1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Android security flaw could let hackers follow all your move

    From TechnologyDaily@1337:1/100 to All on Sat Sep 4 13:15:03 2021
    This Android security flaw could let hackers follow all your movements

    Date:
    Sat, 04 Sep 2021 11:53:35 +0000

    Description:
    A rather common oversight could lend Android users to inadvertently expose their movements.

    FULL STORY ======================================================================

    An innocuous-looking feature on Android devices was accidentally discovered
    by cybersecurity researchers as a means of spying on the whereabouts of another user, without the need to install additional stalkerware apps.

    Malwarebytes researcher Pieter Arntz discovered the issue after he signed in to his Google account on his wifes smartphone . Unexpectedly however, this enabled him to track the movements of his spouse using the Google Maps Timeline feature.

    After I logged out of Google Play on my wifes phone the issue was still not resolved. After some digging I learned that my Google account was added to my wifes phones accounts when I logged in on the Play Store, but was not removed when I logged out after noticing the tracking issue, noted Arntz. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Shield yourself with these best identity theft protection services Weve also compiled a list of
    the best Android antivirus apps These are the best data loss prevention services

    Arntz subsequently reported the issue to Google, but was told that the behavior is infact a feature and not really a bug. Flawed feature

    While Google might treat this as a legitimate feature, and not a bug, Malwarebytes, as one of the founding members of the Coalition against Stalkerware (CAS), is treating it as a potential flaw since its misuse would constitute what it refers to as tech enabled abuse.

    This is more aptly a design and user experience flaw. However, it is still a flaw that can and should be called out, because the end result can still provide location tracking of another persons device, asserts Artnz.

    He suggests a handful of things Google could improve to prevent the feature from being misused.

    For starters, Google needs to rein in the overzealous nature of the feature. Since the timeline feature was enabled in Arntzs device and not his wifes he feels he shouldnt be receiving the locations visited by her phone, in the first place.

    Secondly, although he received a warning when he signed into his account on her phone, Google should ensure a similar someone else logged into Google
    Play on your phone should also be sent to her wifes phone.

    Finally, Arntz feels that Google should do a better job of displaying the current logged in users instead of only showing the first letter of the
    Google account user.

    For its part, Malwarebytes advises all Android users to check if any additional Google accounts have been added to their phone, and remove them manually to mitigate this risk of the flawed feature. Check our list of the best identity management services



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-android-flaw-could-let-hackers-follow-all- your-movements/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)