user consent Archives

AppWizard

September 12, 2025

AI App Spies on Android Users via Unauthorized Mic and Camera Access

An application designed for voice dictation and automated note-taking has been accused of unauthorized surveillance by accessing microphone and camera functionalities even when not in use. This behavior allows for the collection of data from ambient conversations, raising concerns about user privacy and consent. The app circumvents standard user notifications by embedding surveillance capabilities within seemingly innocuous updates. Indicators of potential surveillance include unusual battery drain, unexpected spikes in data usage, and apps requesting unrelated permissions. Economic motivations drive the collection of data for targeted advertising and machine learning, prioritizing profit over user privacy. In response, tech companies like Google are tightening controls, increasing Play Protect scans, while experts recommend enabling two-factor authentication and auditing app permissions.

Winsage

August 21, 2025

Copilot on Windows App Adds Semantic File Search and New Homepage for Insiders

Microsoft is testing a semantic search feature and a redesigned homepage within its Copilot app for Windows, available to Insiders on Copilot+ PCs. The semantic file search allows users to find documents and images using natural language prompts. The Copilot app includes a robust permission system for user control over what the chatbot can access. The updated homepage displays recent apps, files, and conversations for easier access to resources. The Windows Insider team confirmed that Copilot does not scan the entire system or upload files without user consent. Additionally, Microsoft has introduced the Windows 11 Canary build 27928, which moves more time and language settings from the Control Panel to the new Settings app.

AppWizard

August 18, 2025

Confirmed—These 20 popular Android apps are accessing your microphone, location and files without you knowing it… and thus spying on you

A study by Which? and Hexiosec analyzed 20 popular Android apps, revealing that many request excessive permissions beyond their core functionalities. Notably, Xiaomi Home requested 91 permissions, Samsung SmartThings 82, Facebook 69, and WhatsApp 66. TikTok and Temu also raised concerns for their permission requests, while Amazon defended its need for camera access for product scanning. Additionally, 16 of the tested apps attempted to display pop-up windows over other applications, indicating aggressive monitoring tactics. Users are advised to check app permissions, set them manually, deactivate background access, download official apps, and keep their devices updated to protect their privacy.

Winsage

August 10, 2025

Windows UAC Bypassed via Character Editor, Allowing Local Privilege Escalation

A cybersecurity researcher, Matan Bahar, has developed a method to bypass User Account Control (UAC) in Windows using the Private Character Editor (eudcedit.exe), which is located in C:WindowsSystem32. This utility, intended for creating user-defined characters, can be manipulated to grant attackers elevated privileges without user consent. The exploit takes advantage of the application manifest configuration of eudcedit.exe, which includes directives that allow the program to run with full administrative rights and enables an elevated PowerShell session. This method poses a significant security risk as it exploits a trusted Windows utility, highlighting vulnerabilities in Windows security architecture. Security professionals are advised to monitor unusual execution patterns related to eudcedit.exe and reconsider UAC configuration policies to mitigate such risks.

AppWizard

August 5, 2025

Google Gemini Android App to Add Audio Uploads for AI Insights

Google's Gemini app for Android is set to enhance its functionality by supporting audio file uploads, as indicated by an APK teardown revealing code strings and user interface elements for this feature. This development will allow users to summarize podcasts, transcribe meetings, and extract insights from voice memos. The introduction of audio capabilities follows earlier features like Audio Overviews, which enable podcast-style discussions from written documents. However, there are significant privacy concerns regarding the handling of sensitive audio data, with fears that Google may access personal information without explicit user consent. Critics warn that audio uploads could lead to unauthorized data scraping and complicate compliance with data protection regulations. Google has mentioned configurable privacy settings to address these risks, but skepticism remains about their adequacy. The anticipated rollout of this feature is expected in the coming months.

Winsage

July 29, 2025

Windows 10 is 10 years old today — let’s look back at 10 controversial and defining moments in its history

On July 29, 2015, Microsoft unveiled Windows 10, integrating the live tile interface with the classic Start menu and focusing on the desktop experience. It was developed with public collaboration through the Windows Insider Program. Microsoft offered a free upgrade to Windows 7 and 8 users for one year, which was later extended until 2023, resulting in 100 million devices running Windows 10 within two months of its launch. The "Get Windows 10" app aggressively promoted the upgrade, leading to user backlash and its eventual removal. Windows 10 faced criticism for extensive data collection practices, with no option for complete telemetry disablement. It introduced "Windows as a Service" with a biannual update schedule, though it faced issues, including data loss in the October 2018 Update. The OneCore project aimed to create a universal Windows core for various devices but ultimately faltered. The dark mode feature had inconsistencies, and Windows 10 Mobile struggled in the smartphone market, leading to its discontinuation in 2017. The Universal Windows Platform (UWP) faced adoption challenges, and the Fluent Design System delivered minimal updates. The My People feature was disabled by default due to poor adoption rates. Windows 10 played a crucial role in shaping the current Windows landscape and laid the groundwork for future developments.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

Winsage

July 24, 2025

Update for Windows 11 brings more resilience (and Recall)

The optional update KB5062660 for Windows 11 version 24H2 introduces several new features, including Microsoft Recall in Europe, which allows users to export snapshots of their activities with a unique export code for privacy. The Click to Do functionality expands with a new Practice in Reading Coach feature and integration with Microsoft Teams for drafting messages. An AI agent is added to the settings app for Copilot+ PCs, while non-Copilot+ systems have a centered search bar for accessibility. The update includes rapid machine recovery options, enhancements to the Start menu, improved snap functionality, and a new Gamepad keyboard layout for gamers. It also resolves various issues from previous versions, including bugs in File Explorer and system stability problems. AI components related to Image Search, Content Extraction, and Semantic Analysis have been enhanced, and there are no known issues with this update. Features will be rolled out gradually to users.

AppWizard

July 9, 2025

Google Forces Gemini App Integration on Android, Sparking Widespread Privacy Fears

Google is rolling out an update to its Android operating system that allows its Gemini AI to access third-party applications by default, overriding users' previous privacy settings. This change, effective July 8, has led to confusion among users, as many received unclear email notifications regarding the update and how to disable the new feature. Google has stated that human reviewers may process app data, and conversations could be stored for up to 72 hours, even if users opt out of activity tracking. The update is part of Google's strategy to integrate Gemini more deeply into its ecosystem, replacing the Google Assistant with Gemini on mobile devices. The company plans to open its Gemini Nano model to third-party developers, further embedding AI into applications.

AppWizard

July 7, 2025

Google Gemini app gains automatic Android access to phone and messaging data

On July 7, 2025, Google Gemini app users experienced automatic activation of permissions for accessing phone calls, messaging services, WhatsApp, and system utilities on Android devices, following a privacy policy update on June 11, 2025. This change affects millions of users globally and allows user data to be reviewed by humans for AI training. Users can disable these permissions through the app's settings, but the option to opt-out is criticized for being difficult to find. Legal experts have raised concerns about compliance with GDPR regulations due to the lack of explicit user consent for these changes. The data collected supports machine-learning development and may be retained for up to three years, even after users delete their activity.