msgid "Malware in Mobile Devices - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "product /" msgstr "" #. type: Content of: <div><h2> msgid "Malware in Mobile Devices" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "Nearly all mobile phones do two grievous wrongs to their users: tracking " "their movements, and listening to their conversations. This is why we call " "them “Stalin's dream”." msgstr "" #. type: Content of: <div><div><p> msgid "" "Tracking users' location is a consequence of how the cellular network " "operates: it needs to know which cell towers the phone is near, so it can " "communicate with the phone via a nearby tower. That gives the network " "location data which it saves for months or years. See <a " "href=\"#phone-communications\">below</a>." msgstr "" #. type: Content of: <div><div><p> msgid "" "Listening to conversations works by means of a universal <a " "href=\"#universal-back-door-phone-modem\">back door</a> in the software of " "the processor that communicates with the phone network." msgstr "" #. type: Content of: <div><div><p> msgid "" "In addition, the nonfree operating systems for “smart” phones " "have specific malicious functionalities, described in <a " "href=\"/proprietary/malware-apple.html\">Apple's Operating Systems are " "Malware</a> and <a href=\"/proprietary/malware-google.html\">Google's " "Software Is Malware</a> respectively." msgstr "" #. type: Content of: <div><div><p> msgid "Many phone apps are malicious, too. See <a href=\"#TOC\">below</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Network location tracking" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "This section describes a malicious characteristic of mobile phone networks: " "location tracking. The phone network <a " "href=\"https://ssd.eff.org/playlist/privacy-breakdown-mobile-phones\"> " "tracks the movements of each phone</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Strictly speaking, this tracking is not implemented by any specific software " "code; it is inherent in the cellular network technology. The network needs " "to know which cell towers the phone is near, so it can communicate with the " "phone via a nearby tower. There is no technical way to block or avoid the " "tracking and still have cellular communication with today's cellular " "networks." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Networks do not limit themselves to using that data momentarily. Many " "countries (including the US and the EU) require the network to store all " "location data for months or years, and while stored it is available for " "whatever use the network permits, or the State requires. This can put the " "user in great danger." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "US states that ban abortion talk about making it a crime to go to another " "state to get an abortion. They could <a " "href=\"https://www.cnn.com/2022/08/29/tech/wireless-carriers-locations-fcc/index.html\"> " "use various forms of location tracking, including the network, to prosecute " "abortion-seekers</a>. The state could subpoena the data, so that the " "network's “privacy” policy would be irrelevant." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "That article explains why wireless networks collect location data, one " "unavoidable reason and one avoidable (emergency calls). It also explains " "some of the many ways the location data are used." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "Networks should never do localization for emergency calls except when you " "make an emergency call, or when there is a court order to do so. It should " "be illegal for a network to do precise localization (the kind needed for " "emergency calls) except to handle an emergency call, and if a network does " "so illegally, it should be required to inform the owner of the phone in " "writing on paper, with an apology." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "The authorities in Venice track the <a " "href=\"https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html\"> " "movements of all tourists</a> using their portable phones. The article says " "that <em>at present</em> the system is configured to report only aggregated " "information. But that could be changed. What will that system do 10 years " "from now? What will a similar system in another country do? Those are the " "questions this raises." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "Network location tracking is used, among other techniques, for <a " "href=\"https://www.linkedin.com/pulse/location-based-advertising-has-starbucks-coupon-finally-john-craig\"> " "targeted advertising</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Designs for networks that wouldn't track phones have been developed, but " "using those methods would call for new networks as well as new phones." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Types of malware in mobiles" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#addictions\">Addictions</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#back-doors\">Back doors</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#deception\">Deception</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#drm\">DRM</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#insecurity\">Insecurity</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#interference\">Interference</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#jails\">Jails</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#manipulation\">Manipulation</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#sabotage\">Sabotage</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#surveillance\">Surveillance</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#tyrants\">Tyrants</a>" msgstr "" #. type: Content of: <div><div><h3> msgid "Addictions" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/lifeandstyle/2024/nov/03/addicted-to-love-how-dating-apps-exploit-their-users\">Dating " "apps exploit their users</a>; fundamental features require an expensive " "subscription, and they are designed to be addictive." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many popular mobile games include a random-reward system called <a " "href=\"/proprietary/proprietary-addictions.html#gacha\"> <i>gacha</i></a> " "which is especially effective on children. One variant of gacha was declared " "illegal in Japan in 2012, but the other variants are still <a " "href=\"https://www.forbes.com/sites/olliebarder/2016/04/04/japanese-mobile-gaming-still-cant-shake-off-the-spectre-of-exploitation/\"> " "luring players into compulsively spending</a> inordinate amounts of money on " "virtual toys." msgstr "" #. type: Content of: <div><div><h3> msgid "Back Doors" msgstr "" #. type: Content of: <div><div><p> msgid "" "Almost every phone's communication processor has a universal back door which " "is <a " "href=\"https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html\"> " "often used to make a phone transmit all conversations it hears</a>." msgstr "" #. type: Content of: <div><div><p> msgid "" "The back door <a class=\"not-a-duplicate\" " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "may take the form of bugs that have gone 20 years unfixed</a>. The choice " "to leave the security holes in place is morally equivalent to writing a back " "door." msgstr "" #. type: Content of: <div><div><p> msgid "" "The back door is in the “modem processor”, whose job is to " "communicate with the radio network. In most phones, the modem processor " "controls the microphone. In most phones it has the power to rewrite the " "software for the main processor too." msgstr "" #. type: Content of: <div><div><p> msgid "" "A few phone models are specially designed so that the modem processor does " "not control the microphone, and so that it can't change the software in the " "main processor. They still have the back door, but at least it is unable to " "turn the phone unto a listening device." msgstr "" #. type: Content of: <div><div><p> msgid "" "The universal back door is apparently also used to make phones <a " "href=\"http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html\"> " "transmit even when they are turned off</a>. This means their movements are " "tracked, and may also make the listening feature work." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android phones subsidized by the US government come with <a " "href=\"https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/\"> " "preinstalled adware and a back door for forcing installation of apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The adware is in a modified version of an essential system configuration " "app. The back door is a surreptitious addition to a program whose stated " "purpose is to be a <a " "href=\"https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/\"> " "universal back door for firmware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, a program whose raison d'être is malicious has a secret " "secondary malicious purpose. All this is in addition to the malware of " "Android itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A very popular app found in the Google Play store contained a module that " "was designed to <a " "href=\"https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/\">secretly " "install malware on the user's computer</a>. The app developers regularly " "used it to make the computer download and execute any code they wanted." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is a concrete example of what users are exposed to when they run " "nonfree apps. They can never be completely sure that a nonfree app is safe." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones come with <a " "href=\"https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/\"> " "a universal back door in the application processor, for Xiaomi's use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is separate from <a href=\"#universal-back-door-phone-modem\">the " "universal back door in the modem processor that the local phone company can " "use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu's proprietary Android library, Moplus, has a back door that <a " "href=\"https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made\"> " "can “upload files” as well as forcibly install apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It is used by 14,000 Android applications." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor\"> " "A Chinese version of Android has a universal back door</a>. Nearly all " "models of mobile phones have a <a href=\"#universal-back-door-phone-modem\"> " "universal back door in the modem chip</a>. So why did Coolpad bother to " "introduce another? Because this one is controlled by Coolpad." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor\"> " "Samsung Galaxy devices running proprietary Android versions come with a back " "door</a> that provides remote access to the files stored on the device." msgstr "" #. type: Content of: <div><div><h3> msgid "Deception" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps fool their users by asking them to decide what permissions " "to give the program, and then <a " "href=\"https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/\"> " "bypassing these permissions</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Android system is supposed to prevent data leaks by running apps in " "isolated sandboxes, but developers have found ways to access the data by " "other means, and there is nothing the user can do to stop them from doing " "so, since both the system and the apps are nonfree." msgstr "" #. type: Content of: <div><div><h3> msgid "DRM" msgstr "" #. type: Content of: <div><div><p> msgid "" "Digital restrictions management, or “DRM,” refers to " "functionalities designed to restrict what users can do with the data in " "their computers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Netflix Android app <a " "href=\"https://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/\"> " "forces the use of Google DNS</a>. This is one of the methods that Netflix " "uses to enforce the geolocation restrictions dictated by the movie studios." msgstr "" #. type: Content of: <div><div><h3> msgid "Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "These bugs are/were not intentional, so unlike the rest of the file they do " "not count as malware. We mention them to refute the supposition that " "prestigious proprietary software doesn't have grave bugs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A security researcher found that the iOS in-app browser of TikTok <a " "href=\"https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows\"> " "injects keylogger-like JavaScript code into outside web pages</a>. This code " "has the ability to track all users' activities, and to retrieve any personal " "data that is entered on the pages. We have no way of verifying TikTok's " "claim that the keylogger-like code only serves purely technical " "functions. Some of the accessed data could well be saved to the company's " "servers, and even sent to third parties. This would open the door to " "extensive surveillance, including by the Chinese government (to which TikTok " "has indirect ties). There is also a risk that the data would be stolen by " "crackers, and used to launch malware attacks." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iOS in-app browsers of Instagram and Facebook behave essentially the " "same way as TikTok's. The main difference is that Instagram and Facebook " "allow users to access third-party sites with their default browser, whereas " "<a " "href=\"https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/\"> " "TikTok makes it nearly impossible</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The researcher didn't study the Android versions of in-app browsers, but we " "have no reason to assume they are safer than the iOS versions." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Please note that the article wrongly refers to crackers as " "“hackers.”</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "nonfree firmware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A half-blind security critique of a tracking app: it found that <a " "href=\"https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/\"> " "blatant flaws allowed anyone to snoop on a user's personal data</a>. The " "critique fails entirely to express concern that the app sends the personal " "data to a server, where the <em>developer</em> gets it all. This " "“service” is for suckers!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The server surely has a “privacy policy,” and surely it is " "worthless since nearly all of them are." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Interference" msgstr "" #. type: Content of: <div><div><p> msgid "" "This section gives examples of mobile apps harassing or annoying the user, " "or causing trouble for the user. These actions are like sabotage but the " "word “sabotage” is too strong for them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20231011121908/https://www.makeuseof.com/how-to-remove-ads-on-samsung/\">Samsung's " "Push Service proprietary app</a> sends notifications to the user's phone " "about “updates” in Samsung apps, including the Gaming Hub, but " "these updates only sometimes have to do with a new version of the apps. Many " "times, the notifications from Gaming Hub are simply ads for games that they " "think the user should install based on the data collected from the " "user. Most importantly, <a " "href=\"https://web.archive.org/web/20240305093416/https://getfastanswer.com/3486/how-to-remove-samsung-push-service-on-a-smartphone\">it " "cannot be permanently disabled.</a>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/\">WeddingWire " "app saves people's wedding photos forever and hands over data to others</a>, " "giving users no control over their personal information/data. The app also " "sometimes shows old photos and memories to users, without giving them any " "control over this either." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones come preloaded with <a " "href=\"https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook\"> " "a version of the Facebook app that can't be deleted</a>. <a " "href=\"https://www.infopackets.com/news/10484/truth-behind-undeletable-facebook-app\"> " "Facebook claims this is a stub</a> which doesn't do anything, but we have to " "take their word for it, and there is the permanent risk that the app will be " "activated by an automatic update." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Preloading crapware along with a nonfree operating system is common " "practice, but by making the crapware undeletable, Facebook and Samsung (<a " "class=\"not-a-duplicate\" " "href=\"https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook\">among " "others</a>) are going one step further in their hijacking of users' " "devices." msgstr "" #. type: Content of: <div><div><h3> msgid "Manipulation" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Femm “fertility” app is secretly a <a " "href=\"https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners\"> " "tool for propaganda</a> by natalist Christians. It spreads distrust for " "contraception." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It snoops on users, too, as you must expect from nonfree programs." msgstr "" #. type: Content of: <div><div><h3> msgid "Sabotage" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html\">To " "block non-Apple repairs, Apple encodes the iMonster serial number in the " "original parts</a>. This is called “parts pairing”. Swapping " "parts between working iMonsters of the same model causes malfunction or " "disabling of some functionalities. Part replacement may also trigger " "persistent alerts, unless it is done by an Apple store." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A new app published by Google <a " "href=\"https://www.xda-developers.com/google-device-lock-controller-banks-payments/\">lets " "banks and creditors deactivate people's Android devices</a> if they fail to " "make payments. If someone's device gets deactivated, it will be limited to " "basic functionality, such as emergency calling and access to settings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung is forcing its smartphone users in Hong Kong (and Macau) <a " "href=\"https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/\">to " "use a public DNS in Mainland China</a>, using software update released in " "September 2020, which causes many unease and privacy concerns." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Twenty nine “beauty camera” apps that used to be on Google Play " "had one or more malicious functionalities, such as stealing users' photos " "instead of “beautifying” them, <a " "href=\"https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/\"> " "pushing unwanted and often malicious ads on users, and redirecting them to " "phishing sites</a> that stole their credentials. Furthermore, the user " "interface of most of them was designed to make uninstallation difficult." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users should of course uninstall these dangerous apps if they haven't yet, " "but they should also stay away from nonfree apps in general. <em>All</em> " "nonfree apps carry a potential risk because there is no easy way of knowing " "what they really do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple and Samsung deliberately <a " "href=\"https://www.theguardian.com/technology/2018/oct/24/apple-samsung-fined-for-slowing-down-phones\">degrade " "the performance of older phones to force users to buy their newer " "phones</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Surveillance" msgstr "" #. type: Content of: <div><div><p> msgid "" "See above for the general universal back door in essentially all mobile " "phones, which permits converting them into <a class=\"not-a-duplicate\" " "href=\"#universal-back-door-phone-modem\"> full-time listening devices</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Pixel 9 “smart”phone <a " "href=\"https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/\"> " "frequently updates Google servers with its location and current " "configuration</a> along with personally identifiable data, raising concerns " "about user privacy. Moreover, it communicates with services that are not in " "use, and periodically attempts to download experimental, possibly insecure " "software. The system does not inform the user that it is doing all this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "There is hope, however: it is possible to <a " "href=\"https://doc.e.foundation/devices\"> replace the original Android " "operating system with a deGoogled version</a> in Pixel phones up to 8a, and " "in phones from many other brands. No doubt that the Pixel 9 will be " "supported soon." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Yandex company has started to <a " "href=\"https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b\"> " "give away Yango taxi ride data to Russia's Federal Security Service " "(FSB)</a>. The Russian government (and whoever else receives the the data) " "thus has access to a wealth of personal information, including who traveled " "where, when, and with which driver. Yandex <a " "href=\"https://yandex.ru/legal/confidential/?lang=en\"> claims that it " "complies with European regulations</a> for data collected in the European " "Economic Area, Switzerland or Israel. But what about the rest of the world?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Pinduoduo app <a " "href=\"https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html\"> " "snoops on other apps, and takes control of them</a>. It also installs " "additional malware that is hard to remove." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Canada has fined the company Tim Hortons for making <a " "href=\"https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/\"> " "an app that tracks people's movements</a> to learn things such as where they " "live, where they work, and when they visit competitors' stores." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The data broker X-Mode <a " "href=\"https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker\">bought " "location data about 20,000 people collected by around 100 different " "malicious apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows\">Almost " "all proprietary health apps harvest users' data</a>, including sensitive " "health information, tracking identifiers, and cookies to track user " "activities. Some of these applications are tracking users across different " "platforms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/\">TikTok " "apps collect biometric identifiers and biometric information from users' " "smartphones</a>. The company behind it does whatever it wants and collects " "whatever data it can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary program Clubhouse is malware and a privacy " "disaster. Clubhouse <a " "href=\"https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble\">collects " "people's personal data such as recordings of people's conversations</a>, " "and, as a secondary problem, does not encrypt them, which shows a bad " "security part of the issue." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A user's unique Clubhouse ID number and chatroom ID are transmitted in " "plaintext, and Agora (the company behind the app) would likely have access " "to users' raw audio, potentially providing access to the Chinese government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even with good security of data transmission, collecting personal data of " "people is wrong and a violation of people's privacy rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many cr…apps, developed by various companies for various " "organizations, do <a " "href=\"https://www.expressvpn.com/digital-security-lab/investigation-xoth\"> " "location tracking unknown to those companies and those organizations</a>. " "It's actually some widely used libraries that do the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What's unusual here is that proprietary software developer A tricks " "proprietary software developers B1 … B50 into making platforms for A " "to mistreat the end user." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu apps were <a " "href=\"https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/\"> " "caught collecting sensitive personal data</a> that can be used for lifetime " "tracking of users, and putting them in danger. More than 1.4 billion people " "worldwide are affected by these proprietary apps, and users' privacy is " "jeopardized by this surveillance tool. Data collected by Baidu may be handed " "over to the Chinese government, possibly putting Chinese people in danger." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most apps are malware, but Trump's campaign app, like Modi's campaign app, " "is <a " "href=\"https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/\"> " "especially nasty malware, helping companies snoop on users as well as " "snooping on them itself</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article says that Biden's app has a less manipulative overall approach, " "but that does not tell us whether it has functionalities we consider " "malicious, such as sending data the user has not explicitly asked to send." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/\">report " "many actions the user takes</a>: starting an app, looking at a folder, " "visiting a website, listening to a song. They send device identifying " "information too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Other nonfree programs snoop too. For instance, Spotify and other streaming " "dis-services make a dossier about each user, and <a " "href=\"/malware/proprietary-surveillance.html#M201508210\"> they make users " "identify themselves to pay</a>. Out, out, damned Spotify!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Forbes exonerates the same wrongs when the culprits are not Chinese, but we " "condemn this no matter who does it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google, Apple, and Microsoft (and probably some other companies) <a " "href=\"https://www.lifewire.com/wifi-positioning-system-1683343\">are " "collecting people's access points and GPS coordinates (which can identify " "people's precise location) even if their GPS is turned off</a>, without the " "person's consent, using proprietary software implemented in person's " "smartphone. Though merely asking for permission would not necessarily " "legitimize this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Alipay Health Code app estimates whether the user has Covid-19 and <a " "href=\"https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html\"> " "tells the cops directly</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The ToToc messaging app seems to be a <a " "href=\"https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html\"> " "spying tool for the government of the United Arab Emirates</a>. Any nonfree " "program could be doing this, and that is a good reason to use free software " "instead." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note: this article uses the word “free” in the sense of " "“gratis.”</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "iMonsters and Android phones, when used for work, give employers powerful <a " "href=\"https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy\"> " "snooping and sabotage capabilities</a> if they install their own software on " "the device. Many employers demand to do this. For the employee, this is " "simply nonfree software, as fundamentally unjust and as dangerous as any " "other nonfree software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Facebook app <a " "href=\"https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/\"> " "tracks users even when it is turned off</a>, after tricking them into giving " "the app broad permissions in order to use one of its functionalities." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some nonfree period-tracking apps including MIA Fem and Maya <a " "href=\"https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem\"> " "send intimate details of users' lives to Facebook</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Keeping track of who downloads a proprietary program is a form of " "surveillance. There is a proprietary program for adjusting a certain " "telescopic rifle sight. <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/\"> " "A US prosecutor has demanded the list of all the 10,000 or more people who " "have installed it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With a free program there would not be a list of who has installed it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many unscrupulous mobile-app developers keep finding ways to <a " "href=\"https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/\"> " "bypass user's settings</a>, regulations, and privacy-enhancing features of " "the operating system, in order to gather as much private data as they " "possibly can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Thus, we can't trust rules against spying. What we can trust is having " "control over the software we run." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In spite of Apple's supposed commitment to privacy, iPhone apps contain " "trackers that are busy at night <a " "href=\"https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html\"> " "sending users' personal information to third parties</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, " "Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the " "crime-alert service Citizen, Yelp and DoorDash. But it is likely that most " "nonfree apps contain trackers. Some of these send personally identifying " "data such as phone fingerprint, exact location, email address, phone number " "or even delivery address (in the case of DoorDash). Once this information is " "collected by the company, there is no telling what it will be used for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BlizzCon 2019 imposed a <a " "href=\"https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/\"> " "requirement to run a proprietary phone app</a> to be allowed into the event." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This app is a spyware that can snoop on a lot of sensitive data, including " "user's location and contact list, and has <a " "href=\"https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/\"> " "near-complete control</a> over the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Data collected by menstrual and pregnancy monitoring apps is often <a " "href=\"https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance\"> " "available to employers and insurance companies</a>. Even though the data is " "“anonymized and aggregated,” it can easily be traced back to the " "woman who uses the app." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This has harmful implications for women's rights to equal employment and " "freedom to make their own pregnancy choices. Don't use these apps, even if " "someone offers you a reward to do so. A free-software app that does more or " "less the same thing without spying on you is available from <a " "href=\"https://search.f-droid.org/?q=menstr\">F-Droid</a>, and <a " "href=\"https://web.archive.org/web/20231230011724/https://dcs.megaphone.fm/BLM6228935164.mp3?key=23a58d3f686794e6d8b8678a5204887b&request_event_id=36469053-3d0b-4724-bf2d-6dbeeeac282e\"> " "a new one is being developed</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android phones come with a huge number of <a " "href=\"https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html\"> " "preinstalled nonfree apps that have access to sensitive data without users' " "knowledge</a>. These hidden apps may either call home with the data, or pass " "it on to user-installed apps that have access to the network but no direct " "access to the data. This results in massive surveillance on which the user " "has absolutely no control." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The MoviePass dis-service <a " "href=\"https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/\"> " "is planning to use face recognition to track people's eyes</a> to make sure " "they won't put their phones down or look away during ads—and trackers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A study of 24 “health” apps found that 19 of them <a " "href=\"https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows\"> " "send sensitive personal data to third parties</a>, which can use it for " "invasive advertising or discriminating against people in poor medical " "condition." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Whenever user “consent” is sought, it is buried in lengthy terms " "of service that are difficult to understand. In any case, " "“consent” is not sufficient to legitimize snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook offered a convenient proprietary library for building mobile apps, " "which also <a " "href=\"https://boingboing.net/2019/02/23/surveillance-zucksterism.html\"> " "sent personal data to Facebook</a>. Lots of companies built apps that way " "and released them, apparently not realizing that all the personal data they " "collected would go to Facebook as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It shows that no one can trust a nonfree program, not even the developers of " "other nonfree programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The AppCensus database gives information on <a " "href=\"https://www.appcensus.io/\"> how Android apps use and misuse users' " "personal data</a>. As of March 2019, nearly 78,000 have been analyzed, of " "which 24,000 (31%) transmit the <a " "href=\"/proprietary/proprietary-surveillance.html#M201812290\"> Advertising " "ID</a> to other companies, and <a " "href=\"https://web.archive.org/web/20240501141046/https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/\"> " "18,000 (23% of the total) link this ID to hardware identifiers</a>, so that " "users cannot escape tracking by resetting it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Collecting hardware identifiers is in apparent violation of Google's " "policies. But it seems that Google wasn't aware of it, and, once informed, " "was in no hurry to take action. This proves that the policies of a " "development platform are ineffective at preventing nonfree software " "developers from including malware in their programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many nonfree apps have a surveillance feature for <a " "href=\"https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/\"> " "recording all the users' actions</a> in interacting with the app." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An investigation of the 150 most popular gratis VPN apps in Google Play " "found that <a " "href=\"https://www.top10vpn.com/research/free-vpn-investigations/risk-index/\"> " "25% fail to protect their users' privacy</a> due to DNS leaks. In addition, " "85% feature intrusive permissions or functions in their source " "code—often used for invasive advertising—that could potentially " "also be used to spy on users. Other technical flaws were found as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Moreover, a previous investigation had found that <a " "href=\"https://www.top10vpn.com/research/free-vpn-investigations/ownership/\">half " "of the top 10 gratis VPN apps have lousy privacy policies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that these articles talk about “free " "apps.” These apps are gratis, but they are <em>not</em> <a " "href=\"/philosophy/free-sw.html\">free software</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Weather Channel app <a " "href=\"https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling\"> " "stored users' locations to the company's server</a>. The company is being " "sued, demanding that it notify the users of what it will do with the data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We think that lawsuit is about a side issue. What the company does with the " "data is a secondary issue. The principal wrong here is that the company gets " "that data at all." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps\"> " "Other weather apps</a>, including Accuweather and WeatherBug, are tracking " "people's locations." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Around 40% of gratis Android apps <a " "href=\"https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report\"> " "report on the user's actions to Facebook</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Often they send the machine's “advertising ID,” so that Facebook " "can correlate the data it obtains from the same machine via various " "apps. Some of them send Facebook detailed information about the user's " "activities in the app; others only say that the user is using that app, but " "that alone is often quite informative." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "This spying occurs regardless of whether the user has a Facebook account." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's app got “consent” to <a " "href=\"https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent\"> " "upload call logs automatically from Android phones</a> while disguising what " "the “consent” was for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Android apps <a " "href=\"https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/\"> " "track the phones of users that have deleted them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Spanish football streaming app <a " "href=\"https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html\">tracks " "the user's movements and listens through the microphone</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "This makes them act as spies for licensing enforcement." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We expect it implements DRM, too—that there is no way to save a " "recording. But we can't be sure from the article." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you learn to care much less about sports, you will benefit in many " "ways. This is one more." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More than <a " "href=\"https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy\">50% " "of the 5,855 Android apps studied by researchers were found to snoop and " "collect information about its users</a>. 40% of the apps were found to " "insecurely snitch on its users. Furthermore, they could detect only some " "methods of snooping, in these proprietary apps whose source code they cannot " "look at. The other apps might be snooping in other ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is evidence that proprietary apps generally work against their users. " "To protect their privacy and freedom, Android users need to get rid of the " "proprietary software—both proprietary Android by <a " "href=\"https://replicant.us\">switching to Replicant</a>, and the " "proprietary apps by getting apps from the free software only <a " "href=\"https://f-droid.org/\">F-Droid store</a> that <a " "href=\"https://f-droid.org/docs/Anti-Features/\"> prominently warns the user " "if an app contains anti-features</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Grindr collects information about <a " "href=\"https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status\"> " "which users are HIV-positive, then provides the information to " "companies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Grindr should not have so much information about its users. It could be " "designed so that users communicate such info to each other but not to the " "server's database." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The moviepass app and dis-service spy on users even more than users " "expected. It <a " "href=\"https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/\">records " "where they travel before and after going to a movie</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be tracked—pay cash!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tracking software in popular Android apps is pervasive and sometimes very " "clever. Some trackers can <a " "href=\"https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/\"> " "follow a user's movements around a physical store by noticing WiFi " "networks</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "AI-powered driving apps can <a " "href=\"https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move\"> " "track your every move</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Sarahah app <a " "href=\"https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/\"> " "uploads all phone numbers and email addresses</a> in user's address book to " "developer's server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the words “<a " "href=\"/philosophy/free-sw.html\">free software</a>” referring to zero " "price.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "20 dishonest Android apps recorded <a " "href=\"https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/\">phone " "calls and sent them and text messages and emails to snoopers</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google did not intend to make these apps spy; on the contrary, it worked in " "various ways to prevent that, and deleted these apps after discovering what " "they did. So we cannot blame Google specifically for the snooping of these " "apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "On the other hand, Google redistributes nonfree Android apps, and therefore " "shares in the responsibility for the injustice of their being nonfree. It " "also distributes its own nonfree apps, such as Google Play, <a " "href=\"/philosophy/free-software-even-more-important.html\">which are " "malicious</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Could Google have done a better job of preventing apps from cheating? There " "is no systematic way for Google, or Android users, to inspect executable " "proprietary apps to see what they do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google could demand the source code for these apps, and study the source " "code somehow to determine whether they mistreat users in various ways. If it " "did a good job of this, it could more or less prevent such snooping, except " "when the app developers are clever enough to outsmart the checking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "But since Google itself develops malicious apps, we cannot trust Google to " "protect us. We must demand release of source code to the public, so we can " "depend on each other." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apps for BART <a " "href=\"https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/\"> " "snoop on users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "With free software apps, users could <em>make sure</em> that they don't " "snoop." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With proprietary apps, one can only hope that they don't." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A study found 234 Android apps that track users by <a " "href=\"https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/\">listening " "to ultrasound from beacons placed in stores or played by TV programs</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Faceapp appears to do lots of surveillance, judging by <a " "href=\"https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/\"> " "how much access it demands to personal data in the device</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users are suing Bose for <a " "href=\"https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/\"> " "distributing a spyware app for its headphones</a>. Specifically, the app " "would record the names of the audio files users listen to along with the " "headphone's unique serial number." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The suit accuses that this was done without the users' consent. If the fine " "print of the app said that users gave consent for this, would that make it " "acceptable? No way! It should be flat out <a " "href=\"/philosophy/surveillance-vs-democracy.html\"> illegal to design the " "app to snoop at all</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Pairs of Android apps can collude to transmit users' personal data to " "servers. <a " "href=\"https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/\">A " "study found tens of thousands of pairs that collude</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Verizon <a " "href=\"https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones\"> " "announced an opt-in proprietary search app that it will</a> pre-install on " "some of its phones. The app will give Verizon the same information about the " "users' searches that Google normally gets when they use its search engine." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Currently, the app is <a " "href=\"https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware\"> " "being pre-installed on only one phone</a>, and the user must explicitly " "opt-in before the app takes effect. However, the app remains " "spyware—an “optional” piece of spyware is still spyware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A computerized vibrator <a " "href=\"https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack\"> " "was snooping on its users through the proprietary control app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The app was reporting the temperature of the vibrator minute by minute " "(thus, indirectly, whether it was surrounded by a person's body), as well as " "the vibration frequency." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note the totally inadequate proposed response: a labeling standard with " "which manufacturers would make statements about their products, rather than " "free software which users could have checked and changed." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company that made the vibrator <a " "href=\"https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit\"> " "was sued for collecting lots of personal information about how people used " "it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company's statement that it was anonymizing the data may be true, but it " "doesn't really matter. If it had sold the data to a data broker, the data " "broker would have been able to figure out who the user was." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following this lawsuit, <a " "href=\"https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits\"> " "the company has been ordered to pay a total of C$4m</a> to its customers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Meitu photo-editing app <a " "href=\"https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/\">sends " "user data to a Chinese company</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Uber app tracks <a " "href=\"https://techcrunch.com/2016/11/28/uber-background-location-data-collection/\">clients' " "movements before and after the ride</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This example illustrates how “getting the user's consent” for " "surveillance is inadequate as a protection against massive surveillance." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A <a " "href=\"https://research.csiro.au/isp/wp-content/uploads/sites/106/2016/08/paper-1.pdf\"> " "research paper</a> that investigated the privacy and security of 283 Android " "VPN apps concluded that “in spite of the promises for privacy, " "security, and anonymity given by the majority of VPN apps—millions of " "users may be unawarely subject to poor security guarantees and abusive " "practices inflicted by VPN apps.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following is a non-exhaustive list, taken from the research paper, of some " "proprietary VPN apps that track users and infringe their privacy:" msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "SurfEasy" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Includes tracking libraries such as NativeX and Appflood, meant to track " "users and show them targeted ads." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "sFly Network Booster" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Requests the <code>READ_SMS</code> and <code>SEND_SMS</code> permissions " "upon installation, meaning it has full access to users' text messages." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "DroidVPN and TigerVPN" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Requests the <code>READ_LOGS</code> permission to read logs for other apps " "and also core system logs. TigerVPN developers have confirmed this." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "HideMyAss" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them " "over to the UK government if requested." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "VPN Services HotspotShield" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Injects JavaScript code into the HTML pages returned to the users. The " "stated purpose of the JS injection is to display ads. Uses roughly five " "tracking libraries. Also, it redirects the user's traffic through " "valueclick.com (an advertising website)." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "WiFi Protector VPN" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Injects JavaScript code into HTML pages, and also uses roughly five tracking " "libraries. Developers of this app have confirmed that the non-premium " "version of the app does JavaScript injection for tracking the user and " "displaying ads." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some portable phones <a " "href=\"https://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html\">are " "sold with spyware sending lots of data to China</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's new Magic Photo app <a " "href=\"https://www.theregister.com/2015/11/10/facebook_scans_camera_for_your_friends/\"> " "scans your mobile phone's photo collections for known faces</a>, and " "suggests you circulate the picture you take according to who is in the " "frame." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This spyware feature seems to require online access to some known-faces " "database, which means the pictures are likely to be sent across the wire to " "Facebook's servers and face-recognition algorithms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If so, none of Facebook users' pictures are private anymore, even if the " "user didn't “upload” them to the service." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's app listens all the time, <a " "href=\"https://www.independent.co.uk/tech/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html\">to " "snoop on what people are listening to or watching</a>. In addition, it may " "be analyzing people's conversations to serve them with targeted " "advertisements." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pregnancy test controller application not only can <a " "href=\"https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security\"> " "spy on many sorts of data in the phone, and in server accounts, it can alter " "them too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apps that include <a " "href=\"https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/\"> " "Symphony surveillance software snoop on what radio and TV programs are " "playing nearby</a>. Also on what users post on various sites such as " "Facebook, Google+ and Twitter." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The natural extension of monitoring people through “their” " "phones is <a " "href=\"https://news.northwestern.edu/stories/2016/01/fool-activity-tracker\"> " "proprietary software to make sure they can't “fool” the " "monitoring</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Cryptic communication,” unrelated to the app's functionality, " "was <a " "href=\"https://news.mit.edu/2015/data-transferred-android-apps-hiding-1119\"> " "found in the 500 most popular gratis Android apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article should not have described these apps as " "“free”—they are not free software. The clear way to say " "“zero price” is “gratis.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article takes for granted that the usual analytics tools are legitimate, " "but is that valid? Software developers have no right to analyze what users " "are doing or how. “Analytics” tools that snoop are just as " "wrong as any other snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More than 73% and 47% of mobile applications, for Android and iOS " "respectively <a href=\"https://techscience.org/a/2015103001/\">hand over " "personal, behavioral and location information</a> of their users to third " "parties." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "According to Edward Snowden, <a " "href=\"https://www.bbc.com/news/uk-34444233\">agencies can take over " "smartphones</a> by sending hidden text messages which enable them to turn " "the phones on and off, listen to the microphone, retrieve geo-location data " "from the GPS, take photographs, read text messages, read call, location and " "web browsing history, and read the contact list. This malware is designed to " "disguise itself from investigation." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Like most “music screaming” disservices, Spotify is based on " "proprietary malware (DRM and snooping). In August 2015 it <a " "href=\"https://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy\"> " "demanded users submit to increased snooping</a>, and some are starting to " "realize that it is nasty." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This article shows the <a " "href=\"https://www.theregister.com/2015/08/21/spotify_worse_than_the_nsa/\"> " "twisted ways that they present snooping as a way to “serve” " "users better</a>—never mind whether they want that. This is a typical " "example of the attitude of the proprietary software industry towards those " "they have subjugated." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Out, out, damned Spotify!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many retail businesses publish cr…apps that ask to <a " "href=\"https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/\"> " "spy on the user's own data</a>—often many kinds." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Those companies know that snoop-phone usage trains people to say yes to " "almost any snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones come with <a " "href=\"https://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/\">apps " "that users can't delete</a>, and they send so much data that their " "transmission is a substantial expense for users. Said transmission, not " "wanted or requested by the user, clearly must constitute spying of some " "kind." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf\"> " "A study in 2015</a> found that 90% of the top-ranked gratis proprietary " "Android apps contained recognizable tracking libraries. For the paid " "proprietary apps, it was only 60%." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article confusingly describes gratis apps as “free”, but " "most of them are not in fact <a href=\"/philosophy/free-sw.html\">free " "software</a>. It also uses the ugly word “monetize”. A good " "replacement for that word is “exploit”; nearly always that will " "fit perfectly." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Gratis Android apps (but not <a href=\"/philosophy/free-sw.html\">free " "software</a>) connect to 100 <a " "href=\"https://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites\">tracking " "and advertising</a> URLs, on the average." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Widely used <a " "href=\"https://freedom-to-tinker.com/2015/04/06/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/\">proprietary " "QR-code scanner apps snoop on the user</a>. This is in addition to the " "snooping done by the phone company, and perhaps by the OS in the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Don't be distracted by the question of whether the app developers get users " "to say “I agree”. That is no excuse for malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary apps for mobile devices report which other apps the user " "has installed. <a " "href=\"https://techcrunch.com/2014/11/26/twitter-app-graph/\">Twitter is " "doing this in a way that at least is visible and optional</a>. Not as bad as " "what the others do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/proprietary-back-doors.html#samsung\"> Samsung's back " "door</a> provides access to any file on the system." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Simeji keyboard is a smartphone version of Baidu's <a " "href=\"/proprietary/proprietary-surveillance.html#baidu-ime\">spying <abbr " "title=\"Input Method Editor\">IME</abbr></a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The nonfree Snapchat app's principal purpose is to restrict the use of data " "on the user's computer, but it does surveillance too: <a " "href=\"https://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers\"> " "it tries to get the user's list of other people's phone numbers</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Brightest Flashlight app <a " "href=\"https://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers\"> " "sends user data, including geolocation, for use by companies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC criticized this app because it asked the user to approve sending " "personal data to the app developer but did not ask about sending it to other " "companies. This shows the weakness of the reject-it-if-you-dislike-snooping " "“solution” to surveillance: why should a flashlight app send any " "information to anyone? A free software flashlight app would not." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Portable phones with GPS <a " "href=\"https://www.aclu.org/issues/privacy-technology/location-tracking/you-are-being-tracked\"> " "will send their GPS location on remote command, and users cannot stop " "them</a>. (The US says it will eventually require all new portable phones to " "have GPS.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FTC says most mobile apps for children don't respect privacy: <a " "href=\"https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/\"> " "https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some manufacturers add a <a " "href=\"https://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/\"> " "hidden general surveillance package such as Carrier IQ</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Jails" msgstr "" #. type: Content of: <div><div><p> msgid "Jails are systems that impose censorship on application programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20190917162027/https://www.itworld.com/article/2832657/microsoft-metro-app-store-lock-down.html\"> " "Windows 8 on “mobile devices” (now defunct) was a jail</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Tyrants" msgstr "" #. type: Content of: <div><div><p> msgid "" "Tyrants are systems that reject any operating system not " "“authorized” by the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/\"> " "Mobile devices that come with Windows 8 are tyrants</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2014-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""

# LANGUAGE translation of https://www.gnu.org/proprietary/malware-mobiles.html # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the original article. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: malware-mobiles.html\n" "POT-Creation-Date: 2025-03-16 17:26+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: msgid "Malware in Mobile Devices - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "product /" msgstr "" #. type: Content of: <div><h2> msgid "Malware in Mobile Devices" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "Nearly all mobile phones do two grievous wrongs to their users: tracking " "their movements, and listening to their conversations. This is why we call " "them “Stalin's dream”." msgstr "" #. type: Content of: <div><div><p> msgid "" "Tracking users' location is a consequence of how the cellular network " "operates: it needs to know which cell towers the phone is near, so it can " "communicate with the phone via a nearby tower. That gives the network " "location data which it saves for months or years. See <a " "href=\"#phone-communications\">below</a>." msgstr "" #. type: Content of: <div><div><p> msgid "" "Listening to conversations works by means of a universal <a " "href=\"#universal-back-door-phone-modem\">back door</a> in the software of " "the processor that communicates with the phone network." msgstr "" #. type: Content of: <div><div><p> msgid "" "In addition, the nonfree operating systems for “smart” phones " "have specific malicious functionalities, described in <a " "href=\"/proprietary/malware-apple.html\">Apple's Operating Systems are " "Malware</a> and <a href=\"/proprietary/malware-google.html\">Google's " "Software Is Malware</a> respectively." msgstr "" #. type: Content of: <div><div><p> msgid "Many phone apps are malicious, too. See <a href=\"#TOC\">below</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Network location tracking" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "This section describes a malicious characteristic of mobile phone networks: " "location tracking. The phone network <a " "href=\"https://ssd.eff.org/playlist/privacy-breakdown-mobile-phones\"> " "tracks the movements of each phone</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Strictly speaking, this tracking is not implemented by any specific software " "code; it is inherent in the cellular network technology. The network needs " "to know which cell towers the phone is near, so it can communicate with the " "phone via a nearby tower. There is no technical way to block or avoid the " "tracking and still have cellular communication with today's cellular " "networks." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Networks do not limit themselves to using that data momentarily. Many " "countries (including the US and the EU) require the network to store all " "location data for months or years, and while stored it is available for " "whatever use the network permits, or the State requires. This can put the " "user in great danger." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "US states that ban abortion talk about making it a crime to go to another " "state to get an abortion. They could <a " "href=\"https://www.cnn.com/2022/08/29/tech/wireless-carriers-locations-fcc/index.html\"> " "use various forms of location tracking, including the network, to prosecute " "abortion-seekers</a>. The state could subpoena the data, so that the " "network's “privacy” policy would be irrelevant." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "That article explains why wireless networks collect location data, one " "unavoidable reason and one avoidable (emergency calls). It also explains " "some of the many ways the location data are used." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "Networks should never do localization for emergency calls except when you " "make an emergency call, or when there is a court order to do so. It should " "be illegal for a network to do precise localization (the kind needed for " "emergency calls) except to handle an emergency call, and if a network does " "so illegally, it should be required to inform the owner of the phone in " "writing on paper, with an apology." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "The authorities in Venice track the <a " "href=\"https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html\"> " "movements of all tourists</a> using their portable phones. The article says " "that <em>at present</em> the system is configured to report only aggregated " "information. But that could be changed. What will that system do 10 years " "from now? What will a similar system in another country do? Those are the " "questions this raises." msgstr "" #. type: Content of: <div><div><div><ul><li><p> msgid "" "Network location tracking is used, among other techniques, for <a " "href=\"https://www.linkedin.com/pulse/location-based-advertising-has-starbucks-coupon-finally-john-craig\"> " "targeted advertising</a>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Designs for networks that wouldn't track phones have been developed, but " "using those methods would call for new networks as well as new phones." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Types of malware in mobiles" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#addictions\">Addictions</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#back-doors\">Back doors</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#deception\">Deception</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#drm\">DRM</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#insecurity\">Insecurity</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#interference\">Interference</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#jails\">Jails</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#manipulation\">Manipulation</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#sabotage\">Sabotage</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#surveillance\">Surveillance</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#tyrants\">Tyrants</a>" msgstr "" #. type: Content of: <div><div><h3> msgid "Addictions" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/lifeandstyle/2024/nov/03/addicted-to-love-how-dating-apps-exploit-their-users\">Dating " "apps exploit their users</a>; fundamental features require an expensive " "subscription, and they are designed to be addictive." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many popular mobile games include a random-reward system called <a " "href=\"/proprietary/proprietary-addictions.html#gacha\"> <i>gacha</i></a> " "which is especially effective on children. One variant of gacha was declared " "illegal in Japan in 2012, but the other variants are still <a " "href=\"https://www.forbes.com/sites/olliebarder/2016/04/04/japanese-mobile-gaming-still-cant-shake-off-the-spectre-of-exploitation/\"> " "luring players into compulsively spending</a> inordinate amounts of money on " "virtual toys." msgstr "" #. type: Content of: <div><div><h3> msgid "Back Doors" msgstr "" #. type: Content of: <div><div><p> msgid "" "Almost every phone's communication processor has a universal back door which " "is <a " "href=\"https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html\"> " "often used to make a phone transmit all conversations it hears</a>." msgstr "" #. type: Content of: <div><div><p> msgid "" "The back door <a class=\"not-a-duplicate\" " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "may take the form of bugs that have gone 20 years unfixed</a>. The choice " "to leave the security holes in place is morally equivalent to writing a back " "door." msgstr "" #. type: Content of: <div><div><p> msgid "" "The back door is in the “modem processor”, whose job is to " "communicate with the radio network. In most phones, the modem processor " "controls the microphone. In most phones it has the power to rewrite the " "software for the main processor too." msgstr "" #. type: Content of: <div><div><p> msgid "" "A few phone models are specially designed so that the modem processor does " "not control the microphone, and so that it can't change the software in the " "main processor. They still have the back door, but at least it is unable to " "turn the phone unto a listening device." msgstr "" #. type: Content of: <div><div><p> msgid "" "The universal back door is apparently also used to make phones <a " "href=\"http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html\"> " "transmit even when they are turned off</a>. This means their movements are " "tracked, and may also make the listening feature work." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android phones subsidized by the US government come with <a " "href=\"https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/\"> " "preinstalled adware and a back door for forcing installation of apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The adware is in a modified version of an essential system configuration " "app. The back door is a surreptitious addition to a program whose stated " "purpose is to be a <a " "href=\"https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/\"> " "universal back door for firmware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, a program whose raison d'être is malicious has a secret " "secondary malicious purpose. All this is in addition to the malware of " "Android itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A very popular app found in the Google Play store contained a module that " "was designed to <a " "href=\"https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/\">secretly " "install malware on the user's computer</a>. The app developers regularly " "used it to make the computer download and execute any code they wanted." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is a concrete example of what users are exposed to when they run " "nonfree apps. They can never be completely sure that a nonfree app is safe." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones come with <a " "href=\"https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/\"> " "a universal back door in the application processor, for Xiaomi's use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is separate from <a href=\"#universal-back-door-phone-modem\">the " "universal back door in the modem processor that the local phone company can " "use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu's proprietary Android library, Moplus, has a back door that <a " "href=\"https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made\"> " "can “upload files” as well as forcibly install apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It is used by 14,000 Android applications." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor\"> " "A Chinese version of Android has a universal back door</a>. Nearly all " "models of mobile phones have a <a href=\"#universal-back-door-phone-modem\"> " "universal back door in the modem chip</a>. So why did Coolpad bother to " "introduce another? Because this one is controlled by Coolpad." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor\"> " "Samsung Galaxy devices running proprietary Android versions come with a back " "door</a> that provides remote access to the files stored on the device." msgstr "" #. type: Content of: <div><div><h3> msgid "Deception" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps fool their users by asking them to decide what permissions " "to give the program, and then <a " "href=\"https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/\"> " "bypassing these permissions</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Android system is supposed to prevent data leaks by running apps in " "isolated sandboxes, but developers have found ways to access the data by " "other means, and there is nothing the user can do to stop them from doing " "so, since both the system and the apps are nonfree." msgstr "" #. type: Content of: <div><div><h3> msgid "DRM" msgstr "" #. type: Content of: <div><div><p> msgid "" "Digital restrictions management, or “DRM,” refers to " "functionalities designed to restrict what users can do with the data in " "their computers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Netflix Android app <a " "href=\"https://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/\"> " "forces the use of Google DNS</a>. This is one of the methods that Netflix " "uses to enforce the geolocation restrictions dictated by the movie studios." msgstr "" #. type: Content of: <div><div><h3> msgid "Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "These bugs are/were not intentional, so unlike the rest of the file they do " "not count as malware. We mention them to refute the supposition that " "prestigious proprietary software doesn't have grave bugs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A security researcher found that the iOS in-app browser of TikTok <a " "href=\"https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows\"> " "injects keylogger-like JavaScript code into outside web pages</a>. This code " "has the ability to track all users' activities, and to retrieve any personal " "data that is entered on the pages. We have no way of verifying TikTok's " "claim that the keylogger-like code only serves purely technical " "functions. Some of the accessed data could well be saved to the company's " "servers, and even sent to third parties. This would open the door to " "extensive surveillance, including by the Chinese government (to which TikTok " "has indirect ties). There is also a risk that the data would be stolen by " "crackers, and used to launch malware attacks." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iOS in-app browsers of Instagram and Facebook behave essentially the " "same way as TikTok's. The main difference is that Instagram and Facebook " "allow users to access third-party sites with their default browser, whereas " "<a " "href=\"https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/\"> " "TikTok makes it nearly impossible</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The researcher didn't study the Android versions of in-app browsers, but we " "have no reason to assume they are safer than the iOS versions." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Please note that the article wrongly refers to crackers as " "“hackers.”</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "nonfree firmware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A half-blind security critique of a tracking app: it found that <a " "href=\"https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/\"> " "blatant flaws allowed anyone to snoop on a user's personal data</a>. The " "critique fails entirely to express concern that the app sends the personal " "data to a server, where the <em>developer</em> gets it all. This " "“service” is for suckers!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The server surely has a “privacy policy,” and surely it is " "worthless since nearly all of them are." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Interference" msgstr "" #. type: Content of: <div><div><p> msgid "" "This section gives examples of mobile apps harassing or annoying the user, " "or causing trouble for the user. These actions are like sabotage but the " "word “sabotage” is too strong for them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20231011121908/https://www.makeuseof.com/how-to-remove-ads-on-samsung/\">Samsung's " "Push Service proprietary app</a> sends notifications to the user's phone " "about “updates” in Samsung apps, including the Gaming Hub, but " "these updates only sometimes have to do with a new version of the apps. Many " "times, the notifications from Gaming Hub are simply ads for games that they " "think the user should install based on the data collected from the " "user. Most importantly, <a " "href=\"https://web.archive.org/web/20240305093416/https://getfastanswer.com/3486/how-to-remove-samsung-push-service-on-a-smartphone\">it " "cannot be permanently disabled.</a>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/\">WeddingWire " "app saves people's wedding photos forever and hands over data to others</a>, " "giving users no control over their personal information/data. The app also " "sometimes shows old photos and memories to users, without giving them any " "control over this either." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones come preloaded with <a " "href=\"https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook\"> " "a version of the Facebook app that can't be deleted</a>. <a " "href=\"https://www.infopackets.com/news/10484/truth-behind-undeletable-facebook-app\"> " "Facebook claims this is a stub</a> which doesn't do anything, but we have to " "take their word for it, and there is the permanent risk that the app will be " "activated by an automatic update." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Preloading crapware along with a nonfree operating system is common " "practice, but by making the crapware undeletable, Facebook and Samsung (<a " "class=\"not-a-duplicate\" " "href=\"https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook\">among " "others</a>) are going one step further in their hijacking of users' " "devices." msgstr "" #. type: Content of: <div><div><h3> msgid "Manipulation" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Femm “fertility” app is secretly a <a " "href=\"https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners\"> " "tool for propaganda</a> by natalist Christians. It spreads distrust for " "contraception." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It snoops on users, too, as you must expect from nonfree programs." msgstr "" #. type: Content of: <div><div><h3> msgid "Sabotage" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html\">To " "block non-Apple repairs, Apple encodes the iMonster serial number in the " "original parts</a>. This is called “parts pairing”. Swapping " "parts between working iMonsters of the same model causes malfunction or " "disabling of some functionalities. Part replacement may also trigger " "persistent alerts, unless it is done by an Apple store." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A new app published by Google <a " "href=\"https://www.xda-developers.com/google-device-lock-controller-banks-payments/\">lets " "banks and creditors deactivate people's Android devices</a> if they fail to " "make payments. If someone's device gets deactivated, it will be limited to " "basic functionality, such as emergency calling and access to settings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung is forcing its smartphone users in Hong Kong (and Macau) <a " "href=\"https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/\">to " "use a public DNS in Mainland China</a>, using software update released in " "September 2020, which causes many unease and privacy concerns." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Twenty nine “beauty camera” apps that used to be on Google Play " "had one or more malicious functionalities, such as stealing users' photos " "instead of “beautifying” them, <a " "href=\"https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/\"> " "pushing unwanted and often malicious ads on users, and redirecting them to " "phishing sites</a> that stole their credentials. Furthermore, the user " "interface of most of them was designed to make uninstallation difficult." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users should of course uninstall these dangerous apps if they haven't yet, " "but they should also stay away from nonfree apps in general. <em>All</em> " "nonfree apps carry a potential risk because there is no easy way of knowing " "what they really do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple and Samsung deliberately <a " "href=\"https://www.theguardian.com/technology/2018/oct/24/apple-samsung-fined-for-slowing-down-phones\">degrade " "the performance of older phones to force users to buy their newer " "phones</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Surveillance" msgstr "" #. type: Content of: <div><div><p> msgid "" "See above for the general universal back door in essentially all mobile " "phones, which permits converting them into <a class=\"not-a-duplicate\" " "href=\"#universal-back-door-phone-modem\"> full-time listening devices</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Pixel 9 “smart”phone <a " "href=\"https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/\"> " "frequently updates Google servers with its location and current " "configuration</a> along with personally identifiable data, raising concerns " "about user privacy. Moreover, it communicates with services that are not in " "use, and periodically attempts to download experimental, possibly insecure " "software. The system does not inform the user that it is doing all this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "There is hope, however: it is possible to <a " "href=\"https://doc.e.foundation/devices\"> replace the original Android " "operating system with a deGoogled version</a> in Pixel phones up to 8a, and " "in phones from many other brands. No doubt that the Pixel 9 will be " "supported soon." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Yandex company has started to <a " "href=\"https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b\"> " "give away Yango taxi ride data to Russia's Federal Security Service " "(FSB)</a>. The Russian government (and whoever else receives the the data) " "thus has access to a wealth of personal information, including who traveled " "where, when, and with which driver. Yandex <a " "href=\"https://yandex.ru/legal/confidential/?lang=en\"> claims that it " "complies with European regulations</a> for data collected in the European " "Economic Area, Switzerland or Israel. But what about the rest of the world?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Pinduoduo app <a " "href=\"https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html\"> " "snoops on other apps, and takes control of them</a>. It also installs " "additional malware that is hard to remove." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Canada has fined the company Tim Hortons for making <a " "href=\"https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/\"> " "an app that tracks people's movements</a> to learn things such as where they " "live, where they work, and when they visit competitors' stores." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The data broker X-Mode <a " "href=\"https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker\">bought " "location data about 20,000 people collected by around 100 different " "malicious apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows\">Almost " "all proprietary health apps harvest users' data</a>, including sensitive " "health information, tracking identifiers, and cookies to track user " "activities. Some of these applications are tracking users across different " "platforms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/\">TikTok " "apps collect biometric identifiers and biometric information from users' " "smartphones</a>. The company behind it does whatever it wants and collects " "whatever data it can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary program Clubhouse is malware and a privacy " "disaster. Clubhouse <a " "href=\"https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble\">collects " "people's personal data such as recordings of people's conversations</a>, " "and, as a secondary problem, does not encrypt them, which shows a bad " "security part of the issue." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A user's unique Clubhouse ID number and chatroom ID are transmitted in " "plaintext, and Agora (the company behind the app) would likely have access " "to users' raw audio, potentially providing access to the Chinese government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even with good security of data transmission, collecting personal data of " "people is wrong and a violation of people's privacy rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many cr…apps, developed by various companies for various " "organizations, do <a " "href=\"https://www.expressvpn.com/digital-security-lab/investigation-xoth\"> " "location tracking unknown to those companies and those organizations</a>. " "It's actually some widely used libraries that do the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What's unusual here is that proprietary software developer A tricks " "proprietary software developers B1 … B50 into making platforms for A " "to mistreat the end user." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu apps were <a " "href=\"https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/\"> " "caught collecting sensitive personal data</a> that can be used for lifetime " "tracking of users, and putting them in danger. More than 1.4 billion people " "worldwide are affected by these proprietary apps, and users' privacy is " "jeopardized by this surveillance tool. Data collected by Baidu may be handed " "over to the Chinese government, possibly putting Chinese people in danger." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most apps are malware, but Trump's campaign app, like Modi's campaign app, " "is <a " "href=\"https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/\"> " "especially nasty malware, helping companies snoop on users as well as " "snooping on them itself</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article says that Biden's app has a less manipulative overall approach, " "but that does not tell us whether it has functionalities we consider " "malicious, such as sending data the user has not explicitly asked to send." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/\">report " "many actions the user takes</a>: starting an app, looking at a folder, " "visiting a website, listening to a song. They send device identifying " "information too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Other nonfree programs snoop too. For instance, Spotify and other streaming " "dis-services make a dossier about each user, and <a " "href=\"/malware/proprietary-surveillance.html#M201508210\"> they make users " "identify themselves to pay</a>. Out, out, damned Spotify!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Forbes exonerates the same wrongs when the culprits are not Chinese, but we " "condemn this no matter who does it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google, Apple, and Microsoft (and probably some other companies) <a " "href=\"https://www.lifewire.com/wifi-positioning-system-1683343\">are " "collecting people's access points and GPS coordinates (which can identify " "people's precise location) even if their GPS is turned off</a>, without the " "person's consent, using proprietary software implemented in person's " "smartphone. Though merely asking for permission would not necessarily " "legitimize this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Alipay Health Code app estimates whether the user has Covid-19 and <a " "href=\"https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html\"> " "tells the cops directly</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The ToToc messaging app seems to be a <a " "href=\"https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html\"> " "spying tool for the government of the United Arab Emirates</a>. Any nonfree " "program could be doing this, and that is a good reason to use free software " "instead." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note: this article uses the word “free” in the sense of " "“gratis.”</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "iMonsters and Android phones, when used for work, give employers powerful <a " "href=\"https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy\"> " "snooping and sabotage capabilities</a> if they install their own software on " "the device. Many employers demand to do this. For the employee, this is " "simply nonfree software, as fundamentally unjust and as dangerous as any " "other nonfree software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Facebook app <a " "href=\"https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/\"> " "tracks users even when it is turned off</a>, after tricking them into giving " "the app broad permissions in order to use one of its functionalities." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some nonfree period-tracking apps including MIA Fem and Maya <a " "href=\"https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem\"> " "send intimate details of users' lives to Facebook</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Keeping track of who downloads a proprietary program is a form of " "surveillance. There is a proprietary program for adjusting a certain " "telescopic rifle sight. <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/\"> " "A US prosecutor has demanded the list of all the 10,000 or more people who " "have installed it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With a free program there would not be a list of who has installed it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many unscrupulous mobile-app developers keep finding ways to <a " "href=\"https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/\"> " "bypass user's settings</a>, regulations, and privacy-enhancing features of " "the operating system, in order to gather as much private data as they " "possibly can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Thus, we can't trust rules against spying. What we can trust is having " "control over the software we run." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In spite of Apple's supposed commitment to privacy, iPhone apps contain " "trackers that are busy at night <a " "href=\"https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html\"> " "sending users' personal information to third parties</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, " "Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the " "crime-alert service Citizen, Yelp and DoorDash. But it is likely that most " "nonfree apps contain trackers. Some of these send personally identifying " "data such as phone fingerprint, exact location, email address, phone number " "or even delivery address (in the case of DoorDash). Once this information is " "collected by the company, there is no telling what it will be used for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BlizzCon 2019 imposed a <a " "href=\"https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/\"> " "requirement to run a proprietary phone app</a> to be allowed into the event." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This app is a spyware that can snoop on a lot of sensitive data, including " "user's location and contact list, and has <a " "href=\"https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/\"> " "near-complete control</a> over the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Data collected by menstrual and pregnancy monitoring apps is often <a " "href=\"https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance\"> " "available to employers and insurance companies</a>. Even though the data is " "“anonymized and aggregated,” it can easily be traced back to the " "woman who uses the app." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This has harmful implications for women's rights to equal employment and " "freedom to make their own pregnancy choices. Don't use these apps, even if " "someone offers you a reward to do so. A free-software app that does more or " "less the same thing without spying on you is available from <a " "href=\"https://search.f-droid.org/?q=menstr\">F-Droid</a>, and <a " "href=\"https://web.archive.org/web/20231230011724/https://dcs.megaphone.fm/BLM6228935164.mp3?key=23a58d3f686794e6d8b8678a5204887b&request_event_id=36469053-3d0b-4724-bf2d-6dbeeeac282e\"> " "a new one is being developed</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android phones come with a huge number of <a " "href=\"https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html\"> " "preinstalled nonfree apps that have access to sensitive data without users' " "knowledge</a>. These hidden apps may either call home with the data, or pass " "it on to user-installed apps that have access to the network but no direct " "access to the data. This results in massive surveillance on which the user " "has absolutely no control." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The MoviePass dis-service <a " "href=\"https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/\"> " "is planning to use face recognition to track people's eyes</a> to make sure " "they won't put their phones down or look away during ads—and trackers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A study of 24 “health” apps found that 19 of them <a " "href=\"https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows\"> " "send sensitive personal data to third parties</a>, which can use it for " "invasive advertising or discriminating against people in poor medical " "condition." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Whenever user “consent” is sought, it is buried in lengthy terms " "of service that are difficult to understand. In any case, " "“consent” is not sufficient to legitimize snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook offered a convenient proprietary library for building mobile apps, " "which also <a " "href=\"https://boingboing.net/2019/02/23/surveillance-zucksterism.html\"> " "sent personal data to Facebook</a>. Lots of companies built apps that way " "and released them, apparently not realizing that all the personal data they " "collected would go to Facebook as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It shows that no one can trust a nonfree program, not even the developers of " "other nonfree programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The AppCensus database gives information on <a " "href=\"https://www.appcensus.io/\"> how Android apps use and misuse users' " "personal data</a>. As of March 2019, nearly 78,000 have been analyzed, of " "which 24,000 (31%) transmit the <a " "href=\"/proprietary/proprietary-surveillance.html#M201812290\"> Advertising " "ID</a> to other companies, and <a " "href=\"https://web.archive.org/web/20240501141046/https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/\"> " "18,000 (23% of the total) link this ID to hardware identifiers</a>, so that " "users cannot escape tracking by resetting it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Collecting hardware identifiers is in apparent violation of Google's " "policies. But it seems that Google wasn't aware of it, and, once informed, " "was in no hurry to take action. This proves that the policies of a " "development platform are ineffective at preventing nonfree software " "developers from including malware in their programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many nonfree apps have a surveillance feature for <a " "href=\"https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/\"> " "recording all the users' actions</a> in interacting with the app." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An investigation of the 150 most popular gratis VPN apps in Google Play " "found that <a " "href=\"https://www.top10vpn.com/research/free-vpn-investigations/risk-index/\"> " "25% fail to protect their users' privacy</a> due to DNS leaks. In addition, " "85% feature intrusive permissions or functions in their source " "code—often used for invasive advertising—that could potentially " "also be used to spy on users. Other technical flaws were found as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Moreover, a previous investigation had found that <a " "href=\"https://www.top10vpn.com/research/free-vpn-investigations/ownership/\">half " "of the top 10 gratis VPN apps have lousy privacy policies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that these articles talk about “free " "apps.” These apps are gratis, but they are <em>not</em> <a " "href=\"/philosophy/free-sw.html\">free software</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Weather Channel app <a " "href=\"https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling\"> " "stored users' locations to the company's server</a>. The company is being " "sued, demanding that it notify the users of what it will do with the data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We think that lawsuit is about a side issue. What the company does with the " "data is a secondary issue. The principal wrong here is that the company gets " "that data at all." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps\"> " "Other weather apps</a>, including Accuweather and WeatherBug, are tracking " "people's locations." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Around 40% of gratis Android apps <a " "href=\"https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report\"> " "report on the user's actions to Facebook</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Often they send the machine's “advertising ID,” so that Facebook " "can correlate the data it obtains from the same machine via various " "apps. Some of them send Facebook detailed information about the user's " "activities in the app; others only say that the user is using that app, but " "that alone is often quite informative." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "This spying occurs regardless of whether the user has a Facebook account." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's app got “consent” to <a " "href=\"https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent\"> " "upload call logs automatically from Android phones</a> while disguising what " "the “consent” was for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Android apps <a " "href=\"https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/\"> " "track the phones of users that have deleted them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Spanish football streaming app <a " "href=\"https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html\">tracks " "the user's movements and listens through the microphone</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "This makes them act as spies for licensing enforcement." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We expect it implements DRM, too—that there is no way to save a " "recording. But we can't be sure from the article." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you learn to care much less about sports, you will benefit in many " "ways. This is one more." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More than <a " "href=\"https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy\">50% " "of the 5,855 Android apps studied by researchers were found to snoop and " "collect information about its users</a>. 40% of the apps were found to " "insecurely snitch on its users. Furthermore, they could detect only some " "methods of snooping, in these proprietary apps whose source code they cannot " "look at. The other apps might be snooping in other ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is evidence that proprietary apps generally work against their users. " "To protect their privacy and freedom, Android users need to get rid of the " "proprietary software—both proprietary Android by <a " "href=\"https://replicant.us\">switching to Replicant</a>, and the " "proprietary apps by getting apps from the free software only <a " "href=\"https://f-droid.org/\">F-Droid store</a> that <a " "href=\"https://f-droid.org/docs/Anti-Features/\"> prominently warns the user " "if an app contains anti-features</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Grindr collects information about <a " "href=\"https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status\"> " "which users are HIV-positive, then provides the information to " "companies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Grindr should not have so much information about its users. It could be " "designed so that users communicate such info to each other but not to the " "server's database." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The moviepass app and dis-service spy on users even more than users " "expected. It <a " "href=\"https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/\">records " "where they travel before and after going to a movie</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be tracked—pay cash!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tracking software in popular Android apps is pervasive and sometimes very " "clever. Some trackers can <a " "href=\"https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/\"> " "follow a user's movements around a physical store by noticing WiFi " "networks</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "AI-powered driving apps can <a " "href=\"https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move\"> " "track your every move</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Sarahah app <a " "href=\"https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/\"> " "uploads all phone numbers and email addresses</a> in user's address book to " "developer's server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the words “<a " "href=\"/philosophy/free-sw.html\">free software</a>” referring to zero " "price.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "20 dishonest Android apps recorded <a " "href=\"https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/\">phone " "calls and sent them and text messages and emails to snoopers</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google did not intend to make these apps spy; on the contrary, it worked in " "various ways to prevent that, and deleted these apps after discovering what " "they did. So we cannot blame Google specifically for the snooping of these " "apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "On the other hand, Google redistributes nonfree Android apps, and therefore " "shares in the responsibility for the injustice of their being nonfree. It " "also distributes its own nonfree apps, such as Google Play, <a " "href=\"/philosophy/free-software-even-more-important.html\">which are " "malicious</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Could Google have done a better job of preventing apps from cheating? There " "is no systematic way for Google, or Android users, to inspect executable " "proprietary apps to see what they do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google could demand the source code for these apps, and study the source " "code somehow to determine whether they mistreat users in various ways. If it " "did a good job of this, it could more or less prevent such snooping, except " "when the app developers are clever enough to outsmart the checking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "But since Google itself develops malicious apps, we cannot trust Google to " "protect us. We must demand release of source code to the public, so we can " "depend on each other." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apps for BART <a " "href=\"https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/\"> " "snoop on users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "With free software apps, users could <em>make sure</em> that they don't " "snoop." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With proprietary apps, one can only hope that they don't." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A study found 234 Android apps that track users by <a " "href=\"https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/\">listening " "to ultrasound from beacons placed in stores or played by TV programs</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Faceapp appears to do lots of surveillance, judging by <a " "href=\"https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/\"> " "how much access it demands to personal data in the device</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users are suing Bose for <a " "href=\"https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/\"> " "distributing a spyware app for its headphones</a>. Specifically, the app " "would record the names of the audio files users listen to along with the " "headphone's unique serial number." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The suit accuses that this was done without the users' consent. If the fine " "print of the app said that users gave consent for this, would that make it " "acceptable? No way! It should be flat out <a " "href=\"/philosophy/surveillance-vs-democracy.html\"> illegal to design the " "app to snoop at all</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Pairs of Android apps can collude to transmit users' personal data to " "servers. <a " "href=\"https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/\">A " "study found tens of thousands of pairs that collude</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Verizon <a " "href=\"https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones\"> " "announced an opt-in proprietary search app that it will</a> pre-install on " "some of its phones. The app will give Verizon the same information about the " "users' searches that Google normally gets when they use its search engine." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Currently, the app is <a " "href=\"https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware\"> " "being pre-installed on only one phone</a>, and the user must explicitly " "opt-in before the app takes effect. However, the app remains " "spyware—an “optional” piece of spyware is still spyware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A computerized vibrator <a " "href=\"https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack\"> " "was snooping on its users through the proprietary control app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The app was reporting the temperature of the vibrator minute by minute " "(thus, indirectly, whether it was surrounded by a person's body), as well as " "the vibration frequency." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note the totally inadequate proposed response: a labeling standard with " "which manufacturers would make statements about their products, rather than " "free software which users could have checked and changed." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company that made the vibrator <a " "href=\"https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit\"> " "was sued for collecting lots of personal information about how people used " "it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company's statement that it was anonymizing the data may be true, but it " "doesn't really matter. If it had sold the data to a data broker, the data " "broker would have been able to figure out who the user was." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following this lawsuit, <a " "href=\"https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits\"> " "the company has been ordered to pay a total of C$4m</a> to its customers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Meitu photo-editing app <a " "href=\"https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/\">sends " "user data to a Chinese company</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Uber app tracks <a " "href=\"https://techcrunch.com/2016/11/28/uber-background-location-data-collection/\">clients' " "movements before and after the ride</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This example illustrates how “getting the user's consent” for " "surveillance is inadequate as a protection against massive surveillance." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A <a " "href=\"https://research.csiro.au/isp/wp-content/uploads/sites/106/2016/08/paper-1.pdf\"> " "research paper</a> that investigated the privacy and security of 283 Android " "VPN apps concluded that “in spite of the promises for privacy, " "security, and anonymity given by the majority of VPN apps—millions of " "users may be unawarely subject to poor security guarantees and abusive " "practices inflicted by VPN apps.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following is a non-exhaustive list, taken from the research paper, of some " "proprietary VPN apps that track users and infringe their privacy:" msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "SurfEasy" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Includes tracking libraries such as NativeX and Appflood, meant to track " "users and show them targeted ads." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "sFly Network Booster" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Requests the <code>READ_SMS</code> and <code>SEND_SMS</code> permissions " "upon installation, meaning it has full access to users' text messages." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "DroidVPN and TigerVPN" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Requests the <code>READ_LOGS</code> permission to read logs for other apps " "and also core system logs. TigerVPN developers have confirmed this." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "HideMyAss" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them " "over to the UK government if requested." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "VPN Services HotspotShield" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Injects JavaScript code into the HTML pages returned to the users. The " "stated purpose of the JS injection is to display ads. Uses roughly five " "tracking libraries. Also, it redirects the user's traffic through " "valueclick.com (an advertising website)." msgstr "" #. type: Content of: <div><div><ul><li><dl><dt> msgid "WiFi Protector VPN" msgstr "" #. type: Content of: <div><div><ul><li><dl><dd> msgid "" "Injects JavaScript code into HTML pages, and also uses roughly five tracking " "libraries. Developers of this app have confirmed that the non-premium " "version of the app does JavaScript injection for tracking the user and " "displaying ads." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some portable phones <a " "href=\"https://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html\">are " "sold with spyware sending lots of data to China</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's new Magic Photo app <a " "href=\"https://www.theregister.com/2015/11/10/facebook_scans_camera_for_your_friends/\"> " "scans your mobile phone's photo collections for known faces</a>, and " "suggests you circulate the picture you take according to who is in the " "frame." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This spyware feature seems to require online access to some known-faces " "database, which means the pictures are likely to be sent across the wire to " "Facebook's servers and face-recognition algorithms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If so, none of Facebook users' pictures are private anymore, even if the " "user didn't “upload” them to the service." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Facebook's app listens all the time, <a " "href=\"https://www.independent.co.uk/tech/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html\">to " "snoop on what people are listening to or watching</a>. In addition, it may " "be analyzing people's conversations to serve them with targeted " "advertisements." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pregnancy test controller application not only can <a " "href=\"https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security\"> " "spy on many sorts of data in the phone, and in server accounts, it can alter " "them too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apps that include <a " "href=\"https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/\"> " "Symphony surveillance software snoop on what radio and TV programs are " "playing nearby</a>. Also on what users post on various sites such as " "Facebook, Google+ and Twitter." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The natural extension of monitoring people through “their” " "phones is <a " "href=\"https://news.northwestern.edu/stories/2016/01/fool-activity-tracker\"> " "proprietary software to make sure they can't “fool” the " "monitoring</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Cryptic communication,” unrelated to the app's functionality, " "was <a " "href=\"https://news.mit.edu/2015/data-transferred-android-apps-hiding-1119\"> " "found in the 500 most popular gratis Android apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article should not have described these apps as " "“free”—they are not free software. The clear way to say " "“zero price” is “gratis.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article takes for granted that the usual analytics tools are legitimate, " "but is that valid? Software developers have no right to analyze what users " "are doing or how. “Analytics” tools that snoop are just as " "wrong as any other snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More than 73% and 47% of mobile applications, for Android and iOS " "respectively <a href=\"https://techscience.org/a/2015103001/\">hand over " "personal, behavioral and location information</a> of their users to third " "parties." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "According to Edward Snowden, <a " "href=\"https://www.bbc.com/news/uk-34444233\">agencies can take over " "smartphones</a> by sending hidden text messages which enable them to turn " "the phones on and off, listen to the microphone, retrieve geo-location data " "from the GPS, take photographs, read text messages, read call, location and " "web browsing history, and read the contact list. This malware is designed to " "disguise itself from investigation." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Like most “music screaming” disservices, Spotify is based on " "proprietary malware (DRM and snooping). In August 2015 it <a " "href=\"https://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy\"> " "demanded users submit to increased snooping</a>, and some are starting to " "realize that it is nasty." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This article shows the <a " "href=\"https://www.theregister.com/2015/08/21/spotify_worse_than_the_nsa/\"> " "twisted ways that they present snooping as a way to “serve” " "users better</a>—never mind whether they want that. This is a typical " "example of the attitude of the proprietary software industry towards those " "they have subjugated." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Out, out, damned Spotify!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many retail businesses publish cr…apps that ask to <a " "href=\"https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/\"> " "spy on the user's own data</a>—often many kinds." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Those companies know that snoop-phone usage trains people to say yes to " "almost any snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones come with <a " "href=\"https://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/\">apps " "that users can't delete</a>, and they send so much data that their " "transmission is a substantial expense for users. Said transmission, not " "wanted or requested by the user, clearly must constitute spying of some " "kind." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf\"> " "A study in 2015</a> found that 90% of the top-ranked gratis proprietary " "Android apps contained recognizable tracking libraries. For the paid " "proprietary apps, it was only 60%." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article confusingly describes gratis apps as “free”, but " "most of them are not in fact <a href=\"/philosophy/free-sw.html\">free " "software</a>. It also uses the ugly word “monetize”. A good " "replacement for that word is “exploit”; nearly always that will " "fit perfectly." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Gratis Android apps (but not <a href=\"/philosophy/free-sw.html\">free " "software</a>) connect to 100 <a " "href=\"https://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites\">tracking " "and advertising</a> URLs, on the average." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Widely used <a " "href=\"https://freedom-to-tinker.com/2015/04/06/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/\">proprietary " "QR-code scanner apps snoop on the user</a>. This is in addition to the " "snooping done by the phone company, and perhaps by the OS in the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Don't be distracted by the question of whether the app developers get users " "to say “I agree”. That is no excuse for malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary apps for mobile devices report which other apps the user " "has installed. <a " "href=\"https://techcrunch.com/2014/11/26/twitter-app-graph/\">Twitter is " "doing this in a way that at least is visible and optional</a>. Not as bad as " "what the others do." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/proprietary-back-doors.html#samsung\"> Samsung's back " "door</a> provides access to any file on the system." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Simeji keyboard is a smartphone version of Baidu's <a " "href=\"/proprietary/proprietary-surveillance.html#baidu-ime\">spying <abbr " "title=\"Input Method Editor\">IME</abbr></a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The nonfree Snapchat app's principal purpose is to restrict the use of data " "on the user's computer, but it does surveillance too: <a " "href=\"https://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers\"> " "it tries to get the user's list of other people's phone numbers</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Brightest Flashlight app <a " "href=\"https://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers\"> " "sends user data, including geolocation, for use by companies</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC criticized this app because it asked the user to approve sending " "personal data to the app developer but did not ask about sending it to other " "companies. This shows the weakness of the reject-it-if-you-dislike-snooping " "“solution” to surveillance: why should a flashlight app send any " "information to anyone? A free software flashlight app would not." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Portable phones with GPS <a " "href=\"https://www.aclu.org/issues/privacy-technology/location-tracking/you-are-being-tracked\"> " "will send their GPS location on remote command, and users cannot stop " "them</a>. (The US says it will eventually require all new portable phones to " "have GPS.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FTC says most mobile apps for children don't respect privacy: <a " "href=\"https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/\"> " "https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some manufacturers add a <a " "href=\"https://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/\"> " "hidden general surveillance package such as Carrier IQ</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Jails" msgstr "" #. type: Content of: <div><div><p> msgid "Jails are systems that impose censorship on application programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20190917162027/https://www.itworld.com/article/2832657/microsoft-metro-app-store-lock-down.html\"> " "Windows 8 on “mobile devices” (now defunct) was a jail</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Tyrants" msgstr "" #. type: Content of: <div><div><p> msgid "" "Tyrants are systems that reject any operating system not " "“authorized” by the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/\"> " "Mobile devices that come with Windows 8 are tyrants</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2014-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""