the "Smart Phone", or other android devices, because it was damxed obvious to me that they'd be impossible to secure. When they first came out, it was as if security wasn't even a consideration and no one appeared to be concerned in the least. I couldn't believe it.
    In any case, with current day integrated GPS device tracking, studies have been done for European cell phone companies in "human engineering". Given positioning data from a smart phone and a sufficient data sample, it's possible to predict where the phones' owner will be, on any day of the week and at a given time of day, with close to 80% accuracy. (With this kind of data available, "they" don't have to find you. They know where you're going to be.) And this unbelievably granular level of snooping has nothing to do with an app. All that's needed is for the phone to be "on".
    _____________________________________________________________


    Given the shenanagans of Google, ISP's and other DNS providers, I moved to running a recursive DNS server - "unbound". Pi-hole connects to it.
    Once entries are cached, unbound is faster than any public provider, bar none.


    But, there are plenty of other hooks out there for logging personal info and habits.

    • Offizieller Beitrag

    It sucks that a lot of apps we're supposed to trust leak our personal information.

    Get a "dumb" phone. Even with a dumb phone, if there are entries in the address book, it should be secured with a password or passcode. Store only phone numbers with initials (not names) in the address book - definitely no street addresses.

    Secured SMART phones exist, that can be trusted to some degree, but they're expensive.

    • Offizieller Beitrag

    Trusting your data on someone else's server (Facebook) comes with risks. When it comes right down to it, it's their server. What you put on their server is private only if the owner chooses to abide by their "promise". (And we've seen more than one instance where their promise wasn't worth much.)

    That's one of the benefits of having your own server. If you use reasonable security precautions, such as not forwarding server ports, your server's security profile is pretty good.

  • Despite the popularity of some applications, your data is not necessarily protected. Therefore, it is more than difficult to ensure that your data is always well protected. These privacy issues don't just affect Android users, as these incorrect settings can also affect some iOS apps in Apple.

  • macom

    Hat das Thema geschlossen.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!