Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label App security. Show all posts

The Dual Nature of Telegram: From Protest Tool to Platform for Criminal Activity

 

Telegram, a messaging app co-founded by Pavel Durov in 2013, has become one of the world’s largest communication platforms, with over 900 million users. The app’s dual nature has recently put it in the spotlight after Durov was arrested in Paris on August 24, reportedly at the request of a special unit within France’s Interior Ministry that investigates crimes against minors. This incident has sparked renewed scrutiny of Telegram’s role in global communications. 

Initially, Telegram was created in response to the Russian government’s crackdown on pro-democracy protests in 2011 and 2012. The app’s primary selling points—encryption of communications and user anonymity—made it an attractive tool for activists worldwide. Telegram gained notoriety during the 2020 Belarus protests against a rigged presidential election, where activists used it to coordinate actions while evading government surveillance. Similarly, during Iran’s 2018 anti-government protests, Telegram was crucial for organizing and sharing uncensored information, attracting an estimated 40 million users in the country. The app’s ability to facilitate communication under oppressive regimes highlighted its potential as a tool for free expression and resistance. 

However, Telegram’s lack of moderation and security features has also made it a haven for criminal activity. Its encryption and anonymity appeal to drug dealers, pedophiles, and those trading illegal goods. A 2019 BBC investigation found that criminals were using Telegram to distribute child sexual abuse material and stolen credit card information, often embedding links to illegal content within public comments on YouTube videos. Telegram’s relaxed policies have made it easier for users with malicious intent to exploit the platform. Additionally, Telegram has become a powerful tool for disinformation, particularly in Central and Eastern Europe. A 2023 investigative report identified the app as the largest platform for disinformation in the region, with German-language channels playing a significant role in influencing extremist opinions. 

Since Russia’s invasion of Ukraine in 2022, the Kremlin and affiliated groups have increasingly used Telegram for propaganda, recruitment, and fundraising. Pro-Russian channels experienced a surge in subscribers, turning Telegram into a key communication tool for the conflict. The app’s dual role has drawn global attention, especially as Durov’s case unfolds in France. Telegram defended its stance by arguing that holding an owner responsible for all platform activities is “absurd.” 

Yet, this controversy highlights the broader challenge of balancing privacy and free speech with the need to combat illegal and harmful activities online. As authorities grapple with these issues, the future of Telegram remains uncertain, balancing its potential for good against the misuse by those with nefarious intentions.

Tech Giant Apple Launches Its Own Password Manager App

 

People with knowledge of the matter claim that Apple Inc. launched a new homegrown app this week called Passwords, with the goal of making it simpler for users to log in to websites and apps. 

The company introduced the new app as part of iOS 18, iPadOS 18 and macOS 15, the next major versions of its iPhone, iPad and Mac operating systems, said the people, who asked not to be identified because the initiative hasn’t been announced. The password-generating and password-tracking software was unveiled on June 10 at Apple's Worldwide Developers Conference. 

The new app is backed by iCloud Keychain, a long-standing Apple tool for syncing passwords and account information across several devices. This capability was previously concealed within the company's settings app or displayed when a user logged into a website. 

Apple is attempting to encourage more people to use safe passwords and improve the privacy of its devices by making the feature available as a standalone app. However, the action increases competition with third-party apps. The new app will compete with password managers such as 1Password and LastPass, and Apple will allow users to import credentials from rival services. 

The app displays a list of user logins and divides them into categories such as accounts, Wi-Fi networks, and Passkeys, an Apple-supported password replacement that uses Face ID and Touch ID.

Like most password managers, the data can be auto-filled into websites and apps when a user logs in. The software will also function with the Vision Pro headset and Windows computers. It also supports verification codes and functions as an authentication software similar to Google Authenticator. 

The Passwords push is only one part of the WWDC event. The primary focus will be Apple's artificial intelligence project, which will include features such as notification summaries, fast photo editing, AI-generated emoji, and a more powerful Siri digital assistant. Apple will also announce a collaboration with OpenAI to utilise the ChatGPT chatbot.

Is iPhone’s Journal App Sharing Your Personal Data Without Permission?

 

In the digital age, where convenience often comes at the cost of privacy, the Journal app stands as a prime example of the fine line between utility and intrusion. Marketed as a tool for reflection and journaling, its functionality may appeal to many, but for some, the constant stream of notifications and data access raises legitimate concerns. 

While the Journal app offers a seemingly innocuous service, allowing users to jot down thoughts and reflections, its behind-the-scenes operations paint a different picture. Upon installation, users unwittingly grant access to a wealth of personal data, including location, contacts, photos, and more. This data serves as fodder for the app's suggestions feature, which prompts users to reflect on their daily activities. For those who engage with the app regularly, these suggestions may prove helpful, fostering a habit of mindfulness and self-reflection. 

However, for others who have no interest in journaling or who simply prefer to keep their personal data private, the constant barrage of notifications can quickly become overwhelming. The issue extends beyond mere annoyance; it touches on fundamental questions of privacy and consent in the digital realm. Users may find themselves grappling with the realisation that their every move is being tracked and analyzed by an app they never intended to use beyond a cursory exploration. 

Moreover, the implications of this data collection extend beyond the confines of the Journal app itself. As Apple's Journaling Suggestions feature allows for data sharing between journaling apps, users may inadvertently find their personal information circulating within a broader ecosystem, with potential consequences for their privacy and security. 

Fortunately, there are steps that users can take to regain control over their digital lives and mitigate the impact of unwanted notifications from the Journal app. Disabling Journaling Suggestions and revoking the app's access to sensitive data are simple yet effective measures that can help restore a sense of privacy and autonomy. Additionally, users may wish to reconsider their relationship with technology more broadly, adopting a more discerning approach to app permissions and data sharing. 

By scrutinising the terms of service and privacy policies of the apps they use, individuals can make more informed decisions about which aspects of their digital lives they are comfortable surrendering to third-party developers. Ultimately, the Journal app serves as a poignant reminder of the complex interplay between convenience and privacy in the digital age. While its intentions may be benign, its implementation raises important questions about the boundaries of personal data and the need for greater transparency and control over how that data is used. 

As users continue to grapple with these issues, it is incumbent upon developers and policymakers alike to prioritize user privacy and empower individuals to make informed choices about their digital identities. Only through concerted effort and collaboration can we ensure that technology remains a force for good, rather than a source of concern, in our increasingly connected world.

5 Things to Consider Before Downloading an App


Apps have become an essential means in today’s world whether it comes to communication, shopping, gaming, research, or almost anything else. And since apps are being used so widely, it has also become popular for threat actors to use them to target their next victims. 

Thus, it has become crucial to take caution before installing any app on your device. Here, we are mentioning five steps to consider, so you do not fall for any trouble after installing an app:  

Check Reviews And Ratings of Apps

Examining the reviews and ratings of an app is one of the finest ways to learn about its quality. It is easy to see user reviews of the software you wish to download if you browse app stores. It is most likely that you will certainly not go after an app which has got a bad review by many of its users. Moreover, if the app is not available in any well-known app store, you must make sure to look into it over the internet to check whether the app is trustworthy (or even real). 

It has been advised to not follow the reviews from only one review forum, but also from other review sites or discussion board 

Beware of What Information the App is Asking for

Threats to privacy are increasing as more individuals connect to the internet. You should carefully review the permissions the app asks for in order to access it before downloading it. You can easily determine what permissions an app needs if you download it from the app store.

In case you are not sure whether or not to put in certain information requested in order to grant access to an app, it is advised to avoid downloading it. However, if you have a positive view of the app, it is advised to first install the app on a test device to analyze the app’s workings (and look for any suspicious behaviour) before installing it on your main device. Try the free trial if a premium subscription is required to see whether it's requesting too much information before purchasing a membership. 

Check the App's Update Frequency and Support

An essential indicator of an app's long-term performance is how often it receives updates. It is also critical to ascertain how quickly and efficiently the app development team handles customer support issues and answers questions.

For app developers, pushing updates to their apps is essential to making sure they work properly and receive bug fixes and new features. Try to find out when the app was last updated when you are installing it. It is likely that you would not get the experience you are seeking if it was a long time ago.

Compare the App with Alternatives

There are a number of apps that carry out the same task, where one does it better than the other. Consider searching for alternatives to the app and contrasting their performance before installing it on your smartphone. To choose the one that works best for you, you should also review their privacy policies.

Once, you have analyzed what the alternative options have to offer, it will make it easier for you to understand which app to go for. A better app should be the one with better privacy and performance.

Back-Up Your Device

It is always a good idea to back up your devices, even before you install an app. By doing this, you safeguard all of your crucial data from being permanently lost in case of unfortunate cyber issues.

Unexpected problems might occasionally arise after installing an app, particularly if you downloaded it from an unreliable source. It can damage your device, contaminate your data, and more. By retrieving your data from the backup, you can avoid all of these. Thus, remember to back up your devices, especially before installing a large software update or an app.    

Cybercriminals Set Android Apps For Sale for Up to $20K a Piece


Cyber threat actors have lately been targeting the official Google Play app store’s security by developing trojan malwares for existing Android apps, selling the malwares for up to $20,000 a piece on darknet markets. 

In a blog post published on April 10, Kaspersky researchers reported their findings of a thorough analysis of nine of the most well-known Dark Web forums. They discovered a booming market of buyers and sellers exchanging access to botnets, malicious Android applications, and app developer accounts for hundreds of dollars at a time by monitoring activities between 2019 and 2023. 

Some highly valuable products, such as source code that can let a threat actor hack into an existing cryptocurrency or a dating app on Google Play can cost several thousand dollars. 

"It's an infinite cat and mouse game[…]The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn't happen again. Then the attackers find new flaws. And it goes on and on," says Georgy Kucherin, Kaspersky research with regards to Google’s app security. 

The Marketplace for Google Play Hacks 

Any program that is posted to the Apple or Google app stores undergoes a rigorous inspection. However, according to the Kaspersky researchers “just like any security solution that exists in the world, it's not 100% effective[…]Every scanner contains flaws that threat actors exploit to upload malware to Google Play." 

Commonly, there are two methods by with a hacker attempts to sneak malware onto an app store: 

  • The first method entails publishing a completely safe software to the app store. If it has been approved, or even better, if it has attracted a sizable enough audience, hackers will submit an update that contains the malicious code. 
  • The second involves hackers compromising legitimate app developers, accessing their accounts to upload malware to already-existing programs. With no two-factor authentication and strong password restrictions in place, app developer accounts are more vulnerable to hacking. Credential leaks occasionally enable hackers to accomplish the majority of their goals by giving them access to important company development systems and accounts. 

Moreover, depending on the developer, access to a Google Play account may only cost as little as $60, depending on the developer. However, other, more beneficial accounts, resources, and services have significantly greater costs. 

For example, considering the power they hold, loaders — the software necessary to deploy malicious code into an Android app — can cost big bucks on the darknet markets, ranging up to a whopping $5,000 each for an instance. 

A well-resourced criminal could well go with a premium package, like the source code for a loader. 

 "You can do whatever you want with that — deploy it to as many apps as you want[…]You can modify the code as much as you want, adapting it to your needs. And the original developer of the code may even provide support, like updates for the code, and maybe new ways to bypass security measures," Kucherin explains. 

How Can a Company Protect Itself from Google Play Threats 

The threats posed by Google Play are a cause of great concern to organizations, especially the ones with feeble enterprise security. Kucherin notes that many businesses still have lax bring-your-own-device arrangements in place, which extend the security perimeter outside of corporate networks and right into the hands of its employees. 

"Say an employee installs a malicious app on the phone[…]If this app turns out to be a stealer, cybercriminals can get access to, for example, corporate emails or sensitive corporate data, then they can upload it to their servers and sell it on the Dark Web. Or even worse: An employee might keep their passwords in, for example, their phone's notes app. Then hackers can steal those notes and get access to corporate infrastructure," he explains. 

In order to prevent such severe outcomes, Kucherin suggests two simple precautionary measures: 

One, you can teach the employees cyber-hygiene principles, like not downloading apps that are not trusted. However, this might not suffice, so "another thing you can do — though it's more expensive — is give your employees a separate phone, which they will use only for purposes of work. Those devices will contain a limited number of apps — just the essentials like email, phone, no other apps allowed,” he adds. 

Just as it is for the cybercriminals, you have to pay more to get more, he notes: "Using dedicated work devices is more effective, but more expensive."