At a glance.
- Are anti-pornography apps spyware?
- Update on the Optus data breach.
Are anti-pornography apps spyware?
Wired takes a deep dive into the growing use of anti-pornography apps to control how users view adult content on their phones and other devices. Marketed as “accountability apps,” platforms like Covenant Eyes are able to monitor everything a user views and does on their device, detect pornographic images, and collect internet histories, complete with screenshots and reports of web activity. Data is sent to an “accountability partner,” and such monitoring software has become popular with parents and churches who want to keep tabs on their descendants or parishioners.
Such monitoring certainly raises questions about privacy rights, and Google found at least two of the leading accountability apps, Covenant Eyes and Accountable2You, to be in violation of its policies. A spokesman for Covenant Eyes said the company is “concerned” that “people are being monitored without proper consent” and advises against using the app in relationships where there is a power imbalance, noting that “accountable relationships are better.” between people who already know each other and want the best for each other, like close personal friends and family members.” Still, researchers found that such apps exploit Android’s permissions to collect far more data than is required for viewing porn is, and monitor practically everything the user does on their phone. And the collection of such large amounts of data raises questions about how the data is stored and protected, and what might happen if it falls into the wrong hands. Spokesperson Danielle Cohen explained: “Google Play allows the use of the Accessibility API for a variety of applications. However, only services designed to help people with disabilities access their device or otherwise address challenges that arise from their disabilities may be declared as accessibility tools.” When Google was notified of the apps’ exploitation of access permissions , blocked Google Covenant Eyes and Accountable2You from the Google Play Store, but both apps are still available on iOS as they have not been confirmed to exploit Apple’s permissions.
Update on the Optus data breach.
As we discovered yesterday, Australian mobile operator Optus suffered a cyber attack this week that resulted in the compromise of customer data. The Office of the Australian Data Protection Commissioner has released an official statement on the breach, stating: “The OAIC will work with Optus to ensure compliance with the requirements of the reportable data breach (NDB) regime, in accordance with our usual process.” Although Optus says While it’s still uncertain how many people were affected, customers dating back to 2017 may have been affected, the Guardian reports. CEO Kelly Bayer Rosemary says the possibility that the incident would affect Optus’ entire subscriber base — about 9.8 million customers — would be the “worst-case scenario.” She added: “We have reason to believe the number is actually lower. But we are working to reconstruct exactly what the attackers received.” The attackers are believed to have exploited a vulnerability in an application programming interface (API), but Optus has not confirmed this as an investigation led by the Australian Federal Police and the Australian Cyber Security Center is ongoing.
Because they wait until the investigation is complete before sending official notification letters to victims, Optus has relied on notifying customers of the breach through the media. Some Optus customers have taken to social media to express their frustration at what they feel is a lack of clarity. But Kaspersky cybersecurity researcher David Emm told BBC News: “It’s good to see that Optus has announced it will be contacting those it believes have been impacted and will not send messages via email or SMS will send [text] Messages – this makes it clear to customers that any such messages they receive are fake.” It’s worth noting that threat analyst Brett Callow stated on Twitter that the names and email addresses of 1.1 million Optus customers since the 17. “We don’t yet know who these attackers are and what they intend to do with this information, so we urgently need an answer from the Australian team,” said Bayer Rosemary. Meanwhile, ABC notes that Optus recommends that customers who are concerned their details have been exposed check the government’s Money Smart platform and the Identity Fraud page on the Office of Australian Information Commissioner’s website.