The application security firm NowSecure has given Retail Dive a glum assessment of the state of privacy in retail apps. The company studied two-hundred-fifty "popular Android mobile apps," and they found that some 70% of them leaked "sensitive personal data, including names, usernames, email, phone numbers, geolocation, account numbers and device identifiers including serial numbers." It was worst among retail apps, where 82% of brick-and-mortar stores' apps were leaky, and where 92% of online stores' apps were guilty of the same.
JPMorgan Chase will introduce restrictions on third-party access to customer accounts in a move toward more privacy, the Financial Times reports. Third parties do provide legitimate services to banking customers, but JPMorgan thinks the time has come to "get the passwords out of the system." Instead, the bank will move to the practice of issuing tokens via which third parties can access "a narrow range of data in a secure form."
Computing says that Privacy International is demanding an explanation of "cloud extraction," which it holds is tantamount to backdooring people's accounts at the behest of law enforcement and other authorities. The organization, which Computing describes as "a privacy pressure group," has sent letters to Amazon, Apple, Dropbox, Facebook, Fitbit, Google, Huawei, Instagram, Lyft, Microsoft, Samsung, Slack, Snapchat, Telegram, Twitter, Uber, WhatsApp, and Yahoo. A vast amount of data are now uploaded to, and handled and stored in, the cloud, and Privacy International thinks that not only law enforcement, but many private companies in the data mining business, have access to it.
The cases of JPMorgan Chase's third parties and the cloud companies Privacy International is woofing at have at least this much in common: one of the root privacy problems is the readiness of users to sign over the rights to the data. Such assignment of rights is often buried in a complex end-user license agreement.
The Consumer Electronics Show in Las Vegas this week, the gizmo industry's big annual shindig, is, according to the AP, featuring a great deal of surveillance technology. A lot of it is for home security, and as the AP notes discussions of privacy and security haven't been absent, but there's a great deal of money currently invested in the Panopticon, and an awful lot of people seem happy to move right in.