More on Malevolent APPs

Continuing on the Bad-APP theme from https://k9zw.wordpress.com/2022/11/29/last-post-made-simple-do-not-install-free-apps/

I went looking around the web for recent examples of APPs gone wrong.  Some that jumped out are:

Auto-Installation of APPs:

“When some Android device owners discovered and subsequently deleted the App, DPH would re-install it onto their devices,”

APP Based Nonconsensual Tracking:

Millions Of Americans Assigned Secret ‘Covid Decree Violation’ Scores ……. Over 100 million Americans were tracked from their cell phones and assigned “COVID-19 decree violation” scores throughout the Covid lockdowns.

PredictWise, a voter analytics firm, harvested location data from tens of millions of US cell phones and provided the data to Democrat campaigns and the Democrat National Committee to develop campaign ads targeting swing voters.

Government/Big Tech Programs to Covertly Load APPs:

Massachusetts Department of Public Health SECRETLY Colluded With Google To Auto-Install Contact-Tracing SPYWARE On Your Phone
The Massachusetts Department of Public Health is facing a class action lawsuit after colluding with Google to repeatedly auto-install contact-tracing spyware on the smartphones of over a million Massachusetts residents without their permission or consent.

According to a class action lawsuit filed by the New Civil Liberties Alliance, a nonpartisan nonprofit civil rights organization, the Department of Public Health rolled out the contact tracing app it worked with Google to create in April 2021.

Exploitation of BlueTooth for Nonconsensual Tracking/Contact Purposes:

“The App causes an Android mobile device to constantly connect and exchange information with other nearby devices via Bluetooth and creates a record of such other connections. If a user opts in and reports being infected with COVID-19, an exposure notification is sent to other individuals on the infected user’s connection record,” the NCLA explains in the complaint, Wright v. Massachusetts Department of Public Health.

APPs voluntarily installed by users used to Install Secret Additional APPs:

Initially, the app which obtains users private locations and health information was voluntarily installed

But then in June, DPH ramped up its contact tracing program and allegedly began surreptitiously installing the surveillance app on residents’ phones.

“On June 15, 2021, DPH worked with Google to secretly install the Contact Tracing App onto over one million Android mobile devices located in Massachusetts without the device owners’ knowledge or permission,” the complaint states

Non-Preservation of Individual Privacy Rights:

The government agency and tech giant’s “misguided effort to combat Covid-19” is a brazen violation of civil liberties, state and federal law and the United States and Massachusetts Constitutions, the NCLA contends.

“Plaintiffs are individuals who own and use Android mobile devices and live or work in Massachusetts,” the nonprofit group states in the suit. “DPH installed its Contact Tracing App onto each of the Plaintiffs’ Android devices without their awareness or permission, which amounts to a computer crime under federal and Massachusetts law. See 18 U.S.C. § 1030(a)(2); Mass. Gen. Laws Ann. ch. 266, § 120F. No statutory authority supports DPH’s conduct, which serves no articulable public health purpose, especially since Massachusetts has ended its statewide contact-tracing program.”

“Conspiring with a private company to hijack residents’ smartphones without the owners’ knowledge or consent is not a tool that the Massachusetts Department of Public Health may lawfully employ in its efforts to combat COVID-19. Such brazen for civil liberties violates both the United States and Massachusetts Constitution, and it must stop now.

DPH’s contact tracing app is still employed by the government agency to date and is repeatedly reinstalled on plaintiffs’ cell phones after they delete it, surveilling their every move.

Sidestepped Constitutional Issues:

“When some Android device owners discovered and subsequently deleted the App, DPH would re-install it onto their devices,” the complaint states. “These secret installations not only invade owners’ reasonable expectation of privacy, but they also intrude upon owners’ property right in their mobile devices by occupying valuable storage space. Because the Massachusetts and United States Constitutions prohibit governmental entities from unreasonable searches and uncompensated takings, this Court should enjoin DPH’s unconstitutional scheme.

Not an Isolated Issue:

Approximately two dozen states used Google-created contract-tracing apps, …

Some Links to read:

https://datafloq.com/read/15-biggest-threats-mobile-apps-security/

https://enterprise.verizon.com/resources/reports/2020-msi-report.pdf

https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdf

https://pages.checkpoint.com/mobile-security-report-2021.html

https://krebsonsecurity.com/2022/11/u-s-govt-apps-bundled-russian-code-with-ties-to-mobile-malware-developer/

https://www.schneier.com/blog/archives/2022/11/another-event-related-spyware-app.html

https://www.schneier.com/blog/archives/2022/10/interview-with-signals-new-president.html

https://www.schneier.com/blog/archives/2022/10/qatar-spyware.html

Not a very good situation to have misplaced trust get in the way of reality that we have little idea what the full abilities of any one APP actually are.

73

Steve
K9ZW

One thought on “More on Malevolent APPs

  1. Kuby, N6JSX [Ham +50yrs] says:

    Reading Steve’s article, that I full support, I ask you “how do you know an APP is SAFE?” You do NOT! Until some one is wronged and the media becomes upset and discloses.

    So WHY do we put Banking, Debit/Credit-Card, Stock, Amazon, PayPal and more financial ‘account numbers’ and ‘passwords’ on your cell phone – just for ease of your use (and to let APPs steal your data)?

    We have been brainwashed by modern marketing to think cellphone APPs are all good, convenient, and SAFE. If APPs are so SAFE then why do we not election VOTE or Poll-checkin using our cell phone?

    Who is at fault for APP security? The two monopolies, Apple & Google via their APP Stores, as all APPS must meet Apple/Google standards to be posted for sale in their stores.

    So do you think Apple & Google care about your SAFETY or profit percentage or appeasing governments? Do you think Apple & Google want to loose control of Freedom of Speech, hence, why Twitter is a now a threat!@#$%^&

    We live in interesting times….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: