Subscribe

#AxisOfEasy 158: Hundreds Of Smartphone Apps Sell Your Location Data To Government Connected Data Firms

by on August 11, 2020

Weekly Axis Of Easy #158


Last Week’s Quote was “A thoroughly scientific dictatorship will never be overthrown” was Aldous Huxley, the author of Brave New World, and the non-fiction companion, a must read today, Brave New World Revisited. Winner was Brent.

Also, I once again missed a correct quote contest winner for #156, the Einstein quote was indeed correctly answered by Ron A Belaire.

This Week’s Quote:  “The American people are free to do exactly what they are told.” …by ???

THE RULES: No searching up the answer, must be posted to the blog.  The place to post the answer is at the bottom of the post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.


We have launched AxisOfEasy.com!  Please help us get the word out and tell your friends and colleagues to check out the new website portal and subscribe to our various tendrils there.

 
 
In this issue:  
 
  • Private companies installed trackers in apps on your phone and sell the data to the government
  • Intel hacked, 20GB of corporate data and chip designs dumped on the net
  • “All your DNA are belong to Blackstone” In 4.7B Ancestry.com deal
  • Tik Tok odyssey continues as merger with Twitter floated
  • Protonmail founder says Apple uses monopoly to hold everybody hostage
  • Uber and Lyft brace for California ruling on gig economy drivers
  • AxisOfEasy: The No-Man’s Land Where Technology and Reality Intersect

 

Private companies installed trackers in apps on your phone and sell the data to the government

If you’ve never heard of Anomaly Six or Babel Street, you’re not alone.  I think the point is we’re not supposed to have heard of them.  They are somewhat secretive data mining companies that cut deals with smartphone app developers that put their location tracking SDKs into those developers’ apps.  Developers charge an up front fee to get into the app, and then they take a cut of the revenues these companies make from selling your location data to government entities, intelligence agencies and other private companies. 

The Wall Street Journal broke the story but was unable to obtain the list of apps that have embedded these trackers, but they reportedly number in the hundreds. 

Anomaly Six was started by a pair of ex-military personnel with defense contractor backgrounds and contacts to US intelligence agencies who used to work for Babel Street.  The latter has sued the former, which neither will comment on, and was settled out of court last year.

Read: https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801 (Paywall)

This piece has me wondering, how can the “collective we” figure out which apps have the AnomalySix or Babel Street SDKs installed?  One way I figure is these apps have to phone home, so if we can figure out where they’re phoning home to, all we have to do is somehow sniff our smartphone traffic, à la Little Snitch, but for iOS or Android.  Apparently you can’t do this on an iOS device unless it’s jail broken.  But this article in dzone did show how  you could setup a VPN client on your phone, you can then sniff your own traffic to the VPN endpoint. 

What do you sniff for?  I couldn’t figure it out for Anomaly Six, but using Robtex I found that Babel Street has a subdomain hosted on Amazon AWS called app.babelstreet.com, so that’s one place I’d start, oh and over here on securitytrails we have all kinds of subdomains for babelstreet.com, including multiple “Apple” and “Matomo” (data analytics) hostnames.

Another approach could be to run a binary string search on the app itself for that hostname.

Not sure I’ll get around to this anytime soon, but if anybody out there does, please report your findings back to us so we can start naming and shaming apps that contain these SDKs.

 

Intel hacked, 20GB of corporate data and chip designs dumped on the net

It looks like the Breach of The Week is a little different than the usual dump of user creds and payment data.  Intel has been hacked and now somebody is dumping internal company data on the net via Telegram. 

The initial 20GB dump entitled “Intel Exconfidential Lake” a hacker dubbed @deletescape has released documents that purportedly contain source code for various packages, company roadmaps, firmware and bootloader source, BIOS reference code, and myriad other materials which security researchers fear could be used to create new 0-day attacks across multiple platforms:

 

“All your DNA are belong to Blackstone” In 4.7B Ancestry.com deal

The genetic profiling and DNA tracing family tree and health testing tool Ancestry.com has been acquired, again.  This time the company has been sold by private equity firms to the Blackstone Group, a publicly traded private equity firm (NASDAQ:BX)

“Ancestry.com is the world’s largest provider of DNA services, allowing customers to trace their genealogy and identify genetic health risks with tests sent to their home.”

The company was valued at 2.6B four years ago in their previous investment round.

 

Tik Tok odyssey continues as merger with Twitter floated

I had sort of given up trying to follow the Tik Tok story, it’s been changing so much since last weekend (as reported in AxisOfEasy 157)

My guess was that at some point, something would actually, you know, happen and then the hysterical shrieking and gushing over what happened would be impossible to miss, and then I would write an “in case you missed it” fluff piece right here.

But I guess I should at least acknowledge that the latest is the possibility of a Twitter / Tik Tok combination of some sort.  If you’re holding your breath you should stop.  After we went to press last week Axios reported that Apple was considering purchasing Tik Tok and then had to retract the story within hours.

Definitely more interesting are Jesse Hirsh’s and Charles Hugh Smith’s coverage of Tik Tok as a cultural phenomenon, both available via the AxisOfEasy website here, and here.

 

Protonmail founder says Apple uses monopoly to hold everybody hostage

Apple is increasingly coming under fire from developers who accuse them of anti-competitive practices and operating a quasi-monopoly.  Secure email company Protonmail’s CEO went so far as to call it a protection racket that also props up authoritarian dictators. 

“Apple has become a monopoly, crushing potential competitors with exploitative fees and conducting censorship on behalf of dictators”

Protonmail is not alone, both Telegram and Spotify recently lodged antitrust complaints with EU regulators, who have opened a formal probe into Apple’s App Store practices.

Read: https://protonmail.com/blog/apple-app-store-antitrust/

 

Uber and Lyft brace for California ruling on gig economy drivers

It must be tough to be a unicorn.  You don’t have to earn any profits, you can disavow your staff and deem them “independent contractors” and of course, shroud your EULAs in “take or leave it” terms that absolve you of any responsibilities whatsoever and still get valued in the billions.  Then if the economy takes a hit (and you have the audacity) you can even go hat in hand for government bailouts.

So it’s no surprise why Uber and Lyft say that if a judge in California hands down a ruling that forces those companies to treat their indentured serfs independent contractors as employees, befitting of wages and benefits, it will cause them “irreparable damage”. 

The damage is basically that the ruling would force these companies to stop externalizing all their costs while keeping all their valuation gains.  It would force them into an unthinkable scenario:  having to operate like a real business in the real world.

The Judge, Ethan P. Schulman has finished hearing arguments from the tech companies and the State of California and is expected to hand down his decision within days.

As we headed to press, Uber’s CEO, Dara Khosrowshahi, just happened to pen an op-ed in the New York Times showing solidarity with gig economy workers (which Uber pretty well invented).  In it Khosrowshahi (whose compensation package last year was $45,000,000) pleads that ‘There has to be a “third way” for gig workers.’  What he’s really saying is:  “our business model doesn’t mesh with economic reality and is financially incoherent, somebody do something”.

(Uber and Lyft started the year with 11.3 and 2.8 billion in cash on their balance sheets respectively, they posted TTM losses of 10B and 2B respectively.  They are valued at 54B and 9.2B).

 

AxisOfEasy: The No-Man’s Land Where Technology and Reality Intersect

On last week’s AxisOfEasy we had our first ever guest on the show with Let’s Talk Bitcoin co-founder, and now Coindesk podcast editor, Adam B. Levine coming on to talk about how the current geopolitical and economic events are impacting the crypto-currency space. 

Listen/watch: https://axisofeasy.com/podcast/salon-16-adam-b-levine-the-no-mans-land-where-technology-and-reality-intersect/

3 responses to “#AxisOfEasy 158: Hundreds Of Smartphone Apps Sell Your Location Data To Government Connected Data Firms”

  1. Avatar John Robinson says:

    Two years ago I subscribed to Proton VPN. A year later I reviewed Proton Email, contacted their customer support to ask a few questions. I was given incorrect information and inadvertently ordered ProtonMail. My card was charged immediately. I contacted customer support and a week later received a reply from an anonymous agent that the only way my card could be charged is if I ordered. I was polite but insisted they cancel the order and refund me the charge. They anonymous staff became very unpleasant. Two days later my email account was suddenly suspended…however so was my VPN account. I tried to contact customer support and was told they only deal with registered users. I told them my email address was one they suspended and asked them to reinstate the VPN service and free Email account. The last reply I received is that I was trying to defraud them and I’ve never heard from them since. I still had more than one year of VPN service that had been prepaid.

    As such, it’s rather hypocritical of Proton Technologies AG CEO Andy Yen to accuse other entities of being anti-competitive, exploitive and holding others hostage when their actions towards their own customers are parallel.

  2. Avatar Andrew Chung says:

    The quote for #158 was penned by Ward Churchill.

  3. Avatar Jim Wilkes says:

    I believe the quote in #159 is by someone known more for his fables than his philosophy — Aesop

Leave a Reply

Your email address will not be published. Required fields are marked *

#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998


Ledger Nano X - The secure hardware wallet