Security experts uncover major smartphone privacy concerns

Apple iPhone 15 Pro Max Andy Boxall / Digital Trends This has been an eventful week for mobile phone user privacy and security. Two separate investigations have revealed privacy issues related to smartphone advertising and iOS notifications. The first investigation by 404 Media uncovered the use of a mobile ad delivery system by a company called Patternz to capture information through apps and deliver it to consumers. The report described Patternz as a “secret spying tool capable of tracking billions of phone records through advertising companies.” Patternz utilizes popular apps like 9Gag and various caller ID apps to carry out its activities. The company claims it has the capability to manage almost any program that can provide advertising services.

Galaxy S24 Pre-order Special Offer Get up to $650 in instant retail credit, plus up to $125 in Samsung Credit, a free memory upgrade, and up to 7.5% off with a student discount. Best Galaxy S24 Ultra Pre-Order Deal Get up to $750 in instant shopping credit, plus $150 in Samsung Credit, a free memory upgrade, and an additional 15% off and student discount. The company’s CEO referred to the device, which comprises more than half a million apps, as “the next de facto wristband.” It’s been estimated to have 5 billion users and to transmit real-time market information (RTB) to customers. This affects both iPhone and Android phone users. The analytics company ISA, behind Patternz, acquires this data from RTB players such as Google and X (formerly known as Twitter). The products it sells can include precise location data accurate to within a meter, as well as a person’s movements and contacts. This raises concerns about the effectiveness of Apple’s App Tracking Transparency feature, designed to reduce such advertising tracking. Cybersecurity experts argue that these tools aid government surveillance, and companies like ISA have already publicized their services to national security agencies. This is not a coincidence. The head of the National Security Agency has acknowledged that the agency purchases Americans’ internet browsing habits from data vendors, circumventing the need for warrants. The confirmation came after Senator Ron Wyden (D-OR) pressed the NSA Director Timothy Haugh for information about the agency’s collection of Americans’ internet data. Wyden, who had been pushing for three years to reveal the NSA’s purchases of Americans’ internet records, received a letter from the current NSA Director Paul Nakasone confirming the purchases on December 11. Reuters initially reported on the letter. The findings are concerning
Christine Romero-Chan / Digital Trends However, marketing is just one part of the issue. A study by Mysk revealed that malicious actors are leveraging iPhones to gather information for monitoring and sending personalized data. Whenever an app receives a push notification, iOS briefly wakes it up, providing an opportunity to update settings before displaying them to the user. It’s not surprising that popular social networks, known for their data collection practices, exploit this time window provided by push notifications. Developers can utilize this method to send code back at any time by simply sending notifications. Several apps are using this functionality to transmit detailed data to the device while it’s running in the background and to manage fingerprints. #Secret: Facebook, TikTok, and Other Apps Use Push Notifications to Send Information to Your iPhone “The rate at which many apps send notifications to devices when triggered by a notification is staggering,” stated the security firm. Suspicious behavior was discovered even on major platforms like Facebook, TikTok, and LinkedIn. What do experts recommend?
Designed using Dall-E 2 / Digital Trends The only solution to this problem? Stop receiving notifications. “Adversaries seem to be using transparent information and advertisements that can lead the victim to install spyware on their devices,” commented Jon Clay, CEO of global cybersecurity firm Trend Micro to Digital Trends. So, what can the average person do to prevent unauthorized surveillance, which can expose sensitive information such as location and local data? “Many people believe that mobile devices are automatically protected,” said Clay, pointing out that installing ad blockers and security software can offer some form of protection. However, Alan Bavosa, vice president of security at Appdome, highlighted that users often remain vulnerable to these attacks because they are unaware of what’s happening on their devices in the first place. “There are small steps users can take to minimize risks, such as downloading apps from reputable app stores without modifying (jailbreaking or rooting) their devices,” Bavosa suggested. “But this is a supplement, not a solution.”
Apple iPhone 15 Pro Max (left) and Apple iPhone 15 Plus Andy Boxall / Digital Trends Unfortunately, it appears that the responsibility ultimately lies with the user and, consequently, protection is up to them. A common recommendation by cybersecurity experts is to manually delve into the settings and block third-party notifications and possibly device sensors. Shawn Loveland, chief operating officer at Resecurity, advised against installing programs or applications that are unnecessary, as adware and other spyware may be distributed by malicious actors through legitimate markets and software. Despite the potential workarounds exploited by bad actors, asking apps not to track user activity on iPhones is a prudent step. John Chapman, co-founder of MSP security firm Blueshift, advised periodically reviewing app permissions, especially location and microphone settings, and disabling any that are unnecessary. Apple plans to further address this issue by requiring explanations from developers seeking push notifications and tracking mechanisms related to iPhones later this year. While this won’t solve every problem immediately, it’s a positive initial step. Editor’s Note

Author: OpenAI