Google cracks down on bad apps, and data on millions of Americans found open on the Internet
Welcome to Cyber Security Today. It’s Monday February 24th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Google is cracking down on Android app developers trying to commit fraud with mobile ads. Six hundred apps have been yanked from the Google Play Store and their developers banned for violating a disruptive ad policy. In addition those developers have been banned from the Google platforms that pay app makers for the number of clicks on ads. That hurts them in the pocketbook. What’s been going on is some sneaky developers have been playing tricks with their apps: They make ads pop up on Android devices even though an app isn’t in use. This gets developers money because advertising markets that pay for the number of times an ad is displayed or a user clicks on an ad. Meanwhile users get annoyed by ads that pop up when trying to do something that doesn’t involve an app, like make a phone call. Buzzfeed News quotes a Google official saying the banned apps had been downloaded billions of times. Many were utilities and games. Google’s rules forbid developers from allowing an app to show ads when the app isn’t being used.
At the same time Check Point Software says it’s discovered new family of apps in the Google store that are really mobile ad fraud scams. Hidden in games and utilities these apps are called clickers, because what they do is generate fake clicks on ads on your phone to gets the developers money. The thing is, they click on anything that’s on the screen — including your email. So be careful about the apps you download. Just because it’s in the Google — or Apple — store doesn’t mean it’s safe. As I’ve said before, a smartphone or tablet isn’t a place to experiment with the latest app.
I’ve warned before that employees are being clumsy with corporate data they put in cloud storage services instead of on their own company’s servers. Usually they do it for data analysis. But if the data is left open on the Internet a crafty hacker can find and copy it. Here’s the latest example: Early this month a researcher at a security company called Upguard found an unprotected stash of data on Amazon’s S3 data storage service. It belonged to a U.S. marketing analysis company called Tetrad. It had purchasing habits and consumer behaviour profiles of 120 million Americans, including their names and addresses. This customer data was collected from a number of companies, such as fashion retailer Kate Spade. Data for that company didn’t have customer names, but it did have stats on 700,000 accounts with the customer’s shipping address and dollar value of purchases. The haul also showed how restaurant chain Chipotle was tracking individuals based on cell phone location data. It took Tetrad five days to figure out what the problem was and to take the data offline. We don’t know if someone else found and copied this data. If it was it would be useful to competitors, or valuable for resale, or could be used by hackers. A couple of reports last week noted mistakes resulting in misconfigured servers and data stored on the Internet are an increasing source of data breaches. Companies still aren’t getting the message.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon