1. Home
  2. Mobile apps sharing usernames, passwords, credit card details with third parties: Study

Mobile apps sharing usernames, passwords, credit card details with third parties: Study

Agencies
July 8, 2018

Washington, Jul 8: Some popular smartphone apps may be secretly taking screenshots of your activity and sending them to third parties, a study has found. This is particularly disturbing because these screenshots - and videos of your activity on the screen - could include usernames, passwords, credit card numbers, and other important personal information, researchers said.

"We found that thousands of popular apps have the ability to record your screen and anything you type," said David Choffnes, a professor at Northeastern University in the US.

"That includes your username and password, because it can record the characters you type before they turn into those little black dots," said Choffnes.

The study was designed to investigate a persistent urban legend that phones are secretly recording our conversations and then selling that information to companies so they can pepper you with targeted advertisements.

While the researchers found no evidence of recorded conversations, they discovered activity that could be even more dangerous.

"We knew we were looking for a needle in a haystack, and we were surprised to find several needles," said Choffnes.

What they found is that some companies were sending screenshots and videos of user phone activities to third parties. Although these privacy breaches appeared to be benign, they emphasised how easily a phone's privacy window could be exploited for profit.

"This opening will almost certainly be used for malicious purposes," said Christo Wilson, a professor at Northeastern.

"It's simple to install and collect this information. And what's most disturbing is that this occurs with no notification to or permission by users," said Wilson.

"In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers," he said.

The researchers analysed over 17,000 of the most popular apps on the Android operating system, using an automated test programme written by the students.

Although the study was conducted on Android phones, researchers said there is no reason to believe that other phone operating systems would be less vulnerable.

In all, 9,000 of the 17,000 apps had the potential to take screenshots.

"In one case, the app took video of the screen activity and sent that information to a third party," said Wilson.

That app was GoPuff, a fast-food delivery service, which sent the screenshots to Appsee, a data analytics firm for mobile devices. All this was done without the awareness of app users.

Researchers emphasised that neither company appeared to have any nefarious intent. They said that web developers commonly use this type of information to debug their apps and improve the user experience.

However, that does not mean a malicious company could not use this privacy window to steal personal information for profit.

"That has the potential to be much worse than having the camera taking pictures of the ceiling or the microphone recording pointless conversations. There is no easy way to close this privacy opening," said Choffnes.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 16,2020

New Delhi, Feb 16: Just an hour ahead of the swearing-in ceremony, Arvind Kejriwal invited the people of Delhi again for his oath-taking ceremony at Ramlila Maidan today.

Referring himself as "son of Delhi", the AAP convener today tweeted saying, "Delhiites, your son is going to take oath as Delhi chief minister for the third time. You must come to bless your son".

The AAP national convener will be sworn-in as the Chief Minister of Delhi for the third time in a row.

Arvind Kejriwal is scheduled to take oath along with other ministers at Ramlila Maidan.

On Saturday, Kejriwal, through a tweet, has said that autorickshaw drivers, students, teachers, doctors, labourers, etc will be the "chief guests".

The guest list put out by the AAP includes ''Delhi ke Nirmata''- people who contributed to the development of the city during the last five years.

These include Sumit Nagal, a Delhi government school student and an international Tennis player, Laxman Chaudhry an auto driver, Manu Gulati a teacher and "one of the many architects of Delhi Governance Model", Dalbir Singh a farmer, Ratan Jamshed Batliboi - the architect of the famous Signature Bridge among others.

By winning 62 seats by cashing in on the plank of development, his party nearly repeated its 2015 performance, sweeping the Assembly polls in the face of a high-voltage campaign by the BJP, which had fielded a battery of Union Ministers and Chief Ministers in its electioneering, spearheaded by Home Minister Amit Shah.

The BJP marginally improved its tally, managing just eight seats from its 2015''s tally of three seats. The Congress failed to open its account in the second successive election.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 11,2020

Mar 11: Thirteen of the 22 rebel MLAs in Madhya Pradesh have given an assurance that "they are not leaving the Congress", senior party leader Digvijaya Singh said on Thursday while expressing confidence that the Kamal Nath-led government in the state will win a floor test.

"We are not keeping quiet. We are not sleeping," Singh told PTI, a day after Congress leader from the state Jyotiraditya Scindia quit the Congress and 22 MLAs submitted their resignations from the assembly in Madhya Pradesh.

Scindia was offered the post of Madhya Pradesh deputy chief minister but wanted his nominee, Singh said. However, Kamal Nath refused to accept a "chela", he said.

Scindia, he said, could have been a Congress nominee to the Rajya Sabha but "only Modi-Shah" can give a Cabinet post to the "over-ambitious" leader.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 18,2020

New Delhi, Feb 18: A Delhi court today sent Sharjeel Imam, who has been named as an "instigator" by the Delhi Police in its chargesheet on violent protests against the amended citizenship act at New Friends Colony near Jamia in Delhi last year, to judicial custody till March 3.

Sharjeel Imam was arrested on sedition charges last month.

The Delhi Police has filed a chargesheet before Chief Metropolitan Magistrate Gurmohina Kaur, naming Sharjeel Imam as an instigator of the violence.

It said it has attached CCTV footage, call detail records and statements of over 100 witnesses as evidence in the chargesheet.

The court had on Monday sent Sharjeel Imam to one-day custody of Delhi Police in the case.

Protestors had torched four public buses and two police vehicles as they clashed with police in New Friends Colony near Jamia Millia Islamia in Delhi during the demonstration against the CAA on December 15, leaving nearly 60 people including students, cops and fire fighters injured.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.