In a Reddit post a user called Gooz announces his new Android app. Its goal is simple: to stop Google's Android leaking information to anyone who cares to probe for it. Gooz’s real name is Bram Bonné and he’s given a TEDx talk about the problems with Android giving over data that enables almost anyone to see where you’ve been, and even to track your travels all over the world.
In his TEDx talk Bonné explains that Android devices continually send out the names of Wi-Fi networks that they have previously connected to. Anyone who wants to can use the name of common free Wi-Fi hotspots – like, say, Starbucksor McDonalds – to create a spoof network. Once they’ve done that, they can see the other networks that a phone has connected to. A simple lookup done against the Wigle.net “wardriving” database will allow them to pinpoint locations that phone has visited.
So here’s an example. You go to New York on a business trip, and you stay at The Standard hotel on Washington St (SSID: THESTANDARD) and visit the Starbucks on 15th and Ninth. If you connect to the Starbucks Wi-Fi then Bonné is able to tell that you have also connected to The Standard’s Wi-Fi, because Android devices poll for known Wi-Fi networks. And if you don’t clear your phone’s Wi-Fi network list, then he is also able to see where else you might have been. Stayed at the W Hotel in London? Then he can probably see that too. If you watch his TED talk, you can almost hear the audience feeling uncomfortable when he shares details about some of their travels.
Wigle.net database of Wi-Fi hotspots
Bonné has also developed an Android app that is able to shut this process off, and give you some security from anyone attempting to check your phone’s previous wireless networks. And there’s another reason to use his app too, because it also offers protection from someone who does as he does, which is use a common free Wi-Fi provider to initiate what’s called a “man in the middle” attack. These attacks will allow you to connect, and are then able to break into connections made to other sites. In his video, Bonné talks about how even connections made over https are vulnerable to this sort of attack.
The Wi-Fi PrivacyPolice app
The app to protect yourself is called. Wi-Fi PrivacyPolice, it’s free and has no adverts. There’s also source code on the GitHub repository too, if you’re inclined to take a look at what it does. Bonné assures users in the Reddit thread that he’s not collecting any data from the app, and promises that if he wants to in the future that it will be a strictly opt-in process. You can also see from the app permissions that it’s not attempting to connect to any internet-based sites to send your info off anywhere. The app also assures us that using it won’t increase battery usage. In fact, rather interestingly there’s a chance it might help save some of your valuable power.
-source : forbes
-source : forbes
Post a Comment