Search
Content type: Report
A video presentation of the finding of this report can be found here, as presented at 35th Chaos Computer Congress (35C3)
Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet. In this report, Privacy International illustrates what this data sharing looks like in practice, particularly for people who do not have a Facebook account.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content type: Impact Case Study
What Happened
On 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the…
Content type: Examples
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack worked by requesting a list of nearby wireless networks from the Google device and sending that list on to Google's geolocation lookup service, whose map of wireless network names around the world is…
Content type: Examples
In 2018 industry insiders revealed that the gambling industry was increasingly turning to data analytics and AI to personalise their services and predict and manipulate consumer response in order to keep gamblers hooked. Based on profiles assembled by examining every click, page view, and transaction and incorporating data purchased from third-party sources, gambling operators push customised ads through Google, Facebook, and other platforms. There are also plans to geolocate customers arriving…
Content type: Examples
Three months after the 2018 discovery that Google was working on Project Maven, a military pilot program intended to speed up analysis of drone footage by automating classification of images of people and objects, dozens of Google employees resigned in protest. Among their complaints: Google executives' decreasing transparency and attention to workers' objections; that Google's move could damage user trust; and ethical concerns over using algorithms in this potentially lethal work and Google's…
Content type: Examples
In 2018, military security officers from the Israeli Defence Force accused Hamas of loading fake World Cup and dating apps with malware and making them available via the Israeli version of the Google Play store in order to hack the mobile phones of Israeli soldiers. The apps were capable of accessing locations, copying contacts, file, and photographs, and taking control of camera and microphone. The World Cup app offered HD live-streamed matches and updates. The IDF added that about 100…
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: Examples
In 2018, a group of researchers from the Campaign for Accountability posed as Russian trolls and were able to purchase divisive online ads and target them at Americans using Google's advertising platform. The researchers constructed fake profiles using the name and identifying details of the Internet Research Agency, a known Kremlin-linked troll farm; the ads appeared on the YouTube channels and websites belonging to CNN, CBS, Huffington Post, and the Daily Beast. The ads were approved in less…
Content type: Examples
In May 2018, researchers in the US and China demonstrated that they could send commands that activate Apple's Siri, Amazon's Alexa, and Google Assistant but that are inaudible to the human ear. The researchers were able to make smartphones and smart speakers dial phone numbers and open websites; the potential is there to make them operate Internet of Things devices, wire money, or execute retail transactions by hiding commands in music or other audio.
https://www.nytimes.com/2018/05/10/…
Content type: Examples
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal experiment to test battery-saving features had accidentally - and erroneously - been rolled out to more users than it had intended. The silent and invasive nature of the mistake made it particularly…
Content type: Examples
In October 2018, a transparency report from the smart home company Nest, which Google acquired for $3.2 billion in 2014, found that between 2015 and 2018 Nest had been told to hand over data on 300 separate occasions relating to up to 525 Nest account holders. Nest turned over data in fewer than 20% of the cases in the first half of 2018, down from the second half of 2015, when the company complied nearly 60% of the time. Nest is best known for its smart thermostats, but it also makes…
Content type: Examples
In September 2018, AI Now co-founder Meredith Whittaker sounded the alarm about the potential for abuse of the convergence of neuroscience, human enhancement, and AI in the form of brain-computer interfaces. Part of Whittaker's concern was that the only companies with the computational power necessary to develop these technologies are those already leading in AI: Google, Facebook, Microsoft, and equivalent. The result would be that the neural data collected from individuals' thoughts would be…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.0/115882278440564?fields=…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The app sends the following HTTP GET request to graph.facebook.com
GET https://…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This app prerequest permissions when installing from the app store, a screenshot is attached for reference
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
Form data:
format: json
sdk: android…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the app sends the following HTTP GET request to graph.facebook.com
GET https://graph.facebook.com/v2.11/174829003346?fields=…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…