Ring Android App Sent Sensitive User Data to 3rd Party Trackers

Mohammad.Poorya

Bardzo aktywny
Ekspert
Dołączył
19 Wrzesień 2018
Posty
3456
Reakcje/Polubienia
13987
Miasto
On a Bike!
Amazon's Ring doorbell app for Android is sending to third-party trackers information that can be used to identify customers, research from the Electronic Frontier Foundation (EFF) has found.

Four analytics and marketing companies receive customer data that includes names, IP addresses, mobile network carriers, unique identifiers, and info from sensors on the Android device.

By setting up the Frida dynamic analysis framework to inject code into Ring at runtime and to bypass encryption-based security, the EFF was able to intercept the traffic flowing from the Ring app and view the egress data.

The organization found that version 3.21.1 of the app was feeding personally identifiable information (PII) to Facebook, Branch, MixPanel, and AppsFlyer. On Monday,
Zaloguj lub Zarejestruj się aby zobaczyć!
received an update to version 3.22.1.

According to the EFF, the app communicated the data to Facebook via the
Zaloguj lub Zarejestruj się aby zobaczyć!
, which "is the primary way to get data into and out of the Facebook platform" and used by apps to query data, post stories, manage ads, add photos, and handle other tasks.


Zaloguj lub Zarejestruj się aby zobaczyć!
 
Do góry