Podcast Episode Details
Back to Podcast Episodes
Android "Ghost Click" Apps, New Apple Siri Privacy Protections, Credit Card Spying
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 84 for September 2nd 2019: “Ghost click” Android apps found on the Google Play Store, new privacy protections for Apple’s Siri voice assistant, and did you know that your credit card may spying on you?
I have a question for you. How often do you carry your laptop with you? If you’re a frequent traveler, the answer may be all day and every day. So if you are carrying your laptop around, how are you doing it? If you’re like most of us we use some cheap neoprene laptop sleeve or just throw it in a backpack. But what if I told you there is a better approach? Well Silent Pocket makes a fantastic solution called a faraday laptop and tablet sleeve. I have one and I love it. Their laptop sleeve comes in waterproof nylon or beautiful leather to provide protection for your laptop from not only the elements but also by blocking all wireless signals making your laptop instantly secure. Check out Silent Pocket’s Farady Laptop and Tablet Sleeve for yourself at silentpocket.com. And as a listener of this podcast be sure to use discount code “sharedsecurity” to receive 15% off your order.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy news topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Did you know that Android app developers have found creative ways to load ads or conduct “ghost clicks” within an app so that the ad is never shown to you and that you never have to click an ad on the screen? Well last week it was discovered by researchers from Symantec that an Android app developer called “Idea Master” had two apps, a notepad app called “Idea Note: OCR Text Scanner, GTD, Color Notes” and a fitness app called “Beauty Fitness: Daily Workout, Best HIIT Coach”, were downloaded over 1.5 million times in the Google Play Store for close to a year were using this very tactic. According to Symantec researchers, the code to do all of this was hidden due to the way that the apps were compiled. Typically, researchers can easily reverse engineer Android apps to view the source code but in this case a “packer” was used to purposely obfuscate the code. These packers are typically used by app developers to protect intellectual property in their code.
How this attack works is that the developer first makes sure the ads show up just outside the viewable area of the of the screen and then they program the app to initiate an automated ad-clicking process that runs in the background. Not only will this drive up ad revenue for the app developer but it has the side-effect of slowing down your Android device and drains your battery. There is also the potential for these developers to use similar tactics to load malicious content or open up websites so that more dangerous things could be installed on your phone. So how can you prevent something like this from happening on your Android device? First, keep your mobile device up-to-date, only install apps from trusted sources, and pay close attention to the permissions that are requested when you install an app. And if you see your battery or data usage spike after installing an app, that should also be a clue that an app may be doing something malicious on your device.
Remember on a recent previous episode how I talked about Amazon, Apple, and Google having major privacy issues regarding what was being recorded from their voice assistants like Siri, Amazon Echo, and Google Home? In all of these assistants, recordings were found to have contained Published on 6 years, 3 months ago