The smartphone app industry is a huge data collection business, with no real benefits to the product (i.e. the 'user').
Realistically it functions against the privacy and security of the user (and even non smartphone user), the industry should be disassembled, where this will not be the case, ever, as the industry has too much 'support' from government and businesses alike.
Apps should be 'open source' in order to independent researchers to verify that the app does not contain any malicious code, detrimental to privacy and security of the user's data within the smartphone.
"Nothing to hide, nothing to fear", argument fail by the government.
The 'Australian Government' released an app for the purpose of Coronavirus tracking among its people, where it was stated that the source code will be released in two weeks.
Why two weeks?
Why not the moment the app was published in the respective app stores?
What needs to be modified within the code before it becomes public knowledge?
Smartphone and semiconductor manufacturers install malicious code within the hardware to the detriment of the user WITHOUT 'full disclosure'.
Deceitful and dishonest conduct which is supported by governments worldwide.
See article from 1 May 2020 by gsmarena of the headline:
Report claims that Xiaomi phones collect browsing data from its users
According to a security researcher working with Forbes, Xiaomi has been collecting browsing data from users who are using Xiaomi phones and the built-in browser. And the fun part is that the browser does so even in incognito mode or even when using the privacy-conscious DuckDuckGo web browser.
Gabriel Cirlig, the security researcher, is using a Redmi Note 8 as a daily driver and noticed that the device records pretty much everything he does on the phone and sends the data to servers in Russia and Singapore, although the domains are hosted in Beijing. We are talking screens, websites visited, folders opened, settings he changed, music played on the default app, etc.
The data itself is poorly encrypted using the base64 format, so it was very easy for him to transcribe the data into plain text.
Cirlig went even further and downloaded the ROMs for Xiaomi Mi 10, the Redmi K20 and the Mi Mix 3 and found the very same security vulnerability on all of them. Another security researcher, Andrew Tierney, found the suspicious behavior on the Mi Browser Pro and the Mint Browser too.
Xiaomi has responded to the allegations saying that Forbes findings are misleading and untrue. A spokesperson for the company said that Xiaomi complies with all local laws and regulations on user data privacy and the collected browsing data has been anonymized. As to why Xiaomi is collecting it, it's because the firm is trying to improve the user's browsing experience and it's a standard practice.
More importantly, the data can't be traced back to a specific user. However, Gabriel Cirlig sent a video to Xiaomi showing how the browser sends its history to the said servers even in incognito mode.
No comments:
Post a Comment