Spyware-laden ‘privacy’ extensions and apps affect over 11 million users

July 26, 2018

Researchers have discovered a collection of privacy-related apps and browser extensions that track users’ activity and send it to a remote server. The suspicious software has over 11 million users in total, and include extensions for Chrome and Firefox, as well as mobile apps for iOS and Android.

According to Andrey Meshkov of AdGuard, the extensions all appear to belong to one company: Big Star Labs. This isn’t immediately obvious because many of the apps are published under different names, and their privacy policies are only available as image files, which means the text can’t be indexed by Google. AdGuard was only able to find the connections by trawling through the policies manually.

Meshkov found issues with the following tools (some of which have now been removed from the respective app stores):

  • Block Site
  • AdblockPrime
  • Mobile Health Club apps
  • Poper Blocker
  • CrxMouse

Read the fine print

The mobile apps are particularly concerning. All of the Android apps request access to the operating system’s Accessibility Services, which allows apps to perform tasks that would usually require user interaction, such as tapping and swiping (something Google tried to crack down on last year).

Meanwhile, one iOS app offers to install a Mobile Device Management profile, which allows it to see all the apps installed on your phone, see your browser history, and potentially even install new apps.

“It is no ‘new’ news that our personal data is valuable,” Meshkov concludes. “Those who want to profit from acquiring it will always surround us. With this in mind, I will never tire of repeating two simple rules one needs to follow if they care about preserving their privacy and security: Read the privacy policy before installing anything [and] never install anything made by a developer you don’t trust.”

Source link

Swing With Us!



No more posts

About us

Our name may be an animal, but our legacy is bananas! As a new innovative, yet very simple private blogging company, we’ve been pioneering communications since 2012. Monkey Viral strives to be a premier provider of awesome news spreads, incredible deals, and the latest information from across the globe.

MonkeyViral.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.