Recently, researchers from the Cheetah Mobile Security Lab have found a dangerous Trojan, dubbed Cloudsota, pre-installed on certain Android tablets. Tablets infected with this Trojan are still on the shelves of Amazon, ready to be shipped to customers around the world.
Origin: Complaints from victims
This Trojan has existed for quite some time and victims have been consistently asking for help at Android forums like XDA, TechKnow and others.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
A few complaints from customers can be found on Amazon as well.
Evil: Malicious activities of the Cloudsota
The Cloudsota Trojan enables remote control of the infected devices, and it conducts malicious activities without user consent.
The CM Security Lab has detected that Cloudsota can install adware or malware on the devices and uninstall anti-virus applications silently. With root permission, it is able to automatically open all installed applications. Furthermore, we found that the Trojan replaces the boot animation and wallpapers on some devices with advertisements. Cloudsota also changes the browser’s homepage and redirects search results to strange ad pages.
Impact: More than 153 affected countries
According to our rough estimation, at least 17,233 infected tablets have been delivered to customers hands. The estimation is based on anonymous data collected by Cheetah Mobile. Since many tablets are not protected by anti-virus applications, the number may actually be significantly greater.
What’s worse, these tablets are still available on many online stores, including the huge retailer Amazon. While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.
Over 30 tablet brands have been pre-loaded with this Trojan, among which the most severely affected are the no-brand tablets with Allwinner chips. Over 4000 such tablets have been sold to customers across the world.
We have notified companies involved whose products are found with pre-installed Trojans. We advised those manufacturers to investigate their system firmware carefully, but unfortunately none have responded yet. We assume that the unbranded tablet manufacturers do not pay any attention to user feedback, nor do they have the capability to offer a solution to this problem.
Over 150 countries are affected by this Trojan, with Mexico, USA and Turkey suffering the most.
A large number of customers have left comments on Amazon.com grumbling about the advertisements and popups. These tablets share some similarities that all of them are low-priced and manufactured by nameless small-scale workshops. Here is an incomplete list of the questionable tablets on Amazon. (More details please refer to the Appendix)
Decompile: Technical analysis of the Trojan:
When we discover a questionable tablet, we send a notification to Amazon explaining the issue. We are assured that Amazon can corroborate our messages with its customers complaints and reviews.
Red “Demo” on the screen
Many users reported that their tablets were locked down into demo mode, with a large red “demo” text on the screen all the time. Based on our analysis, the red “demo” is not generated by the Trojan. The source of the red demo exists in the system component package-SystemUI.apk
As soon as the device is booted, the malicious code in SystemUI.apk will be executed to examine whether the malware com.clouds.server (viz., the Trojan cloudsota) has been installed in the tablet, if not, the code will try to get one, and if it fails, it will draw a big red “Demo” in the center of the screen.
Auto restoration after reboots
Even if we remove the Trojan, it will reappear after reboot.
As the Trojan is embedded in boot.img /cloudsota/CloudsService.apk, it is able to restore itself when a user reboots the device, meaning that it is very hard to get rid of.
Every time the device reboots, the code in the script init.rc will restore the Trojan.
The code that restores the Trojan:
Block browser’s homepage
When users boot the device, Cloudsota will visit the Trojan creator’s server frequently (about every 30 minutes), in order to obtain operating commands. Commands to change the browser’s homepage are as follows:
We intercepted some data:
http://download.cloudsota.com/homepage/1427791194/homepage
Install Apps silently
Similar with the homepage block, the Trojan gets a list of applications to push from the cloud server and silently installs these apps to the system directory of users’ devices. Generally, users are unable to remove them.
We obtained some information about the Trojan’s implementation:
http://download.cloudsota.com/apk/ota/1438999935/CalendarService.apk
http://download.cloudsota.com/apk/ota/1440569351/CloudsService.apk
http://download.cloudsota.com/apk/DSB/393/dsb_aijian2.apk
http://download.cloudsota.com/apk/MopoPlay/4314/MopoPlay.apk
http://download.cloudsota.com/apk/maxthon/2915/hgnormal_remote_master.apk
Other detected behaviors:
The Trojan is also able to:
1. Change the boot animation of the device. (Users have to bear the annoyance of advertisements even when booting.)
2. Uninstall the applications in your device. (Mainly uninstals anti-virus apps and root tools which offer protection to your device)
3. Set your wallpaper to advertisements. (Every time you tap the home button, you will see the nasty advertisements)
4. Activate whatever applications on your device
5. Create pop-up advertisements
Knowing all the malicious activities of this Trojan, we understand why these tablets are so cheap.
Conclusion: Attackers may from China?
We have confident proof showing that attackers from China are behind Cloudsota.
1. The code we extracted from the Trojan links to the WHOIS information on the server of www.cloudsota.com. It is clear that the server is registered in Shenzhen, P.R. China.
Registry Registrant ID:
Registrant Name: QIU BIHUI
Registrant Organization:
Registrant Street: xixang baoan district
Registrant City: shenzhen
Registrant State/Province: guangdong
Registrant Postal Code: 518101
Registrant Country: China
Registrant Phone: 1-368-255-2849
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
2. Much of the code is written in Chinese characters.
3. The manufacturers of tablets are from China.
Solutions and Recommendations
For infected users: We have published manual removal instructions on our blog.
For online stores: We suggest these dealers more strictly vet their product vendors.
For tablet buyers: Do not take the risk of trying tablets from nameless manufacturers just to save some money.
For this report, we refer to many materials from the following websites and organizations, and we greatly appreciate their kindness and support!
Special Thanks to: www.Techknow.me / www.Techknow.one
For more details of the users' reviews on Amazon and related information of the Trojan, please refer to the Appendix.
manual removal instructions http://www.cmcm.com/article/share/2015-11-09/840.html
Appendix https://drive.google.com/open?id=0B1CH2n58TrbiOWs2eGdjaW50RFk
manual removal instructions http://www.cmcm.com/article/share/2015-11-09/840.html
Appendix https://drive.google.com/open?id=0B1CH2n58TrbiOWs2eGdjaW50RFk
There is no such thing as a nameless manufacturer. This article doesn't even name the offending companies.
I'm guessing these might be the cheap manufacturers. Still a problem..
Almost every Chinese mobile have Cloudservice.apk malware installed.
Holy COW!
Including the replica phone at the most.
A useful post, but as @jayvl said, the offending companies were not listed.
Sent from my ASUS_Z00AD
Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Is it because Android is the most popular smartphone platform in the world right now, or is it because it’s just fundamentally easier to attack? In any case, Google’s mobile juggernaut Android continues to be the world’s biggest magnet for mobile malware. According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum,*Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform.
Symbian, whose market share is in rapid decline*and is being left for dead by its former parent Nokia, is down to 19% of all malware, compared to 62.5% two years ago. F-Secure predicts that it will go the way of the dodo bird and become extinct in 2013, as users replace their Nokia handsets with Android devices. Meanwhile, Windows Mobile, BlackBerry and J2ME each accounted for less than 1% of threat families in circulation in the year.
Breaking down progress over the past year, Android’s malware record appears to have seen a particularly bad spike in Q4 2012. F-Secure notes that in the fourth quarter it accounted for a full 96% of attacks. In fact, according to its records, all other platforms except for Symbian (at 4%) didn’t appear to have any malware threat families received at all.
Holding these up to Q4 market analysis, these figures are not proportionate to market shares for current sales, but they are somewhat more reflective of what devices are in circulation today.*In that sense, the shift between Symbian falling and Android rising is due to the fact that Android has been the biggest benefactor of Symbian’s decline.
“Malware in general has a parasitic relationship with its host,” writes Sean Sullivan, security advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013.”
In terms of what forms malware is taking, F-Secure says that 66% of detections were Trojans (malware masked as something else). F-Secure believes that Google’s increased security prompts, which it introduced with the 4.2 variant (Jelly Bean), should help bring that number down. However, if you look at Google’s most recent stats on distribution, released this week, Android 4.2 is only at 1.6% — meaning that this make take some time to come to pass. (For the record, Gingerbread 2.3.3 and upwards remains the most popular in terms of distribution, at 44%, with Ice Cream Sandwich at number-two with 28%).
Another major problem continues to be dodgy SMS messages: F-Secure notes some 21 of the 96 Android threat variants come from premium SMS that encourages downloads and sometimes end up as repeat problems by way of subscription services to which users unwittingly become subscribed. Then, users don’t know about this until the charge comes up on their bill — if they bother to scrutinize that bill, that is.
Interestingly, F-Secure also notes that those releasing malware have become more sophisticated in their reasons for infiltrating devices. Specifically, there’s been a significant shift in terms of malware attacks becoming financially motivated over the last several years, with financial gains now well outweighing those attacks that have been made in the past. Why the shift? It may be because malicious hackers were still learning the ropes for how to infiltrate devices back in the day.
Or it could be something else:*The rise in financial motivations also speaks to the fact that we as a population are using our devices for significantly more transactional services — and that makes them increasing targets for attacks aimed specifically at that fact. This is something that will eventually have to be squared with all the many ambitions and developments in the market today to turn our handsets into our default wallets.
Update: TC has reached out to Google for a comment, but a spokesperson says that the company does not comment on security company reports. Also worth pointing out a dissenting opinion on the above data from a reader in the comments below, highlighting that what gets identified as malware may sound more alarming than it actually is.
“F-Secure can say that anything is malware, even ‘dodgy sms’ which doesn’t fall under the definition of malware…. They say they detected trojans, but they didn’t explain what were their effects on the system, because if they did, everyone will know they’re not really trojans, that’s only what they want you to think,” he writes. “I’ve been using different droids for 3 years now, never had an issue with them. I’m a developer by the way.”
Be that as it may, there are more than security vendors putting out reports and warnings on malware and cybersecurity threats. Smartphones are still an emerging area — but a hugely popular one — and therefore remain a moving target
Source: techcrunch
thank you for sharing your valuable reserch
Hi, your post has helped me a lot in researching on this topic. It sure makes a lot of sense.
Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day
Recently, terms like 'Monkey test' and ‘Time service’ have become a trending topic in the Android community. More and more users have reported that it's nearly impossible to get rid of these two apps. After days of research, experts of the CM Security Research Lab successfully discovered the source of the problem, a virus called ‘Ghost Push.’
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disguised as legitimate applications, malware which contains ‘Ghost Push’ could spread itself widely via commercial SDK or browser ads. This is the most widespread and infectious virus we've currently seen. So far, ‘Ghost Push’ has affected 14,847 phone types and 3,658 brands. This virus will install unwanted and annoying apps on your phone and cannot be removed easily even by doing a factory reset or using normal antivirus software.
According to monitoring results from CM Security Research Lab, over 600,000 android users have been affected within a single day. It's mainly spreaded through Europe, Russia, the Middle East region, and southern China.
If your phone gets the virus, it will automatically gain the highest authority and be able to root your device, and download apps like ‘Monkey test’ or ‘Time service’ without your permission. This behavior will not only make your phone slow and drain your battery, but it will also consume lots of cellular data. With 'Ghost Push' on your phone, it will be able to do whatever it likes--using that root access.
As of now, we've discovered 39 infected apps that contain ‘Ghost Push’:
WiFi Enhancer
PinkyGirls
WordLock
SettingService
Sex Cademy
TimeService
XVideo Codec Pack
Fast Booster
boom pig
iVideo
Indian Sexy Stories 2
Amazon
Talking Tom 3
WhatsWifi
Fruit Slots
Assistive Touch
Hubii News
Photo Clean
Hot Video
Wifi Speeder
Accurate Compass
itouch
Super Mario
Lemon Browser
WiFi FTP
All-star Fruit Slash
Light Browser
SmartFolder
Multifunction Flashlight
Ice Browser
Happy Fishing
XVideo
Simple Flashlight
Assistive Touch
PronClub
MonkeyTest
Memory Booster
Daily Racing
Hot Girls
So how can we get rid of it?
Clean Master and CM Security can now detect the infection. CM Security Research Lab is also currently developing a toolkit aimed specifically at ‘Ghost Push’ removal, which will keep your phone safe.
Get the tool and protect your phone now! https://play.google.com/store/apps/details?id=com.cleanmaster.security.stubborntrjkiller
Cover art
To prevent further loss, if you want to remove the virus by manual operation, please tap here: http://www.cmcm.com/article/share/2015-09-18/801.html for more details.
liuwenzhu said:
Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day
Recently, terms like 'Monkey test' and ‘Time service’ have become a trending topic in the Android community. More and more users have reported that it's nearly impossible to get rid of these two apps. After days of research, experts of the CM Security Research Lab successfully discovered the source of the problem, a virus called ‘Ghost Push.’
Disguised as legitimate applications, malware which contains ‘Ghost Push’ could spread itself widely via commercial SDK or browser ads. This is the most widespread and infectious virus we've currently seen. So far, ‘Ghost Push’ has affected 14,847 phone types and 3,658 brands. This virus will install unwanted and annoying apps on your phone and cannot be removed easily even by doing a factory reset or using normal antivirus software.
According to monitoring results from CM Security Research Lab, over 600,000 android users have been affected within a single day. It's mainly spreaded through Europe, Russia, the Middle East region, and southern China.
If your phone gets the virus, it will automatically gain the highest authority and be able to root your device, and download apps like ‘Monkey test’ or ‘Time service’ without your permission. This behavior will not only make your phone slow and drain your battery, but it will also consume lots of cellular data. With 'Ghost Push' on your phone, it will be able to do whatever it likes--using that root access.
As of now, we've discovered 39 infected apps that contain ‘Ghost Push’:
WiFi Enhancer
PinkyGirls
WordLock
SettingService
Sex Cademy
TimeService
XVideo Codec Pack
Fast Booster
boom pig
iVideo
Indian Sexy Stories 2
Amazon
Talking Tom 3
WhatsWifi
Fruit Slots
Assistive Touch
Hubii News
Photo Clean
Hot Video
Wifi Speeder
Accurate Compass
itouch
Super Mario
Lemon Browser
WiFi FTP
All-star Fruit Slash
Light Browser
SmartFolder
Multifunction Flashlight
Ice Browser
Happy Fishing
XVideo
Simple Flashlight
Assistive Touch
PronClub
MonkeyTest
Memory Booster
Daily Racing
Hot Girls
So how can we get rid of it?
Clean Master and CM Security can now detect the infection. CM Security Research Lab is also currently developing a toolkit aimed specifically at ‘Ghost Push’ removal, which will keep your phone safe.
Get the tool and protect your phone now! https://play.google.com/store/apps/details?id=com.cleanmaster.security.stubborntrjkiller
Cover art
To prevent further loss, if you want to remove the virus by manual operation, please tap here: http://www.cmcm.com/article/share/2015-09-18/801.html for more details.
Click to expand...
Click to collapse
Thanks
CM Security only detection the virus, but can't remove the virus.. To remove the virus just reflash your ROM via your computer.
Is there any solution without flashing a clean ROM
I am helping someone clean their child's tablet but it is a very obscure one: Fondi T708B (apparently I can't link to it but the brand is Fondiversal according to their site).
I tried to use Framaroot to use the CM Ghost Push Killer but it says it doesn't have root access. The device's USB connection doesn't work when the device is on and ADB doesn't even find the device from the bootloader. I can use the bootloader to use fastboot though.
Essentially, I think I can fix the device if a a) get a ROM compatible with this device or b) someone can suggest a way to use fastboot to recover adb access or do similar cleaning to that described by CM.
Any help would be greatly appreciated.
nice list but can i get these apps apk for some testing........
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
SoNic67 said:
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
Not just "Chinese" phones, else why are they contacting Google?
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SoNic67 said:
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
Click to expand...
Click to collapse
No I mean the security company Kryptowire are contacting Google, along with Blu. Does that mean a Google phone is affected or is it just as they have a sales channel? Probably the latter but it does raise a lot of questions about exactly & how much control they have of the manufacturing process across their supply chain. Whether it's the the actual phone or individual chips being programmed. And is there any attempt by companies that make products in places like China to check the phones that actually come off the line for compromises. I doubt it but it seems to be a security risk to me.
Of course we all have to trust someone or some company in some way as most things are not open. I to trust Google with much of my data & security.
(I have read several articles on this, but still not much info, all seem to be a rehash of the press release from Kryptowire)
Google code is not affected. This is part of the specific firmware that manufacturer puts in the phone and it is allowed to even be updated OTA.
Meanwhile if I root my device is considered "unsafe"... But that's the only way to see those files and act to remove them.
As much as I hate Apple, I am more and more tempted. At least they control all the manufacturing chain.
Can I load a custom firmware on my phone to eliminate this?
If you can unlock the bootloader, yes.
At the minimum you need root, to be able to disable/eliminate the software. The original article that I have linked has the details of the software names:
com.adups.fota.sysoper
com.adups.fota
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
...and not two days later another news emerges... hehe just when some may have thought they are any different
https://interc.pt/2gkn4dz
M4ti said:
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
who cares who finds it, so long as someone does. Rooting and deleting all the relevant files should work, I guess, but possible could cause some other issues, who knows.
Its pretty funny since most of the people reading those articles doesn't really understand it very well....people quickly jump into conclusion and think that Chinese Smartphone device secretly sending private information to China....
If you read the articles very carefully then you will realize that Shanghai Adups Technology Co. Ltd is a company that provide FOTA services, that means and manufacturers that use their services for OTA updates are likely to effected with the spyware not just Chinese Smartphone....their market share is exceeding 70% across over 150 countries and god know how many devices manufacturers & services operator have been using their services for OTA updates...
The internet is full of discussions about WhatsApp's new Privacy Policy and a lot is being said about how they negatively impact users' privacy. The issue is primarily this: SHARING of data with other FACEBOOK apps and services.
While a lot of concerns have been raised, there is no article that I have found which tell us HOW this new change is going to impact us negatively.
Here is what WhatsApp collects from its users (and going to share with FACEBOOK beginning February 2021):
Your Name
Phone Number
Email Address
Contacts (Full Address Book)
IP Address
Coarse Location
Profile Picture
Device ID
User ID
Advertising Data
Product Interaction
Crash Data
Performance Data
Other Diagnostic Data
Customer Support
Other User Content
Hardware Model
Operating System
Battery level
Signal strength
Time zone
Status
Those who use WhatsApp Payments service, the following additional info collected will be shared:
Payment Info
Purchase History
The question is this:
How is this change going to adversely impact users?
WhatsApp does NOT have access to the contents of your messages, voice calls, video calls, etc as these are E2E (end-to-end) encrypted. So it is NOT clear how the new change in privacy policy is such a big deal. Here are some potential scenarios:
1. The backups you create (locally as well as in the cloud) are reportedly NOT encrypted (although I doubt this). Does that mean WhatsApp will have access to your messages and other stuff? And use these in ways you are not comfortable with?
2. I don't know if Facebook REQUIRES users' phone numbers during registration. If that isn't a mandatory requirement, this is what can (or will) happen:
Since WhatsApp has full access to your address book (or contacts), it will now start 'recommending' your Facebook profile (if you have one) to your address book contacts on Facebook, even if you want to stay anonymous.
3. If you interact with Business accounts on WhatsApp, details of your interests/ enquiries/ purchases would be collected and shared with FACEBOOK. Chats with Business Accounts are NOT E2E encrypted, so that information will be shared with FACEBOOK to serve ads to generate revenue.
If you are a Facebook user, much of the above information is probably already available with FACEBOOK.
Apart from the above, I really can't think of how this new change in Privacy Policy will affect users' privacy.
Are people just having herd mentality and making too much noise over nothing?
Hope someone can throw some clarity on this.
With a lot of difficulty, I have found an example of HOW the new change in Privacy Policy can adversely affect users:
Here is an example:
Let's say A and B are married. A is having extramarital affair with C. Now A and C are secretly conversing over WhatsApp without B's knowledge.
With the new policy change, WhatsApp will inform Facebook about the frequent conversations between A and C. Please note that the contents of this conversation is NOT shared, because WhatsApp itself doesn't have access to it. But only the fact that the two are in constant touch with each other over WhatsApp, and if they are meeting up, then that detail too will be shared using location data!
Facebook will think A and C are friends, so it will start showing friends recommendation to A's contacts. In other words, Facebook will start recommending C's profile to B. B will now wonder who is C . And somehow figure out the relationship between A and C.
Do you now understand why FACEBOOK is evil and why the new privacy policy is unacceptable?
Thank you for your info.
I have to say I slightly disagree, since WhatsApp and Facebook are both closed-source, there is no way to confirm that they stick with End to End encryption 100% of the time, do it at all, or even use robust encryption algorithms. Plus, we all know the shady stuff Facebook already does with user information and selling it to advertisers. In fact, before this update to the privacy policy WhatsApp has probably already been collecting user information or something along the lines of that, so you are right in the sense that this new privacy policy update probably won't change much.
Some misinformation clarified:
WhatsApp privacy policy update: Don’t fall for these false claims
WhatsApp's new privacy policy has caused some concern among users. but don't believe all that is being circulated about the messaging app.
indianexpress.com
DarkLight72 said:
I have to say I slightly disagree, since WhatsApp and Facebook are both closed-source, there is no way to confirm that they stick with End to End encryption 100% of the time, do it at all, or even use robust encryption algorithms. Plus, we all know the shady stuff Facebook already does with user information and selling it to advertisers. In fact, before this update to the privacy policy WhatsApp has probably already been collecting user information or something along the lines of that, so you are right in the sense that this new privacy policy update probably won't change much.
Click to expand...
Click to collapse
While nothing can be ruled out, we will still give them the benefit of doubt and accept their word on conversations being E2E encrypted.
If you are using WhatsApp AND Facebook, there isn't going to be much difference because if you have Facebook app installed on your device, it already has much of that info which will now be formally shared.
If you are using WhatsApp but NOT Facebook, you still aren't going to see any difference because what is Facebook going to do with the information it receives from WhatsApp?
With the new privacy policy, WhatsApp is only making arrangements to save itself from litigations. What I mean is information sharing was already happening at some level, which is now only being formalized. Users will hardly see a change.
It will only make a difference if you quit both. That way you can stay away from evil FACEBOOK.
Answering your questions about WhatsApp’s January 2021 Privacy Policy update | WhatsApp Help Center
faq.whatsapp.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some of the things that BIG TECH (Google, Facebook, Apple, Microsoft, Amazon, and others) uses to identify you:
1. IP address
2. Browser Fingerprinting
3. Device Fingerprinting
4. Location, Nearby scanning, Beams, GPS
5. Advertiser ID
6. Always Listening (voice commands)
7. Your demographic details
IP address
This is the same for all devices connected to the same WiFi network. This address is called the Public IP address, which is the address assigned to your WiFi router by your ISP. Using this, Big Tech can track all the accounts that use the same IP address. So, Big Tech knows who all are living in the same household, who all are working in the same place (if you connect to your work WiFi), etc.
Browser Fingerprinting
Websites can track full details of your browser, which in conjunction with other forms of tracking (like cookies), can be used to create your virtual profile, your interests, your online activities, etc. Google, Facebook, Amazon, etc, have trackers in pretty much all the websites, so even if you don't use your account in those sites, BIG TECH can still track you by connecting the dots.
Using Private/ Incognito browsing isn't all that private as one is made to believe.
Device Fingerprinting
This is similar to, but more advanced form of tracking compared to Browser Fingerprinting. They record details of your device like make, model, display resolution, operating system, time zone, GPS, sensor data, Information About Things Near Device (i.e Wi-Fi Access Points, Cell Towers, Bluetooth-enabled Devices, etc.).
You can change your browser, network, location, etc. But you are unlikely to change your device as frequently. You can be easily tracked using Device Fingerprinting.
Location/ Nearby Scanning/ WiFi/ Low Energy Bluetooth/ GPS
You can change your physical location, but it is highly likely that you will move with your family. So even if you use completely new accounts, they can still track you through your family members' accounts. That's how Facebook recommends same 'Friends' to you even if you use a new account.
Your device is constantly communicating with the tech around you - mobile towers, WiFi routers, Bluetooth devices, GPS, etc. That setting of 'Scanning Always Available' under Location Settings helps in improving this accuracy.
A new technology is in works that will allow tracking of your device even when it is switched OFF! Spyware is essentially being installed at the hardware level and your devices would be under surveillance 24x7.
Advertiser ID
As the name suggests, this is your Virtual Identity containing your interests, online activity history, etc that is provided to advertisers (even if anonymously) for targeted advertising.
You CAN reset this ID on all devices (Android, iOS, Windows, macOS, etc.) to reduce the amount of information advertisers know about you (even if anonymously).
Always Listening
The most privacy disrespecting feature. Your gadgets are constantly listening to you, waiting for your commands. All your personal conversations are recorded. Next feature will be Always Watching! They will develop some interesting application for this feature (like they did for identifying the music around you) and sell you devices that is constantly recording you using cameras!
Your Demographics
Name, Phone number, Date of Birth, Gender, and other details that you provide when creating your account. They have pretty much made it mandatory to give correct information without which you cannot create an account.
Your personal details, contacts, meta data of pictures and videos on your device, etc everything will be linked to identify you from your virtual identity.
CONCLUSION
No matter how hard one tries, he will leave several footprints about himself if using tech. The only way to avoid tracking is to completely give up on use of gadgets and communication devices. VPNs/ TOR Network won't protect you.
FUN FACT
ALL BIG TECH companies, including chip makers are American companies!
Software: Google, Apple, Microsoft, etc.
Hardware: Qualcomm, Intel, AMD, Apple, etc.
Social media: Facebook, Instagram, YouTube, Twitter, etc.
Streaming Services: Amazon, Netflix, etc.
News channels too (there are no journalists anymore; only media-persons)
....you name it: all are American companies! This isn't a mere coincidence!
So you know where all the data goes! And who does all the spying!
I bought a brand new phone and set it up WITHOUT any account. I have installed a few apps, including Revanced Extended with microG (not signed in to any account).
Guess what:
The YouTube feed is pretty much filled with the same recommendations and content from channels I have subscribed to on my other devices where I have signed in. 🫣
Here's another example:
How was my store visit inside a shopping mall tracked?
I was inside a shopping mall yesterday for a few hours. One of the shops/ store is an outlet of a well known electronics retail chain. I have purchased something there several months/ years back. I was inside this store yesterday too, but only...
forum.xda-developers.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Exactly what was written in OP.
Fake narrative building, creating false public perception and influencing people's mindset is why this is done. Everyone knows who controls all the technology and who has all the money in the world.
Yet people believe in the Chinese CCP crap because the biggest spy in the world has created an infrastructure that sells such stories to them.
That's all metadata! And you can stop most of it by installing Adguard with some common filters and setting require VPN for all connections. (this setting is hidden on quite some China OS Chinese phones).
And the same inforamtion is tracked by Chinese phones on global OS.
If you have a China OS Chinese phone - your actualy message content is censored and tracked. Get two China OS phones and send a message with some text about Winnie the Pooh and Xi Jinping - good luck receiving it...
You can notice that after any text message you receive the China OS spyware will send information to Chinese servers.
But yeah - it's okay for their global phones. Just not for the ones for Chinese market (=China OS). Cannot remove their dialer software because than their phone content analysis wouldn't work anymore and so on.
Just be happy you don't live in China. Spying there is on another level - but they are quite transparent about it. Everyone knows about it - unlike Europe/USA where people aren't so aware of what is tracked and what not.
It will upload any website you visited and much more.
And yeah an Iphone China OS or Samsung China OS will spy/censor just like a China OS Chinaphone. It's government policy (and that was the reason for google back some years to pull out of China/not start there. But that was in the good old don't be evil times - which are sadly over.
extremecarver said:
That's all metadata! And you can stop most of it by installing Adguard with some common filters and setting require VPN for all connections.
Click to expand...
Click to collapse
Some day it will be known that VPN was a big scam. It was just a tool used by spying agencies.
extremecarver said:
Just be happy you don't live in China. Spying there is on another level - but they are quite transparent about it. Everyone knows about it - unlike Europe/USA where people aren't so aware of what is tracked and what not.
Click to expand...
Click to collapse
That is the whole point. As mentioned in the last section of OP, everything you do online is being tracked continuously. Just that one country does it openly, while the other does it stealthily, covertly, and on a much much larger scale.
Tor was created by DARPA / Department of defense. They track everything.
immortalwon said:
Tor was created by DARPA / Department of defense. They track everything.
Click to expand...
Click to collapse
And they have made people believe they cannot be tracked.
TheMystic said:
Some day it will be known that VPN was a big scam. It was just a tool used by spying agencies.
That is the whole point. As mentioned in the last section of OP, everything you do online is being tracked continuously. Just that one country does it openly, while the other does it stealthily, covertly, and on a much much larger scale.
Click to expand...
Click to collapse
Local VPN surely isn't scam. You can check rules yourself. Other VPN depends on the provider
Thread Locked.
This thread like other threads of this nature has gone into politics and is locked.