7
Aug, 2020
341185664_covid19_tracking_app_phone_400.jpg

Nope, You Haven’t Been Hacked By Google and Apple’s COVID-19 App

341185664_covid19_tracking_app_phone_400.jpg

Google and Apple have recently started an initiative with local governments to try and help prevent the increased spread of COVID-19. Basically, this app would notify people if there were positive COVID-19 test results in their area. While this does bring up some major privacy concerns, we wanted to discuss something else today: the prevalence of false warnings that have already been forced onto mobile devices. Let’s dig in.

There’s been a consistent pattern that has emerged with popular software applications: a major update or other change is made, and uproar on social media ensues.

Just look at what happened when the Android platform’s Facebook application began requesting access to the user’s smartphone camera several years ago now. While this was required so that Facebook’s newly released native photo-taking capabilities could be embraced, there was still a lot said about it on social media.

Don’t get us wrong—many of the changes made in technology can be concerning, especially where it involves a user’s privacy. However, there is usually a ton of misinformation muddying the waters. Again, we’re not saying that you can always trust giant tech companies and their data collection policies… quite the opposite, in fact. You’re right to feel concerned at times and should be exercising the control over their collection of your data that you have a right to.

Having said that, we couldn’t help but notice an extreme response to the news of Apple and Google’s new COVID-19 contact tracing application framework.

So, Did Google or Apple Install a COVID-19 Tracking App on My Phone?

Nope.

Neither Google or Apple added an application to your mobile device without your knowledge or consent. What Google and Apple did was collaborate to develop an application framework, which can now be used by app developers as they create COVID-19 tracking apps.

However, due to sensationalism on social media, a lot of people are concerned. Just look at this post that has been making the rounds on Facebook:

“**VERY IMPORTANT ALERT!***

A COVID-19 sensor has been secretly installed into every phone. Apparently, when everyone was having “phone disruption” over the weekend, they were adding COVID-19 Tracker [SIC] to our phones!

If you have an Android phone, go under settings, then look for google settings and you will find it installed there.

If you are using an iPhone, go under settings, privacy, then health. It is there but not yet functional.

The App can notify you if you’ve been near someone who has been reported having COVID-19.”

There’s a lot of misleading information to unpack here. First, neither Google nor Apple secretly installed a new “sensor” (especially since we’re talking about a software update, not a hardware update).

This software update was simply a setting to enable the COVID-19 Exposure Notification system that the two platforms are preparing. When this system has its official applications developed, users will not only have to install the application and activate it, but also confirm that they want to participate with Google or Apple.

So, this update simply provides a unified framework for local governments and the health industry to use as they create their COVID-19 applications, while offering users the choice of whether they want to participate.

So No, This is NOT a COVID-19 Tracking App

Seriously, unless you consciously selected the option to “Install,” your mobile device isn’t going to start tracking you and those close to you to identify anyone with COVID-19. In fact, if you follow that Facebook post’s instructions to your settings, you’ll see that you have to A: install a participating application or B: finish setting up a participating application before your notifications can even be activated.

In a rare joint statement from Apple and Google, they go on record to say, “What we’ve built is not an app—rather public agencies will incorporate the API into their own apps that people install.”

To clarify further, an API is an Application Programming Interface. Think of it as the foundation of an application. By teaming up, Apple and Google have laid the foundation for others to build their own applications upon.

As a bonus, this also makes it easier for people to opt out. Unfortunately, if too many people decide not to use the system, it may not be reliable enough to work at all.

What Do We Know About these Tracking Apps?

Well, the system itself is extremely new, so responsibility for the official applications will fall to state and local governments.

The platform that Google and Apple co-developed is built to be decentralized, which will help to make it more secure. Basically, when a user opts to use one of these apps, their phone is assigned a random ID and it is then shared with other phones within the range of a Bluetooth connection. Each phone then stores an anonymous roster of the other IDs it has been in proximity to.

So, when someone is diagnosed with COVID-19, they would then manually share that with the contact tracing app. Then, with their permission, all the IDs that their phone has stored over the prior two weeks would be uploaded and those users would be sent a notification of their potential exposure. Your location isn’t shared, nobody’s identity is shared, not even Google or Apple will get this information. In addition to all this, that random ID is changed every 10 to 20 minutes, and the apps are not allowed to use your location or to track it in the background.

As a result, these apps are safe to use with complete anonymity, and to avoid opting in, you just wouldn’t install any COVID-19 tracking apps, official or not.

Uninstalling the COVID-19 Exposure Notification

Okay, since we know that some will want to ask this question, we felt we needed to address it.

In short, you shouldn’t because it isn’t an app, it is an API. As such, it can’t just be uninstalled. It is now part of the Android and iOS operating systems and is pushed to devices through security updates.

If you were to do some Internet snooping, you could find some walkthroughs on the Internet that take you through how to roll back your phone and other such processes, but that only leaves your device exposed to other threats. Again, there is nothing to uninstall, and neglecting future security updates is a terrible idea.

The API is nothing to worry about. It is nothing more than a setting, and one that is deactivated by default. If you really are worried, both Apple and Google have confirmed that not installing, or uninstalling, a COVID-19 Exposure Notification app is enough to avoid participation.

And again, since we can’t stress this enough:

DO NOT FOLLOW ANY INSTRUCTIONS ONLINE THAT WALK YOU THROUGH ROLLING BACK YOUR PHONE AND OPTING OUT OF SECURITY UPDATES. 

If you are that serious about your privacy, it just doesn’t make sense to expose that privacy to greater risk.

In our professional opinion, understanding the technology used to create the COVID-19 Exposure Notification system, every effort has been made to ensure the security and anonymity of its users. Keep in mind, there are also healthcare regulations to comply with as well, and our clients will know how stringent they are where data privacy is concerned.

The decision whether or not to use the COVID-19 Exposure Notification system falls to you, but you can rest assured that both Google and Apple have done everything right to keep their system safe, private, and secure.

Please, to learn more about these technologies, don’t hesitate to give us a call.

4
May, 2016
iphone_storage_trick_400.jpg

Tip of the Week: Try This Weird Trick to Free Up Space on Your iPhone

iphone_storage_trick_400.jpg

It’s a situation that’s all too familiar to an iPhone user: after taking a gorgeous picture, or trying to download a new app, the device flashes up a warning that there is not enough storage to complete the download. So what do you do?

Most people would do either of two things, depending on how badly they wanted to complete what they had first attempted. They would either start cleaning out the apps on their phone, deleting the ones they no longer used, or give up and not download the app. However, what if there was another option? One that would allow a user to free up storage space without sacrificing other files and applications that they would rather keep?

According to Reddit user eavesdroppingyou, there is a trick that has been verified by dozens of other users and quite a few technology websites since the original thread was started. All one has to do is try to rent a movie from the iTunes store. Not just any movie, however; one with a file size larger than the amount of available space left on the phone.

The trick works like this: a user enters the Settings on their phone and checks how much space is left available in the device’s memory. They then enter the iTunes store and attempt to rent a movie with a file size larger than the allotted space remaining. The phone will notify the user that there is not enough available storage to download their selection, giving the user the option to either accept the notification or travel back to Settings. If the user returns to Settings to reevaluate their available storage space, it will have increased since they attempted their futile download.

This is apparently because the iPhone will try to make room for the file by clearing out extraneous data from the apps you already have, like cookies and histories, which take up extra space while serving no real purpose. This process can be repeated, as the memory gains will most likely be incremental. After a few attempts, however, a user can accumulate a considerable amount of extra space. Commenters and posters on the Reddit thread and the various websites publicizing the find have reported memory gains ranging from a few hundred megabytes to a few gigabytes.

What makes the process even nicer is that, since the rental is unable to complete its download, the user is not charged for it and receives data space at essentially no cost. As long as, that is, they remember to check their available storage between attempts, so that they don’t inadvertently rent a movie by clearing up enough space to host it on their device.

Furthermore, this in no way voids any warranty and requires no jailbreaking of the device. The riskiest aspect of this method is the possibility of the trick adding a few megabytes of data to the phone (as has been reported by a few commenters), or perhaps renting a movie that there was no interest in watching. Regarding that, who knows – the rented movie just might become a new favorite.

How would you make use of the newly freed-up space on your phone? Leave a comment below and let us know what your next download will be!

13
Nov, 2015
b2ap3_thumbnail_cell_phone_hack_400.jpg

How a Nearby Hacker Can Access Your Phone Through Google Now and Siri

b2ap3_thumbnail_cell_phone_hack_400.jpgThese days, mobile exploits aren’t anything to be surprised about. Most people consider their smartphones to be more secure than their desktops or laptops, but the fact remains that there are just as many exploits, if not more, for mobile devices as there are for PCs. One of the latest mobile threats that can infiltrate your iPhone or Android device takes advantage of Siri and Google Now.

This exploit can use Siri and Google Now to perform any number of actions using your mobile device. The hacker can silently issue commands to devices that have headphones plugged in, acting as a receiving antenna. For example, the headsets that business owners love to use to communicate while out and about could work for this exploit. The headphones antenna acts like an FM radio chip that can communicate with mobile devices.

ZDNet explains further how this particular exploit works:

With the open source GNU Radio software on a laptop, electromagnetic signals can be sent to those devices. Depending on the sent command, Siri or Google Now can be told to open up a website, send a text, place a call or do any other number of things.

In order to pull this hack off, the attacker only needs to use a laptop with some sort of antenna apparatus to broadcast the signal. All of this could easily be concealed in a backpack and taken on the move. Granted, this exploit is also dependant on whether or not users will leave headphones plugged into the device when not in use, which is relatively unlikely.

Researchers further explained that this hack can work from around six feet from the phone, meaning that the hacker still has to get somewhat near the victim. Furthermore, the signal could potentially extend up to 16 feet from the victim, if the hacker has a powerful enough battery and antenna. Of course, this kind of powerful equipment isn’t nearly as portable as a laptop, making it somewhat inefficient to use, despite the further range.

Finally, it’s very likely that users will notice that their devices are being tampered with before the hacker manages to do anything fishy. The hack doesn’t disable the display of the device, so anyone who is currently using their device will notice what’s happening and react to it, hopefully. These types of hacks are one reason that you should always practice proper smartphone security and use a lock screen. It’s not known if this trick can bypass the lock screen, but either way, it’s a best practice to always be using one. You never know who could get into your device if you’re not using it, especially if you lose it or it gets stolen in a public place. This is why you need some sort of login credential for your device, just like you would for your laptop or desktop PC.

What are your thoughts on this new exploit? Do you think there’s a chance that this kind of vulnerability could be a threat to the business world, or do you think there’s little chance of it having any practical use? Let us know in the comments.