by Paul Arnote (parnote)
Google Seeks Help To Clean Up Android Malware Mess
For all of its faults, you do have to praise Android's open ecosystem, especially when compared to Apple's tightly controlled App Store. Virtually anyone with a modicum of programming ability can create an app and upload it to the Google Play store. But that openness makes it especially easy for bad apps to quite regularly find their way into the official Google Play store. Plus, third-party app stores and malicious website can harbor even more nastiness in the form of malware. It is a problem that has plagued the Google Play store, and Android in general, since its inception.
According to an article from Wired.com, Google has enlisted help from three antivirus firms who have extensively monitored Android malware for years. They are ESET, Lookout and Zimperium. In partnership with Google, they have formed an alliance, called the App Defense Alliance. They will scan new apps in the Google Play store before they go live, in an effort to help prevent malware from ever appearing in the Play store.
Since each member of the alliance has different methods and approaches for scanning apps, together they should be able to detect trojans, adware, ransomware, banking malware, and phishing attacks before the apps are allowed to go live in the Play store.
Even though a friendly relationship has existed between Google and the other members of the alliance for over two years, the coordinated effort is just now getting off the ground. So, it remains to be seen how much of a dent can be made in the growing Android malware problem.
But then, it is a start to taming the wild, wild west that the Google Play store has become.
Facebook Secretly Accesses Camera On iOS 13
iOS does probably the best job of any of the mobile platforms of protecting user privacy. So it came as a complete surprise when it was discovered that the Facebook app on iOS was secretly accessing users' cameras in the background on iOS 13.
According to an article on The Next Web, a user named Joshua Maddux posted on Twitter about his discovery of the Facebook app on iOS accessing his phone's rear camera without his knowledge. He subsequently confirmed the behavior on five different iPhones running iOS 13.2.2. Further testing confirmed that the issue did not seem to be present on phones/devices running iOS 12 (but that's not to say that the camera wasn't being accessed).
Initially, it wasn't clear if this was a problem inherent in iOS 13 or the Facebook app. In a follow-up on The Next Web, Facebook confirmed that the issue was a bug with their app. Whenever a user clicked/tapped to view a photo, the camera was activated. Facebook VP of Integrity (how would you like to have THAT job/title?) claimed that there has been no evidence of photos or videos being uploaded because of the bug. Facebook has submitted a fix to the App Store. Given Facebook's awful, horrible track record in regards to user privacy, it's reason enough for grave concern.
Unless and until an update is issued, the only way to eliminate the potential privacy threat is to turn off camera access to any app that you don't want to have access to the device's camera ... including the Facebook app. Meanwhile, there is no evidence of anything like this occurring on the Android platform.
Google Wants Us To Trust It With Our Medical Records We Never Knew They Had
It's doesn't seem to be enough that Google has permeated virtually every part of our online lives. Now, Google wants us to trust it with our medical records/data that we never realized they had in their possession.
Google, through a project called "Project Nightingale," has been secretly collecting the health records of more than 50 MILLION Americans. Google claims to be working on an AI project to develop artificial intelligence programs to help determine the best course of medical treatment for patients.
The online tech giant has partnered with Ascension Healthcare, the second largest system in the U.S. Based out of St. Louis, Missouri, Ascension has healthcare facilities in 23 states and Washington, D.C.
Neither patients nor doctors have been notified about the data collection, data that is readily available to hundreds of Google employees, according to a Wall Street Journal article (subscription required to access article). It is/was BIG news, so fortunately, there is plenty of information available elsewhere.
Not only is Google storing medical information on patients, but they are also storing personal details, such as birthdays and patient names. While Google claims that the project is compliant with federal laws, users are concerned (and have a right to be concerned) due to Google's cavalier attitude towards user privacy.
Having personally worked for over 30 years in healthcare, a huge concern is compliance with HIPAA (Health Insurance Portability and Accountability Act) laws. Apparently, under the current HIPAA laws, because Ascension and Google are acting as business associates, HIPAA laws are not being violated. As a result, some IT executives are calling for an overhaul of the HIPAA law that was written 23 years ago, to prevent these types of partnerships with giant tech firms that couldn't have been foreseen back when the law was written.
According to an article on the Healthcare Dive website:
HHS' (Health and Human Services) Office of Civil Rights opened an investigation into the partnership and multiple legislators including Sens. Mark Warner, D-Va., Bill Cassidy, R-La., and Richard Blumenthal, D-Conn. issued statements decrying the actions of both companies.
HIPAA allows healthcare companies to share patient data with third parties under business associate agreements, as long as the data is being used to help that third party "carry out its health care functions." That definition does constrain Google from using the data for any marketing or non-R&D related purposes, but privacy experts still say it may be overly vague for today's data-rich and regulation-light technology landscape.
Ascension Health is the largest Catholic owned/operated healthcare system in the U.S. Google is ... well, we're all too familiar with who they are. You know ... the company that once had "Do No Evil" as its motto, who is now the embodiment of evil to many, many users across the globe.
To say that there is reason for concern could be the understatement of the century.
Some Older Roku, Samsung, Vizio Devices To Lose Netflix Over DRM
Sometimes, it doesn't pay to be an "early adopter" of technology. This will be evident in early December to users of certain Roku, Samsung and Vizio devices when they will no longer be able to connect to their beloved Netflix accounts using those affected devices.
According to an article on bgr.com, Netflix initially claimed on its product support pages that unspecified technical limitations were to blame. But the real reason came out later, and it has to do with how Netflix employs DRM (Digital Rights Management) to prevent piracy.
Since 2010, Netflix has been using Microsoft's PlayReady technology to provide that DRM solution. Older devices that are unable to be updated to PlayReady will cease functioning December 2, 2019.
So, other than suddenly being unable to log into your Netflix account(s), how do you know if your older device will be affected? If you're an owner of a Roku device, the following devices are affected: Roku SD (N1050), Roku HD-XR (N1101), Roku HD (N1100, 2000C), and Roku XD (2050X, 2050N, 2100X, 2100N). If you have a Samsung Smart TV set built in 2010 or 2011, select models will be affected. Vizio TVs affected include select devices/apps sold between 2012 and 2014.
Fortunately, the "news" couldn't come at a better time, with the winter holidays literally right around the corner. If you ... or someone you know ... has a device that is affected, you should be able to find a replacement among all the winter holiday sales that precede those holidays.
YouTube Content Creators Fear New TOS Agreement
Being a YouTube content creator used to be a profitable undertaking, at least for some content creators. YouTube has been and remains the premiere site for users to share video content, often unique and unavailable anywhere else. Then "Adpocalypse" happened, when YouTube changed the monetization scheme, and even demonetized other content creators.
Now, YouTube content creators have something new to be concerned about, according to an article on bgr.com. YouTube is changing its Terms of Service agreement with content creators, effective December 10, 2019. Specifically, content creators are concerned with this one new clause in the YouTube ToS agreement. It reads, "YouTube may terminate your access, or your Google account's access to all or part of the Service if YouTube believes, in its sole discretion, that provision of the Service to you is no longer commercially viable."
So, it sounds as if Google, at its sole discretion, can terminate YouTube accounts that it doesn't feel are "commercially viable" ... whatever that means, and it could mean different things to different people. But different people don't matter. It's only what Google says it means, which can vary on a case-by-case basis and depending on which way the wind is blowing at that time. Even more frightening is that the content creator's OTHER Google accounts can also be summarily terminated, right along with the YouTube account.
As you might expect, the outrage was swift, spreading like a wildfire across a drought-stricken prairie (or the annual mass burning of California). Reddit exploded with the news. So much fiery rhetoric had spread that Google had to don its firehat and man the fire hoses.
A YouTube spokesperson reached out to 9to5Google.com website with a "clarification." They explained that YouTube has "made some changes to our Terms of Service in order to make them easier to read and to ensure they're up to date. We're not changing the way our products work, how we collect or process data, or any of your settings." They also went on to explain that this isn't a "new clause," but rather has always been a part of existing terms (although no one on Reddit could find similarly worded clauses in YouTube's previous ToS agreements). The article went on to explain, "The enhanced visibility and prominence has been added to help ensure that creators and users are far more aware of the already existing terms. Despite that it's still difficult to ascertain how this particular clause is currently enforced, or how it may be enforced in future."
Despite their efforts, Google and YouTube were unable to extinguish the firestorm of controversy. So, @TeamYouTube further explained that they would NOT terminate channels if they do not make money. The 9to5Google.com article went on to say, "The wording is, in fact, referring to the actual YouTube platform rather than 'channels'. Meaning that termination will be of defunct or underused features like the internal YouTube messaging platform or YouTube Studio Classic."
It does sound a bit like a cat trying to cover his "business" in the proverbial cat litter box, but so far, it appears that the initial panic is "over." We'll have to wait and see how this plays out in the ensuing months.