Categories
News

Apple set to release long-awaited iOS update to restrict tracking by advertisers


Apple is about to give millions of iPhone users a choice: Allow Facebook and other apps running on Apple’s iOS platform to track your activity on your phone and online, or stop tracking altogether.

What will you choose?

Among the new features in Apple’s new iPhone software, iOS 14.5, is a major privacy update called App Tracking Transparency, which requires apps to request permission before gathering user or device data. Specifically, the update changes the Identifier for Advertisers (IDFA), a unique, random number assigned to each iPhone that allows advertisers and developers to track user behavior, including app usage and web browsing behavior. The IDFA is often used to personalize advertisements.

Apple is also releasing software updates for its other devices, including the iPad, Apple Watch, Mac computers and Apple TV. Apple is hosting an event on Tuesday where the company will announce product updates, and the software is expected to be available this week.

A spokesperson for Apple said the new privacy features were developed to “provide transparency and give users a choice if their data is tracked.” Apple requires all developers to adhere to the new policies, but will not require software makers to make the update immediately. 

Why Facebook objects

Facebook, Google and other big tech firms are unhappy with the changes.

In December, Facebook placed a full-page ad in the New York Times that claimed the user-tracking changes in iOS 14.5 would adversely affect small businesses. “[T]he average small business advertiser stands to see a cut of over 60% in their sales for every dollar they spend,” the Facebook ad stated.

A spokesman for Facebook was unable to verify the claim of a 60% loss to small business, but shared a Facebook blog post and video that asserts the Apple update will force developers to enable in-app purchases to make up for lost revenue. 

“It will force businesses to turn to subscriptions and other in-app payments for revenue, meaning Apple will profit and many free services will have to start charging or exit the market,” the blog post said. Facebook has previously warned advertisers that its ad network could become “ineffective” on Apple’s products.

Google does not plan to make similar changes to its Android operating system. The mobile OS has a similar device identification advertising feature called GPS ADID that allows advertisers on Android to personalize ads. The current version of Android also asks for one-time user permissions that enables app access to a phone’s location, camera and microphone.

A spokesperson for the company, which is owned by Alphabet, told CBS News, “We’re always looking for ways to work with developers to raise the bar on privacy while enabling a healthy, ad-supported app ecosystem.”

A boon for privacy

The Google Chrome web browser will start limiting or removing data shared with third-party tracking cookies by early 2022, according to a company spokesperson. Instead of tracking individuals, Google plans to allow targeted ads to groups of users with similar interests, a move that it says is less invasive but which privacy advocates have criticized.

Apple’s update is “the most significant improvement in digital privacy in the history of the internet. And it will kneecap Facebook,” Jason Kint, a privacy advocate and CEO of the advertising trade association Digital Content Next, said in a tweet.

AdWeek, a trade publication for the advertising industry, recently surveyed a number of small business advertisers and reported that “nobody really knows” what to expect from the iOS changes. 

Other experts are more positive. Apple’s policy is fair for both advertisers and consumers, said tech analyst Rene Ritchie. “It’s good for consumers. It’s not bad for advertisers. If we think of it in a consumer-centric way, [advertisers] have just had unfettered access to our data forever and it’s built up almost an entitlement to ownership of who we are and what we do online,” he told CBS News.

Ritchie said consumers have the right to keep private or to share mobile phone and browsing data. “This is our data. And it’s so valuable to [advertisers] that they’re willing to spend all this money, accumulating it and analyzing it, but we still own it,” he said.





Source link

Categories
Gadgets

A new Motorola Edge S leak puts the smartphone’s launch date at January 26, 2021


, , , , , ,

search relation.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 



Source link

Categories
Gadgets

Hackers Used Zero-Days to Infect Windows and Android Devices


Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers. (Both companies have since patched the security flaws.) The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors’ devices. The booby-trapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

The use of zero-day exploits and complex infrastructure isn’t in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code—which chained together multiple exploits in an efficient manner—the campaign demonstrates it was carried out by a “highly sophisticated actor.”

“These exploit chains are designed for efficiency and flexibility through their modularity,” a researcher with Google’s Project Zero research team wrote. “They are well engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks. We believe that teams of experts have designed and developed these exploit chains.”

The modularity of the payloads, the interchangeable exploit chains, and the logging, targeting, and maturity of the operation also set the campaign apart, the researcher said.

The four zero-days exploited were:

  • CVE-2020-6418—Chrome Vulnerability in TurboFan (fixed February 2020)
  • CVE-2020-0938—Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1020—Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1027—Windows CSRSS Vulnerability (fixed April 2020)

The attackers obtained remote code execution by exploiting the Chrome zero-day and several recently patched Chrome vulnerabilities. All of the zero-days were used against Windows users. None of the attack chains targeting Android devices exploited zero-days, but the Project Zero researchers said it’s likely the attackers had Android zero-days at their disposal.

In all, Project Zero published six installments detailing the exploits and post-exploit payloads the researchers found. Other parts outline a Chrome infinity bug, the Chrome exploits, the Android exploits, the post-Android exploitation payloads, and the Windows exploits.

The intention of the series is to assist the security community at large in more effectively combating complex malware operations. “We hope this blog post series provides others with an in-depth look at exploitation from a real-world, mature, and presumably well-resourced actor,” Project Zero researchers wrote.

This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.


More Great WIRED Stories



Source link

Categories
Gadgets

The warning signs that stalkerware is installed on your device


Your smartphone, your PC, your laptop – most of the devices we use are to some degree vulnerable to so-called stalkerware, software installed without your knowledge and aimed at obtaining sensitive data, like personal photos or login details.

In a nutshell, stalkerware “can result in the theft of data, monitoring of emails, SMS and MMS messages sent and received and even intercept your phone calls for the purposes of eavesdropping”, the Coalition against Stalkerware says.

The platform, a joint initiatve by aid organisations and IT security companies, aims to combat stalking, harassment and domestic violence by addressing the issue of stalkerware.

“Stalkerware services imply that their customers personally know victims, because these commercial spyware apps are manually installed. Users have to download the app, install it and enter credentials that are received after purchasing,” the Coalition explains further.

Anyone who loses their smartphone for a short period of time or has lent it to someone else for a longer time should therefore check it for changed or unknown settings, the initiative recommends.

On Android devices, for example, the setting “Unknown Sources” in the security menu is deactivated by default. If it’s suddenly activated, however, it could have been manipulated.

An unexpected discharge of the battery can also be a sign of stalkerware. Other indications are unknown apps or processes and webcam permissions that have not been granted by the device owner.

Even active sessions for which you have not logged in can indicate installed stalkerware.

Stalkerware is used for hidden digital surveillance, among other things. Removing it is not easy, but not impossible either. The Coalition against Stalkerware offers advise on how to do so on its website.

However, if you delete it, the respective offender is also warned. Victims of cyberstalking should therefore prepare a security plan and get expert help, for example from organisations that support victims of domestic violence. – dpa





Source link