Virus alerts First Quarter 2012
By the time you receive the e-mail 'virus alert' it can be too late!
Contact Us for a one month free antivirus trial.
Smartphone apps access and steal your phone numbers and email contacts
Smartphone apps can access some pretty personal and intimate information. This ranges from phone numbers and email addresses to GPS coordinates, to name a few. Viral websites can also infect your computer.
It would be reasonable to assume that data collected is limited to assisting an app with its functionality. However, this doesn't always seem to be the case.
A report in the UK's The Sunday Times, "In a flash your details are on a server in Israel", sheds some light on data transfer practices in 70 basic smartphone apps.
These run-of-the mill applications were chosen because the Sunday Times felt they sought more information than was functionally necessary.
Using "MiddleMan" software, they were able to monitor app data transfers and made some rather disconcerting discoveries.
The Sunday Times. The results showed that of the 70 apps, "twenty-one transmitted the phone number, six sent out email addresses, six shared the exact co-ordinates of the phone and more than half passed on the handset's ID number."
The excessive and unnecessary data collection is only part of this story. Perhaps more worryingly, the investigation highlights that the terms and conditions of the tested apps do not disclose the names of the data recipients, leaving users clueless about the final destination of their data.
The Sunday Times claimed that personal information was being sent outside the EU data protection fortress to companies and servers in China, India, Israel and America.
Specifically, 15 of the apps, including a puppy wallpaper app "Cute Dog", sent the phone number to an LA-based internet advertiser.
In another example, a flashlight app sent the user's email address and phone number to a server in Delhi, India.
When EU data travels outside the European Economic Area borders, it is said to travel to "third countries." This can post new risks to the subject's privacy, and the data enters a minefield of complex legal regulation.
One such regulatory divide is found in Article 25 of the Data Protection Directive (DPD). It demands that the European Commission determine when "third countries" are providing DP standards equivalent to the EU's DPD.
If the country meets the standards, it is added to a list of approved countries. Currently, this list is very short, notably including Argentina, Australia, Canada and the Faeroe Islands. This means that free flow of data can occur between the EU and these jurisdictions.
Data transfer between computer and device
The US also has made the cut with its US-EU Safe Harbour Agreement.
Importantly, The Sunday Times headline singled out Israel as an example of somewhere unexpected to send EU data. However, this is a bit of a red herring and should not necessarily alarm concerned parties.
Last year, the European Commission added Israel to the approved countries list, meaning their DP laws are adequate for EU transfers without the need for any additional safety measures.
For India and China, two other destinations mentioned in the report, there is no such seal of approval. Although India recently passed new data protection rules, these don't equate to the same high EU standards yet.
However, the commercial reality is that developers need to make money from these apps. Nevertheless, I don't think the business model of collecting and relaying all data that seems vaguely useful is sustainable from a user perspective.
Non-legal approaches may be able to provide businesses a more sustainable model, while protecting customers from over-zealous apps.
Stronger adherence to minimal data collection and clearer user privacy policies are a good start.
Last week's GSMA mobile app "privacy by design" development guidelines included some brilliant recommendations to develop industry-wide harmonisation in these areas.
Another important practice is to ensure data is strongly encrypted when transferred to "third countries". This added security is essential considering the likelihood that app data will end up in places that fall well short of the high EU DP standards.
ESET NOD32 Anti-Virus even alerts you to update Windows.
Contact Us for a free antivirus trial to the end of this month.
Update or disable its pcAnywhere
Symantec Corp. is advising customers to immediately update or disable its pcAnywhere software following the exposure earlier this month of source code stolen six years ago.
The company is notifying customers of potential problems and advising them to immediately update pcAnywhere software or disable it, said Cris Paden, a company spokesman. The product's roughly 50,000 users, most of which are businesses, haven't reported suspicious activity or penetration of network security, he said.
On Monday, the Cupertino, Calif., company began distributing updates to pcAnywhere version 12.5. The updates will continue through Friday.
"With pcAnywhere there may be some vulnerability," Paden said. "We're erring on the side of caution."
Symantec's efforts come after portions of some of its enterprise security source code were posted to the Web earlier this month. The company said the pilfered code was six years old but determined that it still posed a potential problem to pcAnywhere. The company's updates are designed to address any potential vulnerabilities.
The pcAnywhere product generates about $20 million annually, a sliver of the company's roughly $6 billion in total revenue.
In midday trading Thursday, Symantec shares were down 1% at $16.89.
The threat emerged on Jan. 5, when a group posted the source code on the Internet, claiming it exposed a weaknesses in Symantec's Norton Antivirus software, the leading product in the company's $2 billion consumer software business. It is used by 150 million customers worldwide.
As an Authorised Reseller we can offer 10% off the regular price.