More on Malevolent APPs

Continuing on the Bad-APP theme from https://k9zw.wordpress.com/2022/11/29/last-post-made-simple-do-not-install-free-apps/

I went looking around the web for recent examples of APPs gone wrong.  Some that jumped out are:

Auto-Installation of APPs:

“When some Android device owners discovered and subsequently deleted the App, DPH would re-install it onto their devices,”

APP Based Nonconsensual Tracking:

Millions Of Americans Assigned Secret ‘Covid Decree Violation’ Scores ……. Over 100 million Americans were tracked from their cell phones and assigned “COVID-19 decree violation” scores throughout the Covid lockdowns.

PredictWise, a voter analytics firm, harvested location data from tens of millions of US cell phones and provided the data to Democrat campaigns and the Democrat National Committee to develop campaign ads targeting swing voters.

Government/Big Tech Programs to Covertly Load APPs:

Massachusetts Department of Public Health SECRETLY Colluded With Google To Auto-Install Contact-Tracing SPYWARE On Your Phone
The Massachusetts Department of Public Health is facing a class action lawsuit after colluding with Google to repeatedly auto-install contact-tracing spyware on the smartphones of over a million Massachusetts residents without their permission or consent.

According to a class action lawsuit filed by the New Civil Liberties Alliance, a nonpartisan nonprofit civil rights organization, the Department of Public Health rolled out the contact tracing app it worked with Google to create in April 2021.

Continue reading →

Last Post Made Simple – Do not Install Free APPs

My previous post on Event Specific APPs – https://k9zw.wordpress.com/2022/11/25/a-cautionary-tale-about-event-specific-apps/ – resulted in a couple “Huh?” emails.

So I wanted to distill this down further – “Do not Install Free APPs” – that is about as simple as it can get.

Those APPs may be not what you think they are.

“Free” means you and your data are the “Product.”

Let that sink in – your data is what is being traded for third party payments.

Few organizations have their own dedicated resources to test & vet an APP for security, much less build their own secure APPs.

And many APPs are hard to completely uninstall, if you do decide to install it for an event or special purpose period.

Or if like the Egyptian APP you may have invited an advanced suite of spyware on your phone by installing a Free APP.

Good luck getting clear of that mess.

It boils down to is “who do you trust?” the real issue when you know so little about the actual APP, the APP writers, and the tools they use to build up an APP.

73

Steve
K9ZW

A Cautionary Tale about Event-Specific APPs

You may have been offered event-specific APPs for either hobby events or for work? I know I have, and I also had been warned off of using them.

Recently saw yet another article outlining exploits done by Event-APPs:

https://www.schneier.com/blog/archives/2022/11/another-event-related-spyware-app.html

Another Event-Related Spyware App

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app:

The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.

On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.

Now domestically one would think there shouldn’t be this sort of mischief going on, but having been on the committee side of significant events that offered their own APPs I was surprised when there wasn’t any process to verify what was being offered. None, zero, zip. Maybe someone informally looked at the claimed certification of the previously unknown APP provider, who of course was selected for the lowest expense as the main axis of selection, but then maybe not so much.

Technology and Exploit/Security Free-For-All?

• Does the APP have bad aspects?
• Did anyone with qualifications actually check it out?
• Does it even fully uninstall after the event or does it leave residuals that either are exploits or could be exploited?
• Who actually built the APP?
• When users install it, does it install other programs or APPs?
• Were they able to fund the APP from the sales of their product, or have they chosen to monetarize the APP by reselling data or allowing exploits?

I’ve had some of these Event-APPs on my iPhone and deleted them, because I needed them for my job.

Going forward I am leaning towards only installing them on a “burner phone” if I have to use an Event-APP, rather than allowing the safety-unverified Event-APP on my main phone.

Ditto with Hobby-APPs.

73

Steve
K9ZW

Non-Radio – Riding Wisconsin’s Rustic Roads

Why a picture of a parked motorcycle on an empty rustic road?

K9ZW’s Turbo VRod Night Rod on a Rustic Road stop

Wisconsin’s Rustic Roads program has a motorcycle feature where you can earn a Certificate if you get yourself photographed at 25 of the roads.  You can earn the Motorcycle Rustic Roads Patch with 10 confirmed Rustic Roads.

The need to be included in the picture is waived if you are a solo rider.

So mine are lonely looking pictures of my Harley-Davidson Turbo VRod Night Rod or Harley-Davidson Pan America Special with that particular Rustic Road’s numbered sign, as I usually ride alone.

The Motorcycle Program:  https://wisconsindot.gov/Pages/travel/road/rustic-roads/motorcycle.aspx

About Wisconsin Rustic Roads: https://wisconsindot.gov/pages/travel/road/rustic-roads/default.aspx

A nice writeup:  https://www.travelwisconsin.com/tours/rustic-roads-motorcycle-tour-200210

73

Steve
K9ZW

Remote Operation Log hits 30-Thousand QSOs

Was somewhat surprised that my Remote operations from my workspace has already hit 30,000 logged QSOs.

I started ramping up the remote operations in earnest during the virus lockdowns, as I was one designated to actually come into the office so a signatory & officer was onsite.

The almost all of the remote QSOs are FT8 and use my Home-QTH station. or Work-QTH station.  So they were either remote by 300 feet to another building here at work or 10 miles remote if my home station was used.

The remote log excludes other QTH logs (Island, non-remote home, mobile) and anything I did remote before 2019, as my earlier remote efforts were logged in my main log rather than segregated.

Logged as the 30,000th remote QSO was George W2GLH on 30 meters FT8!

Details: 2022-11-21 12:44:00 W2GLH FM29 10.136362 FT8 Sent: +08 Rcvd: -02

Thank you George W2GLH!!

73

Steve
K9ZW

CAD Systems around the Ham Radio Shack

Wanted to dust off my CAD chops to do some station layout sketches.

I’ve use Generic CAD from way back when – roughly about 1988. I know I had a program that used prior but neither the program or the name made enough impression that I can recall it now.

Upgraded from Generic CADD 1.x to v 5.04, including the bit of time under Autocad. Bought an Autocad LT license, which soon bacame useless, and quietly have been running the old version of Generic renamed & upgraded as VisualCADD/VCADD by TriTools, ever since.

Haven’t updated further as most new features (they are on VCADD v8.04 and a v9.0 beta is also available) have been 3D tools or advanced tools I haven’t yet needed.

Unfortunately VCADD is a bit pricey for a Station Sketching Tool (currently $460 new user/$160 upgrade fees). I’ll have to decide if I want to upgrade I guess.

https://visualcadd.net/

 

 

Some alternatives that may work and a donation or free:

https://librecad.org/

 

 

And a recommendation by Dale N6JSX, who uses it in his 3D printing/machining setup.

https://www.tinkercad.com/

 

 

Or maybe my take-off drawing kit comes out and I just hand sketch for the time being?

73

Steve
K9ZW