#AxisOfEasy 403: Meta And Yandex Caught Spying On Millions Of Android Users Without Consent


Weekly Axis Of Easy #403


Last Week’s Quote was: “You can motivate an idiot but all you’re going to get is a motivated idiot,”  was by Jim Rohn.  No one got it. 

This Week’s Quote:  “The only person you are destined to become is the person you decide to be.”  By??? 

THE RULES:  No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of June 2nd, 2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

 


In this issue: 

  • Meta and Yandex Caught Spying on Millions of Android Users Without Consent
  • Texas Just Made This Move That Will Change How You Download Apps Forever
  • Canada’s New Internet Bill Could Break the Web and Still Fail to Protect Kids
  • $1.5 Billion AI Startup Exposed as Total Fraud Shocks Tech World
  • Top Security Firm Leaks Client Data in Shocking Tech Fail 
  • Trump’s Surveillance State partners with Palantir
  • Cronly & Cronguard are now FREE
  • Canada’s Bill C-2: a surveillance bill dressed up as border protection


Elsewhere Online:

  • Hackers Hit Cartier and North Face in New Wave of Retail Cyberattacks
  • Bank Customers at Risk After Shocking Payment Card Leak Exposed Millions
  • Microsoft and CrowdStrike Just Teamed Up to Name Hackers and Stop the Confusion
  • Hackers Use Fake DocuSign Pages to Trick You Into Running Dangerous Code
  • New Android Malware Tricks Users with Fake Apps and Steals Crypto Worldwide

 

Meta and Yandex Caught Spying on Millions of Android Users Without Consent

On Android devices, Meta and Russia-based Yandex have been secretly tracking users by bypassing key privacy protections. This was revealed on June 3, 2025, by security researchers at IMDEA Networks and Radboud University.

Meta Pixel and Yandex Metrica, installed on millions of websites, use hidden browser-to-app channels to link browsing history with logged-in app identities. This breaks Android’s sandboxing and browser security. Researcher Narseo Vallina-Rodriguez warned, “This attack breaks the sandbox between the web and the mobile app context.”

The abuse affects only Android and has been ongoing since 2017 (Yandex) and 2023 (Meta). Even private browsing wasn’t safe. Meta and Yandex say they’ve paused or ended the feature, but Google confirmed the activity violated user expectations.

Browsers like DuckDuckGo and Brave have added blocks, but researchers warn this may not be enough. As Vallina-Rodriguez put it, “The real fix is better platform-level controls, not just blocklists.”
Until then, uninstalling these apps is your safest bet.

Read: https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/


Texas Just Made This Move That Will Change How You Download Apps Forever

Starting January 1, 2026, Texas will require Apple and Google to verify users’ ages before they can download apps. The law, signed by Governor Greg Abbott, also mandates parental consent for anyone under 18. It’s part of a growing push to protect children online—but privacy advocates are raising alarms.

Tech giants like Apple and Google say this could backfire. They argue the law forces them to collect sensitive data from every user, even for harmless apps. “App marketplaces will be required to collect and keep sensitive personal identifying information for every Texan,” Apple warned.

Supporters, including Meta and X (formerly Twitter), say app stores are the best place to enforce age checks. But critics fear this could erode online privacy and silence free speech.

Kareem Ghanem, a Google policy executive, supports regulation but says it must “target actual sources of harm.” With other states considering similar laws, this could reshape how we all access the internet.

Read: https://reclaimthenet.org/texas-mandates-digital-id-to-access-app-store-apps


Canada’s New Internet Bill Could Break the Web and Still Fail to Protect Kids

On June 3, 2025, Canadian Senator Julie Miville-Dechêne introduced Bill S-209, a new law aimed at blocking minors from porn online. It’s a revised version of her earlier Bill S-210, which didn’t pass. The bill sets stronger age checks using third-party tools, promising better privacy protection.

But there’s a major catch—it forces Internet Service Providers (ISPs) to block content. Experts say this is costly, easy to bypass, and risks blocking innocent websites. In 2005, a Telus IP block accidentally took down 766 unrelated sites. That risk still exists.
Critics warn the bill sets a dangerous precedent. “Once this infrastructure exists, it won’t just stop at porn,” privacy advocates say. They fear it could be used to censor other content too.

Google DNS or VPNs could easily get around the block. And small ISPs may raise prices to cover costs.
The goal is noble. But many argue this bill targets the wrong problem with the wrong tool.

Read: https://mgamble.ca/bill-s-209-protecting-kids-at-the-cost-of-the-internet/


$1.5 Billion AI Startup Exposed as Total Fraud Shocks Tech World

On June 3, 2025, AI startup Builder AI, once backed by Microsoft and SoftBank, collapsed in London. The company laid off all staff and entered insolvency after it was revealed their “AI platform” was actually just developers in India manually writing code.

Builder AI had raised nearly $500 million. The biggest blow came to the Qatar Investment Authority, which led a $250 million round.
Founder and CEO Sachin Dev Duggal is now accused of faking revenue to mislead investors. “The company was able to keep this scam going for 8 years,” one report stated in disbelief.Instead of cutting-edge AI, the backend was simply humans posing as machines.

What looked like innovation turned out to be a long-running fraud.
This massive failure highlights how investor hype around AI can sometimes blind even the smartest firms. It’s a wake-up call in a world where “AI” can mean anything—or nothing at all.

Read: https://www.linkedin.com/feed/update/urn:li:activity:7334521571966877696/


Top Security Firm Leaks Client Data in Shocking Tech Fail

On May 26, 2025, Vanta—a top compliance automation company based in the U.S.—confirmed a major software bug that leaked private customer data to other clients. The issue affected hundreds of organizations and exposed sensitive employee and account data.
The bug wasn’t caused by a cyberattack. It was triggered by a product code change inside Vanta’s system.

Jeremy Epling, Vanta’s Chief Product Officer, said, “Fewer than 4% of Vanta customers were affected… and have all been notified.”
The leak involved internal data, including third-party service settings and account configurations. Vanta also confirmed that no API keys, credentials, or external intrusions were involved.

The company started fixing the issue immediately and promised full remediation by June 4. Still, for a firm built on trust and digital safety, this failure shocked many.

This incident proves even leading security platforms aren’t immune to internal mistakes. One code error was all it took to shake trust in a trusted name.

Read: https://hackread.com/code-bug-compliance-vanta-data-leak-customer-clients/


Trump’s Surveillance State partners with Palantir

We noted during the 2016 election cycle  how neither candidate was exactly a “free internet” candidate – both Clinton and Trump campaigning on different ways to censor and surveil citizens.

Trump was so embattled over his first term, he never got the chance to implement his vision – but this term is different and he’s taking the opportunity to tap Peter “The Libertarian” Thiel’s Palantir to build a nationwide surveillance database.

This follows on Executive Order issued in March  directing Federal agencies to share data with each other which came amidst a flurry of lawsuits directed at the Department Of Governmental Efficiency (“DOGE”) over data access, which then piloted by another former PayPal Mafia figure, Elon Musk.

Palantir shares (Nasdaq: PLTR) rocketed higher on the news, having already reversed hard after a recent slide – it’ll be interesting to see the next batch of Periodic Transaction Reports (PTRs), out of congress – which have to be filed within 45 days of any purchases.

More from the Mises Institute:

Read: https://mises.org/mises-wire/trump-building-bigger-deep-state-help-libertarian-peter-thiel


Cronly & Cronguard are now FREE

We’ve made the decision to open the Cronly monitor and job execution platform up to easyDNS members (and beyond).

It’s now free across the board, up to 10 monitors, with up to two free servers for Cronguard.

Go ahead and set up your first monitors today at https://cronly.app.

-mark


Canada’s Bill C-2: a surveillance bill dressed up as border protection

Canadian Public Safety Minister Gary Anandasangaree has introduced Bill C-2, dubbed The Stong Borders Act, ostensibly to harmonize anti-fentanyl efforts with the US after Trump tarriff threats, seems to contain more provisions for surveilling everyday Canadians than it does for policing the border.

easyDNS Mark Jeftovic has listed four elements of the new bill that the government seeks to introduce. They are:

1) A ban on cash transactions over $10,000

2) Canada Post (and cops) get to open your mail now

3) Expansion of police powers to install spyware on your phone (covertly)

4) Compels ISPs and service providers to tap your data (and not tell your about it) when ordered to

Mark’s run these down in a full length piece on the easyDNS blog:

Read: https://easydns.com/blog/2025/06/05/canadas-strong-borders-act-bill-c-2-contains-four-surveillance-trojans/

 

Elsewhere online: 

Hackers Hit Cartier and North Face in New Wave of Retail Cyberattacks
Read: https://hackread.com/cyberattacks-retailers-cartier-north-face-victims/

Bank Customers at Risk After Shocking Payment Card Leak Exposed Millions
Read: https://www.securityweek.com/mainstreet-bank-data-breach-impacts-customer-payment-cards/

Microsoft and CrowdStrike Just Teamed Up to Name Hackers and Stop the Confusion
Read: https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html

Hackers Use Fake DocuSign Pages to Trick You Into Running Dangerous Code
Read: https://www.infosecurity-magazine.com/news/fake-docusign-pages-deliver-rat/

New Android Malware Tricks Users with Fake Apps and Steals Crypto Worldwide
Read: https://www.darkreading.com/mobile-security/crocodilus-sharpens-teeth-android-users

If you missed the previous issues, they can be read online here:

One thought on “#AxisOfEasy 403: Meta And Yandex Caught Spying On Millions Of Android Users Without Consent

Leave a Reply

Your email address will not be published. Required fields are marked *