Kevin Poulsen
TikTok Tracked User Data Using Tactic Banned by Google
TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out. The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November 2019. The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes.
How Google Map Hackers Can Destroy a Business at Will
Beneath its slick interface and crystal clear GPS-enabled vision of the world, Google Maps roils with local rivalries, score-settling, and deception. Maps are dotted with thousands of spam business listings for nonexistent locksmiths and plumbers. Legitimate businesses sometimes see their listings hijacked by competitors or cloned into a duplicate with a different phone number or website.
In January, someone bulk-modified the Google Maps presence of thousands of hotels around the country, changing the website URLs to a commercial third-party booking site (which siphons off the commissions).
Small businesses are the usual targets. Attacks happen because Google Maps is, at its heart, a massive crowdsourcing project, a shared conception of the world that skilled practitioners can bend and reshape in small ways using tools like Google’s Mapmaker or Google Places for Business.
Google Takes Wi-Fi Snooping Scandal to the Supreme Court
The biggest US Internet wiretapping program outside the National Security Agency may be headed to the Supreme Court. Google is asking the high court to rule on the legality of the company’s past sniffing of unencrypted Wi-Fi traffic in neighborhoods around the country as part of its Street View program. If the Supreme Court hears the case and eventually rules that unencrypted Wi-Fi sniffing is legal, that might be seen as a boon to criminals who eavesdrop on public access points to sniff out passwords or credit card numbers. But Google ingeniously argues that the 9th Circuit’s ruling is actually bad for computer security, because it could bar legitimate security scanning.