Google has booted some widely deployed malware, the Joker family, from apps in the Play Store. ZDNet says that the company has culled some 1700 infected applications since 2017. but the Register reports that this week privacy-advocacy groups are calling on Mountain View to show the same due diligence with respect to preinstalled unwanted and possibly malicious software that comes bundled with lower-end Android phones.
The advocates' request was given point by a report from Malwarebytes, who warned that the UMX U686CL Android phones the US Federal Communications Commission Lifeline Assistance program provides low-income users come with preinstalled Chinese malware. Specifically, the suspect program is a wireless updater, but that updater is a product of the notorious Adups, a Chinese software outfit whose tools have been flagged as malware before. The phone is solid and serviceable, and at $35 a bargain, but the Adups updater can install programs without user consent. Assurance Wireless, a Virgin Mobile company, is the Lifeline provider that delivers the phones Malwarebytes found sketchy. Forbes received comment from Sprint, the ultimate corporate parent of both Assurance Wireless and Virgin Mobile. Sprint told Forbes they weren't entirely convinced they had a problem: “We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause. However, after our initial testing we do not believe the applications described in the media are malware.”
The FCC says “the Lifeline program has provided a discount on phone service for qualifying low-income consumers to ensure that all Americans have the opportunities and security that phone service brings, including being able to connect to jobs, family and emergency services. Lifeline is part of the Universal Service Fund. The Lifeline program is available to eligible low-income consumers in every state, territory, commonwealth, and on Tribal lands.” Note that the Universal Service Fund is the account from which, under pending legislation and FCC policy, hardware providers on the US Entity List, notably Huawei, would be excluded.
The latest ISMG report glumly calls the privacy landscape of 2020 "Orwellian." The market will make tools available to any aspiring Panopticon that's willing to pay the right price, or so seems to be the lesson of a Vice piece on the Special Services Group, a company that performs for several US Federal law enforcement agencies, and that's also making its tools available to local police departments. Special Services Group mostly makes cameras, microphones, and recorders that can be concealed in such things as tombstones, vacuum cleaners, small rocks, tree stumps, and so on. They don't appear to be expensive, and the moral of the story, to which Vice points with alarm, is that surveillance gear is rapidly becoming a commodity, like consumer electronics.
Former Microsoft employees who transcribed and quality-checked Cortana and Skype files say, according to the Guardian, that they routinely received and reviewed sensitive information with only minimal attention to security.
A story in the Economic Times says that the biggest cause of data breaches in India during 2019 was improperly configured, unsecured servers. India's not the only country with this problem.