Security Researchers Discover 10 App Store Apps Engaging in Ad Fraud

[I7guy]

Those who exalt themselves shall be humbled...

Those who turn a blind eye, get left in the dust...

Apple's hubris placed themselves too high so got knocked down a notch.

If anything, they got elevated for taking a stand.

If I were to use a beef grading for the companies: Apple self grades as Prime when it's real grade is Choice. Google self grades itself as Cutter and its quality is Cutter.

Apples real grade is restaurant quality.

Watch Citizenfour - https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

Conversation is crossed. Not debating about PRISM, which not only the tech, but telco companies participated in. The convo is about the usage of your PII by the companies themselves.

I am speaking generalities and now you are speaking specific single data point actual use.

Yawn.......

This is what you cited as fact, which has now become an opinion because it can't be proved. The quote below is so general it's akin to a strawman and is not possible to prove or disprove. So I wanted to give you a chance with one to two data items, which you still can't put in the context of your own conclusions. My conclusion: one cannot cite specific instances of how ones PII is used by tech companies.

• Apple apps spy on everything you do. The level of spying and what happens to that data - Apple isn’t really saying.
• Google apps spy on everything you do. The level of spying and what happens to that data Google grants some level of control and pretty much tells you what it does with it.
• MS apps spy on everything you do. The level of spying and what happens to that data - MS is kind of saying but kind of sits between Apple and Google.

 

[nvmls]

Conversation is crossed. Not debating about PRISM, which not only the tech, but telco companies participated in. The convo is about the usage of your PII by the companies themselves.

It's the same company which claims your info stays in your device, also touts their iCloud service as "private". Whether who's more hypocrite in their description doesn't affect much.

 

[I7guy]

It's the same company which claims your info stays in your device, also touts their iCloud service as "private". Whether who's more hypocrite in their description doesn't affect much.

Because it’s a marketing slogan not a statement of true fact. It’s true that apple doesn’t operate the way other tech companies and use your pii for “for profit “ endeavors. Whether or how apple gives your data to the government is irrelevant and is not hypocritical.

 

[nvmls]

Because it’s a marketing slogan not a statement of true fact. It’s true that apple doesn’t operate the way other tech companies and use your pii for “for profit “ endeavors. Whether or how apple gives your data to the government is irrelevant and is not hypocritical.

So is the entire walled garden is "secure" you shouldn't side-load PR.

Complying with a massive surveillance program violating user privacy from a company which claims it to be a "fundamental human right" is highly hypocritical.

In addition to that, there's also your PII being used for profit. Apple already tried the ads business before and failed miserably, but they feel like bundling ads again in their native apps like every other business they've been criticizing to. They serve Google all your PII first hand to search via them. Can you change that? Sure, how many do? Very little seems otherwise Google wouldn't throw 14 billion at them.

Finally, how about top 10 apps since several iOS generations being FB, Instagram, Whatsapp, TikTok, Snapchat, Youtube, etc, etc. Do you need a walled garden for that? lol

That's the average iOS user, "oh I trust Apple because privacy", then have the entire FB apps suite open 24/7 and cry because people are pushing towards software freedom of choice & repair.

 

[Mousse]

OS developed by Google. Your data never leaves your device….

View attachment 2081969

Those living in glass houses...😒 Everything on your iPhone is sent to Apple's iCloud.

Ever heard of AOSP (Android Open Source Project)? I have a custom ROM on my phone based on AOSP. I lack the skill to change the source code myself and placing my trust in a group independent developers. But they have a good reputation on XDA. Also, they have no reason to collect my personal information.

And yes, my data never leaves my device except what I allow, because I understand how to use a firewall and AOSP is open source. Anyone can check the source code any hidden attempts at data mining would have been pointed out by the geniuses on XDA long ago. Frankly, I trust the guys on XDA who aren't in it for profit.

To date, I have had zero data compromise as I don't use Google Drive. My wife's iCloud was hacked a few years back. I hope you'll forgive my not trusting in Apple's claim of privacy and security.

 

[I7guy]

So is the entire walled garden is "secure" you shouldn't side-load PR.

It seems to be a fact -- unless you want to throw the baby out with the bath water.

Complying with a massive surveillance program violating user privacy from a company which claims it to be a "fundamental human right" is highly hypocritical.

No. Government can force companies to comply. Saying that is hypocritical is just criticism for criticism's sake.

In addition to that, there's also your PII being used for profit.

I'm okay with Apple using my PII I gave to apple for profit. That's to have a good experience with the ecosystem.

Apple already tried the ads business before and failed miserably, but they feel like bundling ads again in their native apps like every other business they've been criticizing to.

No problem with Apple serving me ads with my PII I provided to apple. People who have an issue where this is a sticking point should move to another platform.

They serve Google all your PII first hand to search via them.

No. Google customers request that Apple hand it over. If Apple customers didn't request this handover, they wouldn't use google.

Can you change that? Sure, how many do? Very little seems otherwise Google wouldn't throw 14 billion at them.

Citation. Same as Coke advertising during half-time. Why bother if they are already the biggest soft drink manufacturer. Oft used argument (meme) but somehow now one can give definitive proof.

Finally, how about top 10 apps since several iOS generations being FB, Instagram, Whatsapp, TikTok, Snapchat, Youtube, etc, etc. Do you need a walled garden for that? lol

Sure, it comes all in one package. Apps get the ios walled garden.

That's the average iOS user, "oh I trust Apple because privacy", then have the entire FB apps suite open 24/7 and cry because people are pushing towards software freedom of choice & repair.

You are aware that FB hasn't been above board.

Not sure of what the point is...pointing to flaws in the system, doesn't mean it's better if there was no system. Saying Apple is hypocritical because they are forced to turn over information to the government is just criticizing just to get a bad word in.

 

[I7guy]

[...]My wife's iCloud was hacked a few years back. I hope you'll forgive my not trusting in Apple's claim of privacy and security.

There have been very reported cases where icloud was brute forced hacked...not social engineered. Bad user practices enabled this. Or weak passwords on email accounts linked to the icloud. Or the phone stolen unlocked. Most of the infamous hacks were social engineered. So forgive me if I doubt your wife's icloud was just hacked with a strong password and 2FA.

 

[nvmls]

I7 lol, why so desperate in defending Apple? Got any dignity in your iHabitat? Consult an iShrink.

If privacy gets legislated worldwide as a"fundamental human right", I'm sure you'll stick with greedy corps since they serve you well and you are happy to pay them to blow smoke in your face, even defend them in forums with tragicomic "arguments".

 

[justanotherdave]

Id rather pay the Google tax (tracking me) vs the apple tax (real money).

When the iPhone and iPad are better than equivalent devices from other companies, there’s no “Apple Tax”. A Samsung tablet for the same price (or more) as an iPad is a complete joke.

The Apple Tax is a myth. You get what you pay for. Privacy/Security are a bonus.

 

[justanotherdave]

There have been very reported cases where icloud was brute forced hacked...not social engineered. Bad user practices enabled this. Or weak passwords on email accounts linked to the icloud. Or the phone stolen unlocked. Most of the infamous hacks were social engineered. So forgive me if I doubt your wife's icloud was just hacked with a strong password and 2FA.

I don’t believe iCloud has ever been brute force hacked. That one loser claimed he did it, but when researchers tried to duplicate his claims it didn’t work. His response? “It used to work so Apple must have fixed it.” No proof, no video, no logs - nothing. A major hack of one of the largest tech companies in the world and the genius didn’t even bother to document it.

To this day a LOT of people still think the celebrity photo scandal has hacking, when it was actually phishing. The men who went to prison for this explained how they did it. There was no hack, just social engineering. And they also managed to get into Google accounts as well, but people still refer to it as the “iCloud hack”.

 

[Mousse]

There have been very reported cases where icloud was brute forced hacked...not social engineered. Bad user practices enabled this. Or weak passwords on email accounts linked to the icloud. Or the phone stolen unlocked. Most of the infamous hacks were social engineered. So forgive me if I doubt your wife's icloud was just hacked with a strong password and 2FA.

Social engineering is the only type of hack I trained my wife against. She's not my level of paranoid, but it would take a pretty smart cookied to trick her. No, it was few years back when a hacker group breached Apple's servers. I'm sure Apple has beefed up its security and my wife hasn't suffered any iCloud hacks since. Still, I don't trust cloud services. There is no cloud. Your data is on someone else's computer.

She has since stopped paying for extra iCloud storage outside the free 5GB. I back up/sync her stuff onto our computer every week.

 

[justanotherdave]

Each company is being judged by the standard they set for themselves. Google doesn't make any claim of the PlayStore being a safehaven. Apple doesn't shut up about privacy and security thus are judged by their own crippling standards.

Google has on many occasions talked about how good they are at stopping malware and related scam Apps. They don’t talk about it as much (especially in recent years) but Google absolutely has claimed the Play Store is safe.

For example, Google has claimed that over 99% of Android devices were free from PHAs (potentially harmful apps) or that only 0.02% of all downloaded Apps from Google Play were considered harmful. They also claimed the Play Store was 8x safer than third party stores for PHAs.

While I agree Apple talks about this a lot more than Google, Google hasn’t been silent. I think the reason they stay out of it is because of the backlash they’d face if they started saying the cared about privacy. It’s contrary to their core business (selling ads).

 

[I7guy]

Social engineering is the only type of hack I trained my wife against. She's not my level of paranoid, but it would take a pretty smart cookied to trick her. No, it was few years back when a hacker group breached Apple's servers. I'm sure Apple has beefed up its security and my wife hasn't suffered any iCloud hacks since. Still, I don't trust cloud services. There is no cloud. Your data is on someone else's computer.

She has since stopped paying for extra iCloud storage outside the free 5GB. I back up/sync her stuff onto our computer every week.

Yes, there is this in 2014. https://firewalltimes.com/apple-data-breach-timeline/ After this breach, which you can read about in the article, 2FA was born. It's long enough in the past, that whatever existed then is not relevant for 2022, imo.

While it is not on topic to this conversation, I wouldn't back-up anything to my cloud stored on-prem. As long as you have two other safe backups off-prem you are probably covered. I pay for the 200gb tier and sleep like a baby.

 

[I7guy]

I7 lol, why so desperate in defending Apple? Got any dignity in your iHabitat? Consult an iShrink.

If privacy gets legislated worldwide as a"fundamental human right", I'm sure you'll stick with greedy corps since they serve you well and you are happy to pay them to blow smoke in your face, even defend them in forums with tragicomic "arguments".

It's just a counterpoint to those posts:
- that take pot shots at apple. Also known as hit and run.
- frame apple in a bad light by posting facts that cannot be verified
- posts seem to have some sort of PEBCAK
- posts that throw the baby out with the bath water

While it's never good to have scamware, malware, adware, phisingware apps etc, this is the state of mobile phones in 2022. Because Apple has at least declared something in the war on privacy, doesn't make them incompetent or hypocritical when that standard isn't 100%. It's not an all or nothing game.

 

[nvmls]

It's just a counterpoint to those posts:
- that take pot shots at apple. Also known as hit and run.
- frame apple in a bad light by posting facts that cannot be verified
- posts seem to have some sort of PEBCAK
- posts that throw the baby out with the bath water

While it's never good to have scamware, malware, adware, phisingware apps etc, this is the state of mobile phones in 2022. Because Apple has at least declared something in the war on privacy, doesn't make them incompetent or hypocritical when that standard isn't 100%. It's not an all or nothing game.

Agree to disagree my friend. But have a wonderful day and thanks for sharing

 

[Mousse]

Google has on many occasions talked about how good they are at stopping malware and related scam Apps. They don’t talk about it as much (especially in recent years) but Google absolutely has claimed the Play Store is safe.

I hope you read that on the Onion.😏 If Google🤥 told me the sky was blue, I'd have to go outside and check for myself.🤨 The PlayStore safe?🤣🤣🤣 Well maybe safer than some a lot of questionable site on the net. It's all relative.

 

[Tagbert]

Just go look at the photo apps. Look how many are glitzy, diamond-studded app icons and apps with no features other than to collect data. Not sure why so many are defending the App Store, the app quality is about on par with Android now. Which is to say it’s flooded with crap. There are about 100 useful apps.

“While 10 apps were found on the iOS App Store, more than 70 were found on Google's Play Store, and adware is a much more severe problem on Android devices.”

10 is not equal to 70​

 

[I7guy]

Id rather pay the Google tax (tracking me) vs the apple tax (real money).

Unless you buy YT premium or pay for extra storage etc, with google you are the product. With Apple I'm buying the product.

 

[ponzicoinbro]

Those living in glass houses...😒 Everything on your iPhone is sent to Apple's iCloud.

I’m not the one pretending stuff isn’t. I have no problem with the stuff I agreed to.

Because I’m not a nonce.

 

[steve09090]

What does Apple do with that data?
Pretty much everything that happens on your device phones home to Apple and they collect it in some fashion unless you go APM. Apple gives broad headlines without really saying anything. It sounds good until you start looking deeper. Then Apple says “contact us” if you have additional questions / concerns / issues. Try it.

Apple is far less open and sharing than either MS or Google. It’s how they operate.
Realize I am not saying if this is good or bad. It just is.

Again, I disagree. The only thing they don’t say is what they do with it in relation to government. Which is the law, as they cannot. I note you haven’t provide examples, just a broad statement. They say exactly what they use the data for in a list on that link I provided.

That makes no sense.
The police are reactive while the App Store and Play Store are supposed to be proactive.

Being a police officer I can tell you that Police are both reactive and proactive. There are strategies in both sides. And whilst you are clearly are struggling with this, The App Stores are proactive, but they also have to be Reactive as well, otherwise they wouldn’t shut down apps they find are already breaching the rules. Fortnite is a perfect example of being reactive.

 

[steve09090]

Did I even mention Google? I didn't, did I? Projection much?
Back to the topic: Apple claims "safety" a priority and specific reason to app store monopoly... and fails (also this time). Meaning all those apps... Apple didn't actually review. Because only a lack of review can explain why so many got trough and a THIRD PARTY reviewed them adequatly.

So then, back to my claim: "apple standards" are a joke. From the extremely hostile use-and-discard rapid obsoleting to "safe" app delivery which is also a joke. Just as much of a joke that Cook had to meet Uber's CEO (or was it a company rep?) to talk about the abhorrent wiretapping Uber was engaged in. That also - flew under "app store radar". Because f*** you customer - we made money off that s***.

In mentioning Goggle <look the other way….> Is your comment?

Where do Apple mention safety? I’m really not sure where you are pulling this from. So many get through? Do you mean 10 apps that were found out of x million? And who said they didn’t review them? Or do you mean they got through the gatekeeper? Which is an entirely different thing from not reviewing. Have you ever submitted paperwork that was later found to have an error? Have you ever vetted millions of pieces of paperwork and not made a mistake?

I’m not sure where the hostility is coming from about Cook & Uber, as it’s clearly not relevant here, but your assertion that Cook ignored anything to do with Uber or anyone else for money is just speculation. Again, words with no substance.

 

[Abazigal]

Each company is being judged by the standard they set for themselves. Google doesn't make any claim of the PlayStore being a safehaven. Apple doesn't shut up about privacy and security thus are judged by their own crippling standards.

From the end user perspective, I don’t think anyone would genuinely claim that Google is doing a better job of curating their App Store simply because they “never claimed to have any standards” in the first place.

And that’s really what matters at the end of the day. Apple sets high standards for themselves, they do clearly put in the resources to curate the App Store, and they are clearly doing a way better job compared to the competition despite claims of not meeting some rigged standard that the critics have set for them, and that’s good enough for me.

 

[Mrkevinfinnerty]

Because it’s a marketing slogan not a statement of true fact. It’s true that apple doesn’t operate the way other tech companies and use your pii for “for profit “ endeavors. Whether or how apple gives your data to the government is irrelevant and is not hypocritical.

"What happens on your iPhone stays on your iPhone"*





*apart from all of the stuff we give to the NSA (and god only knows what other authoritarian regime) to unconstitutionally surveil you

 

[I7guy]

"What happens on your iPhone stays on your iPhone"*

Correct it’s a marketing slogan not a statement that every byte of data stays on your iPhone.

*apart from all of the stuff we give to the NSA to unconstitutionally surveil you

That’s up to the Supreme Court, not you or I. But yes, its irritating, to say the least.

 

[steve09090]

From the end user perspective, I don’t think anyone would genuinely claim that Google is doing a better job of curating their App Store simply because they “never claimed to have any standards” in the first place.

And that’s really what matters at the end of the day. Apple sets high standards for themselves, they do clearly put in the resources to curate the App Store, and they are clearly doing a way better job compared to the competition despite claims of not meeting some rigged standard that the critics have set for them, and that’s good enough for me.

They actually do have standards and it’s in their Principles. https://www.google.com/about/software-principles.html

But it does seem to suggest that "buyer beware" is their over arching policy.