Jump to content

Spyware-laden 'privacy' extensions and apps affect over 11 million users


Recommended Posts

Posted

Researchers have discovered a collection of privacy-related apps and browser extensions that track users' activity and send it to a remote server. The suspicious software has over 11 million users in total, and include extensions for Chrome and Firefox, as well as mobile apps for iOS and Android.

According to Andrey Meshkov of AdGuard, the extensions all appear to belong to one company: Big Star Labs. This isn't immediately obvious because many of the apps are published under different names, and their privacy policies are only available as image files, which means the text can't be indexed by Google. AdGuard was only able to find the connections by trawling through the policies manually.

Meshkov found issues with the following tools (some of which have now been removed from the respective app stores):

  • Block Site
  • AdblockPrime
  • Mobile Health Club apps
  • Poper Blocker
  • CrxMouse

Read the fine print

The mobile apps are particularly concerning. All of the Android apps request access to the operating system's Accessibility Services, which allows apps to perform tasks that would usually require user interaction, such as tapping and swiping (something Google tried to crack down on last year).

Meanwhile, one iOS app offers to install a Mobile Device Management profile, which allows it to see all the apps installed on your phone, see your browser history, and potentially even install new apps.

"It is no 'new' news that our personal data is valuable," Meshkov concludes. "Those who want to profit from acquiring it will always surround us. With this in mind, I will never tire of repeating two simple rules one needs to follow if they care about preserving their privacy and security: Read the privacy policy before installing anything [and] never install anything made by a developer you don't trust."

sdPzbWTF4RQ

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.