504th Military App Could Expose Soldiers’ Data

The 504th military app gives soldiers weather updates, training changes, and other logistics. But its terms of service say it collects a lot of personal data, and if the app was hacked it could potentially expose top-secret information.

The app’s permissions — which suggested it could pull GPS location data, photos, contacts and even rewrite memory cards — frustrated soldiers who have taken extreme precautions they felt were glossed over by Trotter and other senior leaders…The worst-case scenario, he said, was “our cover might be blown.” While the app said permissions could be disabled, the soldiers said there was a failure of confidence it was secure. Senior leaders checked the phones of subordinates to ensure they had the app installed, soldiers in the unit said.

Why it’s especially concerning: “The app developer, Straxis LLC, is based in Tulsa but has a subsidiary in southern India.”

Is Facebook Secretly Accessing Your Camera? This Man Found a Bug

For years there have been anecdotes from people saying that Facebook secretly uses their phone’s microphone and/or camera for targeted advertising. Joshua Maddux tweeted about a bug he found within the Facebook app. By tapping on a profile picture and slowly sliding it down the screen, you can see his rear camera being accessed on the left hand side. He tested it using five iPhones running iOS 13.2.2.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet.

Judge Rules Cops can Search Through DNA Database GEDmatch

A judge recently ruled that law enforcement have the ability to search through DNA database GEDmatch, overriding the choice of its over one million users.

In the wake of that attention-grabbing case, GEDmatch changed its policies in May 2018 to make it less easy for police to access their data. Users now have to opt in to having their data made available to police; information they upload is set to private by default. Rogers told the NYT that as of October, less than 15% of current users, 185,000 out of 1.3 million, have opted in to sharing their data with police.

Facebook Says 100 App Developers Improperly Accessed Data From Groups

In another case of Facebook letting app developers access whatever data they want, 100 of them improperly accessed data from Groups despite Facebook claiming it restricted that access.

Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time.

100 app developers you say? Why would 100,000 app developers do such a thing?

Like an Addict Facebook is Chasing Even More of Our Data, Now With Facial Scans

Researcher Jane Manchun Wong found that Facebook is working on facial scans called “facial recognition-based identity verification.” It would ask users to upload a selfie of them looking in different directions before they can access their account.

On that same screen and later in the actual video selfie process, Facebook notes that “no one else will see” the video selfie you submit to them and says the video will be “deleted 30 days after your identity is confirmed.”

Deleted after 30 days. Based on Facebook’s past actions we can safely assume it will do the exact opposite. There’s not much room for giving them the benefit of the doubt.