Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Location data. Show all posts

Can Messaging Apps Locate You? Here's All You Need to Know

 

If you're worried about cybersecurity, you might question whether texting apps can follow you. Yes, but it's not as big of a deal as you believe. Understanding how location monitoring works on major messaging applications, as well as the risks associated with it, is critical. Many social media apps require location information in order to streamline the services they provide. Road directions, food delivery, and other features that require access to your location to serve you better are examples of these services. So messaging applications can easily and precisely follow you, and they collect this information from you in a variety of ways.

One of the most typical methods is to simply ask you to enable your location and grant the app permission to access it. The GPS technology allows the programme to access your latitude and longitude coordinates, pinpointing your location, after you grant it permission. For example, several free messaging programmes, including your standard SMS app, iMessage, and WhatsApp, provide a live-location function that allows you to share your current location if necessary.

Wi-Fi and Bluetooth signals from your phone can also provide location information. Apps that monitor the signal strength of adjacent Wi-Fi routers and Bluetooth devices can track your whereabouts. However, this technology is less dependable than GPS tracking and can only provide an estimated location.

Some photo-sharing social networking apps, such as Instagram and Snapchat, leverage location-based functionality on your device, such as geotagging photos or providing more accurate search results. Then there's Twitter, which uses algorithms to serve your feed items based on location.

Another culprit is your IP address. When a device connects to the internet, it is assigned a unique IP address. This address may expose your general location, such as your city or area. Location history (a record of where your phone, i.e. you, has been) can be stored on the servers of apps like Snapchat.

Most messaging apps provide thorough information about their privacy policies and how they track your location and keep your data. So, rather than skipping them without reading the material, you should go into them. If you are uncomfortable with their practices, you can restrict their access through your device settings. However, doing so may result in inconsistencies and inaccuracies with the app's location-based functionality. The most serious hazards linked with location tracking by messaging media apps are invasions of privacy and data breaches.

How to Prevent Messaging Apps from Tracking You

Using airplane mode is the best approach to prevent your location from being tracked. However, doing so would disable incoming calls as well as your data connection. Fortunately, there are less restrictive methods for preventing messaging apps from seeing your location data.

You can always disable your location. Most phones feature a button in the quick panel for this. However, if yours does not, you can do so using a Samsung Galaxy phone:
  • Go to your phone's Settings.
  • Head over to Apps.
  • Select the app you want to turn on/off privacy access.  
  • Tap on Permissions, and then Location.
  • Tap Deny, and WhatsApp won't have access to your location anymore.
VPNs, or Virtual Private Networks: They protect your privacy by routing your internet traffic through a remote server operated by the VPN operator. A VPN uses a variety of approaches to prevent tracking. First, it switches your IP address to that of the VPN server in another location, which is usually far away. Any programme that attempts to trace your location using your IP address will be unable to do so because it has been changed to that of the VPN server.

Premium VPNs also encrypt your data, disguising the data transmitted between your device and the VPN server. Any third party attempting to intercept it will find it illegible as a result. They frequently feature firewalls and ad blockers that they can employ to avoid any problems.

Utilize Private Browsers: Some web browsers include firewalls and ad blockers that restrict third-party cookies and delete your browsing history when you close the app. So, if you use these private browsers to access social media, you can be confident that your location is hidden from prying eyes.

One must also study the privacy policies of these apps and take steps to limit the location sharing to trusted contacts only.

The Russian Expert Listed the Main Signs of Smartphone Surveillance

 

Along with the unconditional benefits, the smart devices around us also carry a number of dangers. Thus, with the help of a smartphone, attackers can gain access to the personal data of its owner. According to Evgeny Kashkin, associate professor of the Department of Intelligent Information Security Systems at RTU MIREA, there are several signs that may indirectly indicate that your smartphone has become a spy. 

"An important point, in this case, is the requirement for applications to use a camera, microphone, as well as access to data (images and videos) on the phone during installation. Of course, you can disagree with this point during the installation, but most likely, then the application will not work at all or will work incorrectly," the expert explains. 

According to him, for a number of applications, these access rights are mandatory for work, but there are applications where "such rights for normal operation are simply absurd." For example, a home internet account status application. 

Another important factor, in his opinion, is the use of geolocation in applications. At the same time, it`s not only about GPS, but also the use of cellular data, as well as connections to various web resources. Such an approach, on the one hand, can greatly facilitate the search for the right companies within walking distance in a number of search engines, but, on the other hand, the cell phone conducts a "total" tracking of your movements. The key question, in this case, is how the data will be used by those who collect it. 

A number of companies have gone even further in this context. They started tracking the email messages of the users. Thus, with the banal purchase of an electronic plane ticket, the system will notify you in advance of the departure date, and on the day of departure, it will build you a route to the airport, taking into account traffic jams. 

He also advises paying attention to the sudden and uneven loss of battery power. This may indicate that a malicious program is running in the background that can use the phone to carry out a DDOS attack. 

Another alarming symptom is the sudden freezing of the phone or even turning it off for no objective reason. And finally, the occurrence of noises and extraneous sounds during a conversation may also indicate that your phone is being monitored. 

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.

Customers Deceived by Google for Collection of User Location Data

 

The Federal Court of Australia observed that somewhere between January 2017 and December 2018, Google LLC and Google Australia Pty Ltd (together, Google) deceived customers in a world-first compliance action by ACCC on personal location information gathered from Android mobile devices. 

As a result of the 2019 legal proceedings against Google, the Australian Competition and Consumer Commission (ACCC) has stated that the rulings represent an "important victory for consumers" over protecting online privacy. Google deceived Android users to believe that the tech giant will only collect personal information, the ACCC said. 

“This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court’s decision sends a strong message to Google and others that big businesses must not mislead their customers,” ACCC Chair Rod Sims said. “Today’s decision is an important step to make sure digital platforms are upfront with consumers about what is happening with their data and what they can do to protect it.” 

The Court ruled that in the initial installation Google misrepresented the setting of 'Location History' as the only Google Account setting which impacted whether Google obtained, maintained, or used personally identifiable information on the location of a device once consumers had created a new Google Account. In reality, Google was also able to capture, store and use personal location data during activation through a different Google Account setting entitled 'Web & App Activity.' Though this setting was set by default.

Also between 9 March 2017 and 29 November 2018, customers were deceived by the fact that Google didn't bother to tell them that perhaps the configuration was related to the collection of personal location data after they had accessed the 'Web & App Activity settings on their Android system. The Court held that the actions of Google could trick the audience. 

“We are extremely pleased with the outcome in this world-first case. Between January 2017 and December 2018, consumers were led to believe that ‘Location History’ was the only account setting that affected the collection of their location data, when that was simply not true,” Mr. Sims said. He also added, “Companies that collect information must explain their settings clearly and transparently, so consumers are not misled. Consumers should not be kept in the dark when it comes to the collection of their location data.” 

The Court rejected the claims of the ACCC concerning certain declarations by Google on how users could prevent Google from obtaining and then using the location information and the purposes for which Google uses its personal location information. Though the ACCC seeks declarations, fines, instructions for publishing, and conformity orders.

Location Data of More Than 100 Million Users Got Compromised

 

Shazam, a popular music app was a doorway to the user’s precise location. Threat actors took advantage of the Shazam app susceptibilities to discover the victim’s specific location. Ashley King, a British IT security researcher uncovered the vulnerabilities in the Shazam app which could expose the locations of android and iOS users.

The vulnerability in the Shazam app was termed CVE-2019-8791 and CVE-2019-8792, more than 100 million users were affected at the time. Threat actors used a single malicious URL to acquire access to the victim’s precise location. This URL led the victim to the Shazam app, Shazam then opens a WebView and executes the malware which results in sending the victim’s location data back to the threat actor.

Ashley King reported the vulnerabilities in December 2018 three months after apple acquired the Shazam app. The flaw in Shazam app was finally patched on March 26, 2019, both on iOS and android but the specifics of it were only revealed last week. 

Ashley explained via a blog post that “Shazam uses deep links throughout the app as part of its navigation. I found that a particular exported deep link (which was responsible for loading a website inside a web view) was not validating its parameter, allowing external resources to be in control. This web view included a few java scripts interfaces that allowed content to communicate with the Android & iOS API’s making it possible to pull back device-specific information and the last known precise location of the user”.

Apple and Google Play Security Rewards Program did not deem ‘location data’ as big enough of a security threat even though the vulnerability was patched – most firms do not see user’s location data as a privacy issue, Ashley concluded.

Google about to Roll Out One of the Most Awaited Features



In 2018, Google broke headlines for tracking its users location even after they disabled the sharing of location history via their privacy settings.

There were complaints against the company, stating, "Google represented that a user ‘can turn off Location History at any time. With Location History off, the places you go are no longer stored.’ This simply was not true."

In the wake of receiving intense criticism over location history, Google came up with necessary adjustments which now allow users to stop the tech giant from tracking them, except for the applications in which location data is of utmost importance such as Waze and Google Maps.

In an attempt to make Google Maps even more secure and trustworthy, the company added enhanced security features related to location privacy in Android 10; to further better the services and regain the lost user trust, Google is planning to add Incognito Mode to Google Maps and the feature is said to be in testing.

Users can always put restrictions on the location data collected by Google Maps by signing out of their Google account, but it will come at the cost of their convenience, therefore, Google is planning to introduce Incognito Mode which can be turned on by the users in the same way they do it for Youtube or Google Chrome to delink the search or navigation data from their main Google account.

In order to activate Incognito Mode, users can simply choose the option from their Google account avatar and they will be informed about the app being in incognito mode by a black status bar and the marker indicating the location will turn into dark from blue to mark the change.

To enable the feature, users are recommended to install Preview Maps version 10.26 or higher and for those who are not a part of Preview Maps test group, wait until the company releases it on a wider scale.