1) La Commissione ha comminato a Google un'ammenda di 4,34 miliardi di euri. Si tratta della multa più alta nella storia dell'antitrust mondiale e quasi doppia il precedente record: la multa di 2,42 miliardi di euri inflitta nel 2017 dalla Commissione... a Google.
2) L'entità della sanzione – che la Commissione avrebbe potuto fissare fino a un massimo di 9,45 miliardi, ma gli analisti stimavano intorno ai 2,5 miliardi – spiega molto della portata del caso. Il futuro politoc del commissario Vestager sarà definito dal caso (dai casi) Google.
Telefonlar artık çocuklarımızın elinden düşmüyor. Peki çocukların güvenliğini nasıl sağlayacağız? Neler yaptığını nasıl göreceğiz ve onları nasıl koruyacağız? #Flood
1- Safe Kids: Kaspersky adlı güvenlik şirketinin ebeveynler için sunduğu online çocuk güvenliğine dair bir uygulama. Safe Kids, hem iOS hem de Android cihazlarda kullanılabiliyor. #SafeKids
2- #SafeKids, çocuklar için uygun olmayan içeriklere sahip siteleri engellerken aynı zamanda şunlara da sahip; web etkinliği takibi, uygulama ve cihaz kullanımı izleme, konum takibi, Çağrı/SMS/Sosyal ağ izleme. #İnternet#ÇocuklarİçinGüvenlik
Huge victory for a technical community that has spent decade explaining how the architecture & ethos of the internet are under attack.
2. "But like Sir Tim, many people have recently become more critical of it (...) At the heart of their disenchantment, this special report will argue, is that the internet has become much more “centralised” than it was even ten years ago." economist.com/special-report…
Time for a new thread. The #android#application called @moinsbete is one of the most downloaded applications in France. This app is sending without your consent your personal data to @mopub:
- screen size
Yes, all these requests to @mopub are HTTP requests... Welcome to 2018...
This is a very good example of data abuse. Every time you open the @moinsbete#android#app with location on, your location is send without your consent to an US based server owned by @mopub
The samples are available on @koodous_project and @virusbay_io
2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is considered as a personal data, the user must give his consent and must be able to opt out from this data collection.
When you create a profile in the official @narendramodi#Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called in.wzrkt.com.
This domain is classified as a phishing link by the company G-Data. This website is hosted by @GoDaddy and the whois info are hidden.
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers"
The official #Aadhaar#android app is sending an SMS to authenticate the user. In general, to avoid abuses, you add a sending rate limit. The user has to wait 2 minutes before resend the SMS. @UIDAI did not implement this kind of limit in the app. What are the consequences?
An attacker can extract the authentication HTTPS request made by the official #Aadhaar#android app. After that he just has to write a small script which will try all the possible #Aadhaar numbers.
The attacker will be able to flood the all #India population and @UIDAI will lose a lot of money.
.@UDAI don't be stupid, remove the official #Aadhaar#android app from the PlayStore, this is the best move you have.
They keep the default owner and issuer: Google. This is funny, technically, Google is the owner and issuer of #Aadhaar 😂😬🤦♂️
As stated by the official documentation, developer.android.com/studio/publish…
"A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key"
Moreover, "Every app must use the same certificate throughout its lifespan"
So, @KhoslaLabs and @UIDAI cannot change it. They need to reupload another app with a different package name if they really want to change it.
The #Aadhaar#android app is saving your biometric settings in a local database which is protected with a password. To generate the password they used a random number with 123456789 as seed and a hardcoded string db_password_123 🤦♂️
It can be good also to remove the "developer" endpoint from the release apk...