You Can Now Stop Your iPhone Apps from Tracking Your Activities

Apple has rolled out App Tracking Transparency (ATT) feature in the iOS 14.5 update. Find out how this feature works and why some groups are applauding ATT while others are fighting it.

For years, smartphone apps have been tracking where users go and what they do in the digital world. (A humorous but telling video shows what app tracking would look like in the physical world.) The data collected is often used for targeted ads or shared with data brokers. All of this is typically done without the app users' consent.

Apple is changing this reality with the App Tracking Transparency (ATT) feature, which was rolled out in the iOS 14.5 update. Once the feature is installed, iPhone apps can only track users' activities in other apps and websites if they obtain the app users' permission.

The ATT feature is part of a larger effort to put privacy back in the hands of iPhone users. "At its foundation, ATT is about returning control to users — about giving them a say over how their data is handled," said Apple CEO Tim Cook.

 

Mixed Reactions

The ATT feature will likely upend how app tracking is handled in all mobile devices in the future, which pleases digital privacy advocates. "It's a solid step in the right direction," according to the Electronic Frontier Foundation. And iPhone users appear to like the new feature as well. They have been using it to let app developers and digital advertisers know that they do not want their activities tracked. Only 16% of iPhone users have allowed tracking, as of June 28, 2021.

Not surprisingly, Facebook and the digital advertising industry are not too happy about the ATT feature's rollout. Facebook's core business is expected to suffer because it will be harder for the company to gather user data and prove that the ads on its platform are effective, according to advertising industry experts. However, Facebook contends that the ATT feature is a bad idea because it will hurt small businesses that rely on app tracking to find customers. The social media giant even held a press conference and published a series of full-page newspaper ads trying to convince the world of this.

 

How the ATT Feature Works

Here is how the ATT feature works: In Apple devices running at least iOS 14.5, iPadOS 14.5, or tvOS 14.5, apps must ask for permission to track your activity across other apps and websites. When permission is needed, a dialog box appears asking if you want to allow tracking. You might also see an explanation of how the tracked data will be used, but including this information is optional for app developers.

The permission dialog box will give you two options: "Ask App Not to Track" and "Allow". If you select "Ask App Not to Track", the app is not allowed to use the system advertising identifier or any other personal identifiers (e.g., your email address or phone number) to track your activity. You will be able to use the app's full capabilities no matter whether you deny or grant permission.

The option you select is saved so you will not be asked for permission from that app again. You can change the option for an app at any time in the Tracking page, which is in the Privacy section of the Settings app. The Tracking page also includes the "Allow Apps to Request to Track" setting, which is typically enabled by default. If you do not want any apps to track you and you are tired of being asked about your permission preference, you can disable this setting. From that point on, your device will automatically deny permission to all tracking requests without displaying the permission dialog box.

 

Don't Like Being Tracked?

Do you dislike the idea of apps tracking where you go and what you do in the digital world? If so, you can immediately stop the tracking if you have an iPhone running iOS 14.5.

If you have an Android phone, don't despair. Google is working on a similar feature for Android phones. It is expected to be available in late 2021.

 

 

Apple iPhone SE 2020 flickr photo by TheBetterDay shared under a Creative Commons (BY-ND) license


3 Things to Keep in Mind Before Moving More IT Operations to the Cloud

With the future looking brighter, companies are contemplating moving more IT operations to public clouds. Here are three things to keep in mind before doing so. Read more


The Security Risks Associated with Cookies

Cookies are a common target for hackers because they represent a major vulnerability in web applications. Multi-factor authentication (MFA) is a traditional approach to solving this problem, but it’s becoming less effective as attackers devise ways of defeating it. Web developers are using new methods like Progressive Web Apps (PWAs) to defend against modern attacks in the current cloud and mobile-oriented computing environments.Read more


The "Android Update" that's actually Malware

Researchers at Zimperium zLabs have discovered a sophisticated Android app that masquerades as a software update. It appears to be an update for the Android mobile operating system (OS), but it actually exfiltrates data about users and their mobile devices. This malware is similar to other Android apps that Google discovered in its Play Store during early March 2021, which infect target applications with Trojan horse tools like AlienBot and mRAT. These apps included a barcode scanner, recorder and virtual private network (VPN) service.

Zimperium researchers discovered many unsecured cloud configurations during March, 2021 that exposed user data to thousands of legitimate apps for both the Android and iOS mobile OSs. This investigation also revealed an app described as an Android system update that Zimperium’s zIPS on-device detection solution flagged as malware. Closer examination showed that this app was part of a spyware campaign with advanced capabilities. The additional discovery that this app has never existed on Google Play confirmed its function as malware.

 

Function

The app’s first action after installation is to register the infected device with a Firebase command-and-control (C2) server that issues commands to the device. A separate C2 server then manages the exfiltration of data from the device. The Zimperium team reports that several conditions activate the app, including the installation of an app, addition of a contact or receipt of an SMS message.

Researchers classify this malware as a Remote Access Trojan (RAT), which controls the target system through a remote network connection. This particular RAT is able to exfiltrate many types of data, including the following:

  • Call logs
  • Contact lists
  • GPS data
  • SMS messages

It can also obtain operational information on the device such as installed application and storage statistics. Additional functions of the RAT include hijacking the target device’s camera and microphone to record audio, image and video files. Furthermore, it can record telephone calls and review browser bookmarks and history. The RAT also uses accessibility services to access instant messaging services like WhatsApp.

Additional functions are possible when the target device is rooted, meaning the user has administrative access to the device. These functions primarily include exfiltrating database records and files of specific types, including those with the following extensions:

  • .doc
  • .docx
  • .pdf
  • .xls
  • .xlsx

The RAT can also copy file stored in external locations, although the size of these files must be limited to avoid impacting connectivity. As a result, it only copies thumbnail images in this manner.

 

Detection

Researchers are still developing methods for removing the RAT from infected devices. So far, the best means of detecting them include noticing when your device is transmitting more data to the internet than it should, although this malware uses several strategies to avoid such detection. The RAT sends all the data it obtains to the C2 server when the device has a Wi-Fi connection. However, it limits transfers to specific types of data when the device only has a mobile data connection, as users are more likely to detect activity through this connection.

 

Androids flickr photo by Racchio shared under a Creative Commons (BY-ND) license


Microsoft Exchange Server Continues to be Hacked at an Alarming Rate

Microsoft has identified multiple 0-day attacks against on-premises versions of Microsoft Exchange Server. These attacks exploit vulnerabilities that allow attackers to access email accounts. They’re then able to install additional malware that provides them with additional capabilities through these accounts. The attackers include multiple state-sponsored groups that have targeted tens of thousands of Exchange servers throughout the world.Read more


A Glimpse into a Trucking Company's Ransomware Nightmare

A manager at a trucking company shares what it was like to be the victim of a ransomware attack. Here is his story and the lessons other businesses can learn from it.Read more


Ethernet Technology: A Possible Comeback?

Ethernet is a family of wired technologies commonly used in local area networks (LAN) and wide area networks (WAN). It has been commercially available since 1980, but has been refined multiple times to support higher transmission rates, more nodes and longer distances while retaining much of its backward compatibility with older versions. Ethernet is still a key technology of the internet due to advances in technologies such as switches, bandwidth and networking.Read more


PDF Viewers are Susceptible to these Attacks

The vast majority of PDF viewers are vulnerable to a variety of attacks, according to researchers at Ruhr University Bochum in Germany in a 2021 study. These techniques exploited standard features of PDF that are generally familiar to most hackers. In the most serious cases, researchers were able to execute code remotely, read data and manipulate it. Fortunately, a number of solutions are available for these vulnerabilities.

Read more


5 Tips to Make your Passwords More Secure

An organization’s infrastructure is only as secure as the passwords protecting it. Poor password practices make it easy for hackers to access sensitive information, which is especially damaging in the case of financial data. Strong, unique passwords are essential for any account, so most organizations have established guidelines for creating passwords. These guidelines should generally focus on making passwords easy to remember but hard to guess. The following five tips will help make your passwords more secure.

Read more


3 Digital Trends to Keep in Mind in 2021

As a business professional, it is helpful to learn about current trends that can affect your company. Here are three digital trends to keep in mind in 2021.

Read more