O'Grady's PowerPage » privacy

Apple cites that it’s “impossible” to unlock iPhones running iOS 8 or later for authorities

Posted by:
Date: Friday, October 23rd, 2015, 13:41
Category: iOS, iPhone, Legal, News, privacy, security, Software


The legal/encryption squabble continues.

On Wednesday, Apple, representing itself in a New York court, took sides regarding backdoor access to iPhone encryption and stated that the company could not unlock iPhones running iOS 8 or higher even if it wanted to.

Apple called the request to access an encrypted iPhone “impossible to perform” on more than 90 percent of devices running iOS 8 and up.


Apple removes hundreds of apps from App Store, third-party APIs found to collect private information

Posted by:
Date: Monday, October 19th, 2015, 08:02
Category: Developer, iOS, News, privacy, Software


Well, this is a bit of a mess.

Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs (Application Programming Interfaces) to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers.

Apple has confirmed that the SourceDNA report contributed to its removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines. Apple has also patched its approval processes to prevent any more apps that use this technique to make it onto the App Store.


AT&T ceases “permacookie” tracking program for the time being, Verizon still enacting its own version

Posted by:
Date: Monday, November 17th, 2014, 04:45
Category: iPhone, News, privacy, wireless


There are consequences for when a wireless carrier installs something that apparently tracks its user base a little too closely with no convenient means of removal.

Per Macworld and ProPublica, wireless carriers Verizon and AT&T have been caught up in a privacy firestorm over their use of so-called “permacookies,” a method of tracking what their users do while browsing the Web with the intent of sharing that data with advertisers. Verizon’s permacookie program lives on, but AT&T has ceased the practice.


iOS 8’s MAC randomization requires cellular data & location services to be disabled

Posted by:
Date: Saturday, September 27th, 2014, 15:36
Category: iOS, iOS 8, iPhone, privacy

You know that we love, cherish and respect your privacy here at The PowerPage, right?

Privacy bugs will be interested in reading Apple’s new “Privacy built in” microsite, which extolls the virtues of some of the new privacy features that are baked into iOS 8. While it’s a huge step in the right directions for the consumer (so much so that the FBI is spreading FUD about it), some industry experts are taking issue with one of the new features.

At issue is what Apple calls Randomized Wi-Fi addresses. In reading that section of Privacy Built In, one could be left to believe that merchants and retailers can no longer track your movements and behavior by scanning your iPhone’s Wi-Fi MAC address. While Apple has taken steps to obscure it in iOS 8, it’s not a simple (or automatic) as Apple leads us to believe.

A new blog post from AirTight Networks’ Bhupinder Misra called “iOS8 MAC Randomization – Analyzed!” (read parts 1 and 2) takes issue with Apple’s claims that iOS 8 uses randomized and locally administrated Wi-Fi MAC addresses in the probing state. For his blog posts Misra used sophisticated packet sniffing gear to dig into the inner workings of randomized MAC addresses.

His conclusions:

On the iPhone 5s, MAC randomization happens only under the following conditions:

  1. Phone is in sleep mode (display off, not being used)
  2. Wi-Fi should be ON but not associated
  3. Location services should be OFF in privacy settings

Then after reading scandalous reports from The Washington Post and Gizmodo stating that “Apple’s new feature to curb phone tracking won’t work if you’re actually using your phone” he decided to dig a little deeper and discovered that location services should be OFF for random MAC addresses to actually show up.

It has to do with the cellular data connection setting. Basically, if the phone’s cellular data connection is ON, there is no MAC randomization! If you now turn OFF the cellular data connection (Settings -> Cellular -> Cellular Data OFF), random MAC addresses show up.


iOS8 MAC RandomGate:  Who turns OFF location services AND turns OFF cellular data connection while using their iPhone?

So if both Cellular Data and Location Services have to be switched off to randomize MAC addresses, it’s not really much of a privacy feature then, is it? I think that Apple needs to clarify how this feature really works and it should probably remove it completely from the fancy new Privacy Built In page.

Misra says it best:

Bottom line, this further shrinks the population which is covered by MAC address randomization, perhaps to inconsequential levels and maybe even zero. Who turns OFF location services AND turns OFF cellular data connection while using their iPhone. That is why I now call it “iOS8 MAC RandomGate”.

Apple’s done a lot right with respect to user privacy, but this one seems a tad disingenuous to me.

Samsung’s fingerprint scanner not immune to hackers

Posted by:
Date: Thursday, April 17th, 2014, 08:17
Category: Android, Hacks, privacy, Samsung, security



It was only a matter of time before someone found a weakness in the fingerprint scanner found on the new Samsung Galaxy S5. Too bad Samsung didn’t learn anything from Apple’s experiences with fingerprint hacking. The very same hack that was used to bypass the iPhone 5S’s scanner, that we reported on last September, has now been used to get past the one on the Galaxy S5. The security blog SRlabs has posted a video of a fake fingerprint, which was copied from a photo image and reproduced, being used to unlock a Galaxy S5.


Heartbleed bug hits the Internet

Posted by:
Date: Friday, April 11th, 2014, 08:25
Category: Announcement, Hacks, privacy, security, Websites

heartbleedA newly announced bug, dubbed “Heartbleed” has got online companies on the run as they race to patch the insecurity. In spite of all the current fervor however, the bug has actually been around for about two years. It may also be the first wide-scale bug to have its own web page and logo (heartbleed.com). Heartbleed is based on a fault in functionality in the widely used OpenSSL library. OpenSSL is the cryptographic software that protects information being transferred from server to server throughout the internet. It is meant to stop hackers from intercepting secure information such as logins, usernames, passwords, credit card numbers, and other personal information.


Recent security updates make Macs more secure, unless you’re a Snow Leopard user

Posted by:
Date: Monday, March 3rd, 2014, 08:47
Category: Apple, Lion, Mac, privacy, Processors, security, Software

snowleopardEverybody was concerned last week when it was announced that a nasty bug in OS X was leaving Macs vulnerable to attacks that could grab information traveling across shared networks. While it has been confirmed that the bug only affected Mavericks, Apple simultaneously posted security updates for Mountain Lion (10.8) and Lion (10.7), but there was no sign of any security love for Snow Leopard (10.6). This really shouldn’t be a surprise to most people since 10.6 was also skipped when a previous security update was released as well as an update to the Safari browser. The omission of 10.6 from the current update simply confirms that Snow Leopard is no longer on Apple’s radar.


If you thought Google+ was a joke, maybe the joke was on us

Posted by:
Date: Monday, February 24th, 2014, 08:25
Category: Google, privacy, security, Services, Social

google_plus_04Are you an avid Google+ user? Yeah, me neither, but there are still a few people who seem to actively use it, if for no other reason than to advertise their blog posts. I think for me personally, it was just one social network too many, too late. I was already on Twitter, Facebook, Path, and occasionally Instagram and Tumblr. There was no room for Google+ and I think it dropped off most people’s radar for similar reasons. There was also that nasty business shortly after the launch of Google Buzz (now buried under a rock somewhere) where ALL your contact data on Google was automatically shared with everybody. That probably didn’t exactly encourage people to use a new, similar service.


Chrome bug captures your every word behind your back

Posted by:
Date: Thursday, January 23rd, 2014, 08:37
Category: Announcement, Google, Hack, Opinion, privacy, security, Software, Websites

googlelisten2As if people were not paranoid enough about the amount of data Google captures about them, a recently discovered bug in Google’s Chrome web browser can now capture everything you say in front of your computer without you even knowing about it. And here is the kicker…it’s probably not even Google who is after your voice, it’s random hackers taking advantage of the exploit. According to developer Tal Ater, who discovered the exploit, the bug allows a malicious web site to open another browser window (just like a pop-up ad) behind the main window which continues to record your voice -even after you’ve closed the original site window- and sends the recorded data first through Google for processing, and then on to wherever the hacker wants.


Will the next NSA satellite have an Apple logo?

Posted by:
Date: Wednesday, January 1st, 2014, 08:24
Category: Apple, Consumer Electronics, iOS, iPhone, Legal, Mobile, Mobile Phone, News, privacy, security, Services, Software

geoeye-1-satellite-apple-460Well, perhaps that is a stretch, but Apple’s possible connection with the NSA was revealed in a report dating back to 2008. Reuters explains that the report outlined a system that the NSA was developing, called DROPOUTJEEP, which would be software implanted into an iPhone that allows infiltrators to push and pull and retrieve data from iPhones such as contact lists. The report didn’t actually specify any involvement by or with Apple, although the iPhone is referenced in the report.