Search
Content type: Long Read
27th March 2019
(In order to click the hyperlinks in the explainer below, please download the pdf version at the bottom of the page).
Content type: Long Read
24th February 2020
Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.
Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.
Did you know that…
Content type: News & Analysis
30th April 2019
A mobile device is a huge repository of sensitive data, which could provide a wealth of information about its owner and many others with whom the user interacts.
Companies like Cellebrite, MSAB and Oxygen Forensics sell software and hardware to law enforcement. Once your phone is connected to one of these mobile phone extraction tools, the device extracts, analyses and presents the data contained on the phone.
What data these tools can extract and what method is used will depend on the…
Content type: Examples
8th December 2018
In September 2018, researchers discovered that websites accessed via mobile phones could access an array of device sensors, unlike apps, which request permissions for such access. The researchers found that 3,695 of the top 100,000 websites incorporate scripts that tap into one or more sensors, including Wayfair, Priceline, and Kayak. Unlike location sensors, motion, lighting, and proximity sensors have no mechanism for notifying users and requesting permission. Ad blockers were not effective…
Content type: Examples
1st April 2020
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how the beach-goers fanned out across the US afterwards, potentially carrying infection with them. Although the visualisation was instructive in showing how contagion spreads, it was unclear whether any…
Content type: Long Read
20th April 2020
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content type: Examples
19th March 2020
Thailand's National Broadcasting and Telecommunication Commission (NBTC) provided a SIM card to every foreigner and Thai who had travelled from countries that have have been designated as "high risk" for COVID-19 infections (at the time, China, Hong Kong, South Korea, Italy, and Macau). According to NBTC secretary-general Thakorn Tanthasit, the AoT Airports' new application had more than 7,000 downloads in its first five days. The sim card will be used together with the AoT Airports application…
Content type: Examples
28th April 2020
By May 11, the Swiss Federal Office of Public Health, working with EFPL and ETH Zurich, will launch a secure, decentralised system for contact tracing developed by the Decentralised Privacy-Preserving-Proximity Tracing (DP-3T) international consortium, whose Swiss partners are Ubique and PocketCampus. Other international partners include UCl, KU Leuven, TU Delft, the University of Oxford, and the Universirty of Torino. The system has been posted to Github as an open source protocol and will…
Content type: Examples
8th April 2020
The global secure solutions integrator SuperCom has begun piloting a modified version of the company's PureHeath platform, which incorporates a specially designed "PureCare" smartphone and "PureTag" ankle bracelet, aimed at ensuring that people comply with quarantine requirements during the coronavirus pandemic. The expectation is that the smartphones, which are easier to distribute at scale, will be used widely, while the ankle bracelets will be reserved for high-risk individuals. The company…
Content type: Examples
12th August 2019
In October 2018, the Singapore-based startup LenddoEFL was one of a group of microfinance startups aimed at the developing world that used non-traditional types of data such as behavioural traits and smartphone habits for credit scoring. Lenddo's algorithm uses numerous data points, including the number of words a person uses in email subject lines, the percentage of photos in a smartphone's library that were taken with a front-facing camera, and whether they regularly use financial apps on…
Content type: Examples
1st April 2020
Although the alerts about contacts with people infected by the coronavirus sent out via SMS by the South Korean government do not include names, the information included about people who tested positive for coronavirus, and their past locations can be revealingly detailed in some cases. Those who have been identified by this means have suffered offline and/or online harassment; others, without being specifically identified by name, have been mocked. A survey has found that as a result people…
Content type: Examples
19th March 2020
With 6,300 COVID-19 cases and more than 40 reported deaths, the South Korean government launched a smarphone app (Android first, iPhone due on March 20) to monitor citizens on lockdown as part of its "maximum" action to contain the outbreak. The app keeps patients in touch with care workers and uses GPS to keep track of their location to ensure they don't break quarantine. The government said the tracking was essential to manage the case load (at the time, 30,000 people) and prevent "super…
Content type: Examples
19th December 2018
In November 2016, the security contractor Krytowire discovered that cheap Chinese Android phones often include pre-installed software that monitors users' locations, messaging, and contacts, and sends the gathered information to China every 72 hours. Shanghai Adups Technology Company, the Chinese firm responsible for the software, said its code had been installed on more than 700 million phones, cars, and other devices without informing users, but that it was not intended for American phones.…
Content type: Examples
19th December 2018
In July 2018, researchers at the London-based security and mobile commerce firm Upstream Systems found that millions of cheap smartphones sold in developing countries lacking privacy protections come with pre-installed apps that harvest users' data for the purpose of targeting advertising and that can only be removed with difficulty. One such app, which Singtech includes on the thousands of smartphones it sells in Myanmar and Cambodia, as well as others sold in Brazil or made by Indian and…
Content type: Examples
26th March 2020
The new Singaporean app, TraceTogether, developed by the Government Technology Agency in collaboration with the Ministry of Health was launched on March 20 after eight weeks of development. The app, which can be downloaded by anyone with a Singapore mobile number and a Bluetooth-enabled smartphone, asks users to turn on Bluetooth and location services, and enable push notifications. The app works by exchanging short-distance Bluetooth signals between phones to detect other users within two…
Content type: News & Analysis
13th January 2020
Maddie Stone, formally a Senior reverse engineer and tech lead on the Android security team, shockingly revealed a number of examples of how pre-installed apps on Android devices can undermine users privacy and security in her BlackHat USA talk in August 2019. The video of the talk only recently became available to the public in late December 2019.
The apps in question come preloaded on a device when it is purchased and often can't be removed. Stone reveals a litany of abuses carried out by…
Content type: Examples
19th March 2020
Russian authorities are using surveillance cameras, facial recognition systems, and geolocation to enforce a two-week quarantine regime affecting 2,500 people. Chinese citizens are banned from entering Russia; Russians and citizens of other countries who arrive from China are required to go through two weeks of quarantine. Police raid hotels to find Chinese citizens who arrived before border controls began, and bus drivers have been ordered to call their dispatchers if they see Chinese citizens…
Content type: Explainer
19th September 2019
Abstract
Over the past few years, smart phones have become incredibly inexpensive, connecting millions of people to the internet for the first time. While growing connectivity is undeniably positive, some device vendors have recently come under scrutiny for harvesting user data and invasive private data collection practices.
Due to the open-source nature of the Android operating system vendors can add pre-installed apps (often called “bundled apps” or "bloatware") to mobile phones. In 2019, …
Content type: Explainer
24th June 2019
We look at the recently published report on forensic science in the UK, highlight concerns about police not understanding new tech used to extract data from mobile phones; the risk of making incorrect inferences and the general lack of understanding about the capabilities of these tools.
The delivery of justice depends on the integrity and accuracy of evidence and trust that society has in it. So starts the damning report of the House of Lords Science and Technology Select Committee’s report…
Content type: Explainer graphic
14th February 2019
You can also read a more detailed explainer about mobile phone extraction here.
Content type: Examples
21st March 2020
The Polish government has developed the free Home Quarantine app for both iPhone and Android, which allows the police to check that individuals do not break quarantine; those who do may be fined up to PLN 5,000 and also offers support to those who are quarantined. Once users activate the app by entering a phone number and a code sent via SMS, they send a reference photo. Every so often the app sends an unscheduled request for a new photo to be sent within 20 minutes. The system checks both the…
Content type: Video
10th February 2020
Find out why 53 organisations from all over the world are telling Google it's time they take action on pre-installed apps (bloatware).
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify
Apple podcasts
Google podcasts
Castbox
Overcast
Pocket Casts
Peertube
Youtube
Music by Glass Boy, find more of their work here: glassboy.bandcamp.com/album/enjoy
(creativecommons.org/licenses/by-nd/3.0/)
Content type: Advocacy
17th June 2020
Privacy International (PI), Fundaciòn Datos Protegidos, Red en Defensa de los Derechos Digitales (R3D) and Statewatch responded to the call for submission of the UN Special Rapporteur on contemporary forms of racism, xenophobia and related intolerance on how digital technologies deployed in the context of border enforcement and administration reproduce, reinforce, and compound racial discrimination.
This submission provides information on specific digital technologies in service of border…
Content type: Explainer
22nd February 2018
Phone networks are divided between two networks: the physical and the mobile. The physical runs on the Public Switched Telephone Network (PSTN) that serves your home phone. Mobile networks are dominant in the age of communication and are used to relay mobile communications to the PSTN. The most prominent mobile networks are GSM networks (Global System for Mobile communications) and are what we use everyday to communicate with one another. Another system is known as CDMA (Code Division Multiple…
Content type: Examples
9th April 2020
Led by Germany's Fraunhofer Heinrich Hertz Institute for Telecoms, technologists and scientists from at least eight countries, are working on a proximity-based contact tracing technology that complies with GDPR. The Pan-European Privacy-Preserving Proximity Tracing project (PEPP-PT) is intended to leverage smartphones to help disrupt the spread of infection by notifying individuals when their smartphones are near enough to to that of another person to carry out a Bluetooth handshake - thereby…
Content type: Examples
26th March 2020
After Pakistani residents queried whether messages labelled "CoronaALERT" sent out via SMS were legitimate, telecom authorities confirmed that it was authentic, being sent to selected individuals at the request of the Ministry of Health under the Digital Parkistan programme. Individuals were chosen because they might have come in contact with infected individuals during travel or in specific locations. It is not clear, however, what the criteria were for selecting individuals at risk,…
Content type: Report
12th September 2019
“...a mobile device is now a huge repository of sensitive data, which could provide a wealth of information about its owner. This has in turn led to the evolution of mobile device forensics, a branch of digital forensics, which deals with retrieving data from a mobile device.”
The situation in Scotland regarding the use of mobile phone extraction has come a long way since the secret trials were exposed. The inquiry by the Justice Sub-Committee, commenced on 10 May 2018, has brought much…
Content type: Examples
30th March 2020
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user is diagnosed with the virus, its location data can be user to trace all the phones that have been in close contact with the person. Authorities will use this data to send an SMS only to those phones…
Content type: Examples
16th April 2020
The Norwegian contact tracing app, Infection Stop, relies on a centralised database to store users' GPS locations for 30 days, like its Chinese counterpart. Sumula, the company that developed the app, claims is necessary because of technical limitations in Apple's smartphone operating system iOS. Simula has rejected using Bluetooth, like Singapore's TraceTogether, because to work on Apple's iPhones the tracker app would have to be in the forefront in order to be able to use Bluetooth to send,…
Content type: Long Read
9th September 2019
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…