542 The conference on cybersecurity RSA Conference in San Francisco reveals a way to escape private information from free applications…
The conference on cybersecurity RSA Conference in San Francisco reveals a way to escape private information from free applications that integrate advertising. This was confirmed by a study prepared by Kaspersky detailing the source of the problem, the failures and the consequences for the user.
In a way, the unmasking of Cambridge Analytica’s collection of more than 87 million Facebook users has sensitized the community to the importance of the processing of personal data. In fact, in just over a month Europe will launch a new law to further protect the rights of people. Well, in the middle of a debate about where is the limit on the collection of information and data, now a new way arises by which we can expose some of our personal data.
The present edition of the RSA Conference held during these days in San Francisco has been the scene in which the researchers of Kaspersky Labs have exposed an interesting and disturbing study. It makes clear the risk involved in the data processing exercised by the applications that base their business model on integrated advertising. Most free apps that show advertising in their interface in exchange for their services at no cost.
As a general rule, this type of apps collect some user data that is used to customize the advertising displayed. The drawback, as reported by Kaspersky researchers, lies in the way in which these data are sent.
To integrate this advertising system requires the use of a specific SDK that, in many cases, comes from third parties. And here comes the problem given that the study exposed by the security company details how these SDKs are a way by which they leak and expose some personal data of the user such as name, age, gender, income, telephone number, email, information on the smartphone in question and even the location by GPS.
The basis of the problem, as we read in ZDNet , it focuses on sending information to the servers connected to these SDKs, which, for the most part, is produced through the http protocol. The fact that said protocol does not encrypt the data sent causes them to be at the mercy of any attack or theft thereof. Although during this year the developers have adapted a large part of the apps (63%) to the encrypted https protocol, it is striking that 90% of them continue to use the previous http protocol for certain processes.
Similarly, Kaspersky indicates that access to the collected data allows them to be modified in their trip through the Network in order to manipulate the advertising displayed and derive the user access to malware, with the relevant risk that this entails.
To top it off, Kaspersky warn that this type of actions are presented even in apps that accumulate millions of downloads, although for now it has not transcended the name of these.