Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Harvesting SDK. Show all posts
Data Theft
Amazon class action lawsuits Data Breach Data Harvesting SDK Data Privacy Data Safety User Data data security Data Theft

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data

 

A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software development kit (SDK) to extract sensitive geolocation information from mobile apps. According to the lawsuit, plaintiff Felix Kolotinsky of San Mateo claims 

Amazon embedded its SDK into numerous mobile applications, allowing the company to collect precise, timestamped location details. Users were reportedly unaware that their movements were being tracked and stored. Kolotinsky states that his own data was accessed through the widely used “Speedtest by Ookla” app. The lawsuit contends that Amazon’s data collection practices could reveal personal details such as users’ home addresses, workplaces, shopping habits, and frequented locations. 

It also raises concerns that this data might expose sensitive aspects of users’ lives, including religious practices, medical visits, and sexual orientation. Furthermore, the complaint alleges that Amazon leveraged this information to build detailed consumer profiles for targeted advertising, violating California’s privacy and computer access laws. This case is part of a broader legal pushback against tech companies and data brokers accused of misusing location tracking technologies. 

In a similar instance, the state of Texas recently filed a lawsuit against Allstate, alleging the insurance company monitored drivers’ locations via mobile SDKs and sold the data to other insurers. Another legal challenge in 2024 targeted Twilio, claiming its SDK unlawfully harvested private user data. Amazon has faced multiple privacy-related controversies in recent years. In 2020, it terminated several employees for leaking customer data, including email addresses and phone numbers, to third parties. 

More recently, in June 2023, Amazon agreed to a $31 million settlement over privacy violations tied to its Alexa voice assistant and Ring doorbell products. That lawsuit accused the company of storing children’s voice recordings indefinitely and using them to refine its artificial intelligence, breaching federal child privacy laws. 

Amazon has not yet issued a response to the latest allegations. The lawsuit, Kolotinsky v. Amazon.com Inc., seeks compensation for affected California residents and calls for an end to the company’s alleged unauthorized data collection practices.
Read more »
Google Play
Data Breach Data Harvesting SDK Data Theft Google Play

Android Apps With 45 Million Installs Used For Data Harvesting SDK

 

Recently, Mobile malware researchers warned about a set of applications available on the Google Play Store that are stealing the private data of users from over 45 million installs of the apps. 

The apps consume credentials of the users through a third-party SDK in which it gets access to the users' capture clipboard content (store very sensitive data, such as crypto wallet recovery seeds, passwords, or credit card numbers), email addresses, GPS data, phone numbers, and even the user’s modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks, the researchers said. 

The famous and most downloaded app applications to be using this SDK to send sensitive data of users are enlisted below:

• Al-Moazin Lite – 10 million installations (phone number, IMEI, router SSID, router MAC address) 
• Speed Camera Radar – 10 million installations (phone number, IMEI, router SSID, router MAC address) 
• WiFi Mouse – 10 million installations (router MAC address) 
• Qibla Compass Ramadan 2022 – 5 million installations (GPS data, router SSID, router MAC address) • QR & Barcode Scanner – 5 million installations (phone number, email address, IMEI, GPS data, router SSID, router MAC address) 
• Handcent Next SMS-Text w/MSS – 1 million installations (email address, IMEI, router SSID, router MAC address) 
• Smart Kit 360 – 1 million installations (email address, IMEI, router SSID, router MAC address) 
• Simple weather & clock widget – 1 million installations (phone number, IMEI, router SSID, router MAC address) 
• Al Quran mp3 – 50 Reciters & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address) 
• Audiosdroid Audio Studio DAW – 1 million installations (phone number, IMEI, GPS data, router SSID, router MAC address) 
• Full Quran MP3 – 50+ Languages & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address) 

In the wake of the security incident, Google removed many applications from the Google Play store after discovering that they contain data harvesting software. Several Muslim prayer apps, a highway-speed-trap detection app, and a QR-code reading app, were installed more than 45 million times, as per the researchers. 
Read more »
Subscribe to: Posts (Atom)