user tracking Archives

AppWizard

September 29, 2025

Google’s dev registration plan ‘will end the F-Droid project

The F-Droid project, a distributor of open-source applications for Android, faces challenges due to Google's plans to enforce developer registration for app installations on Android-certified devices starting next year. This initiative will restrict installations to verified developers, impacting platforms like F-Droid that prioritize user privacy and do not require user accounts. Marc Prud'hommeaux, a board member of F-Droid, expressed concerns that these changes could dismantle the project, as F-Droid cannot comply with Google's registration requirements without compromising its mission. Google defends its initiative as a measure to protect users from malware, citing that sideloaded apps have a higher incidence of malware compared to those in the Play Store. However, Prud'hommeaux argues that F-Droid's open-source nature allows for public audits, highlighting security incidents in the Play Store. F-Droid, founded in 2010, operates as a non-profit initiative that facilitates the installation of open-source Android applications, ensuring thorough review and tamper-proof distribution. The project also informs users about potential drawbacks of apps, while the overall Android ecosystem has become increasingly controlled by Google, with recent changes to the Android Open Source Project indicating a shift towards a more closed model.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

AppWizard

June 3, 2025

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Recent developments in browser technology have raised concerns about user privacy and data tracking by companies like Meta and Yandex. In response, several Android browsers are enhancing user privacy by blocking abusive JavaScript linked to web trackers. DuckDuckGo has implemented measures to block domains and IP addresses associated with trackers, preventing the transmission of identifiers to Meta and restricting access to Yandex Metrica. Following feedback, DuckDuckGo's developers updated their blacklist to include missing addresses. The Brave browser uses extensive blocklists to prevent identifier sharing and blocks requests to localhost without user consent. Vivaldi forwards identifiers to local Android ports by default but allows users to adjust settings to block trackers. Researchers warn that these solutions may not be foolproof and emphasize the ongoing challenge of maintaining effective blocklists. Chrome and most other Chromium-based browsers execute JavaScript as intended by Meta and Yandex, while Firefox has faced challenges with SDP munging and has not yet announced plans to address this behavior.

Winsage

April 2, 2025

6 reasons why I think Microsoft should keep the ‘local account’ option in Windows 11

Microsoft has updated Windows 11 to make it more difficult for users to bypass internet and Microsoft account requirements during installation, specifically in builds 26120.3653 and 26200.5516. The "BypassNRO.cmd" script, which allowed the creation of local accounts without an internet connection, has been removed. Local accounts provide enhanced privacy by storing data locally, simplify the setup process without needing an internet connection, and allow unrestricted access to systems in offline environments. Users can choose meaningful folder names with local accounts, and they facilitate smoother Remote Desktop connections compared to Microsoft accounts. Although local accounts can still be created post-installation, there are concerns about their availability in future updates, especially for the Home edition.

AppWizard

March 31, 2025

Signal vs. WhatsApp — what’s the difference between these messaging apps?

Signal and WhatsApp both offer end-to-end encryption but differ significantly in ownership and data practices. WhatsApp is owned by Meta, which collects metadata about user interactions, while Signal is a nonprofit that collects minimal metadata and prioritizes user privacy. WhatsApp has a more user-friendly interface with features like chat history backups, group video calls, and business tools, whereas Signal focuses on privacy with features like "Sealed Sender" to hide sender identity and options to blur faces in photos. Users prioritizing privacy may prefer Signal, but practicality depends on their contacts' app usage. Users can choose to use both apps for different types of communication.

AppWizard

March 6, 2025

Google Silently Tracks Android Device Even No Apps Opened by User

Recent research by Professor D.J. Leith from Trinity College Dublin reveals that Google collects significant amounts of user data on Android devices, even when users do not engage with Google applications. The study shows that pre-installed Google apps can track users without consent or opt-out options. Measurements were taken using a Google Pixel 7 with Android 14. Findings indicate that Google servers store multiple tracking identifiers immediately after a factory reset, before any user interaction. Collected identifiers include advertising analytics cookies and persistent device identifiers. This data collection raises concerns about compliance with EU data privacy regulations, such as the e-Privacy Directive and GDPR. Specific tracking technologies identified include the Google Android ID, DSID cookies, and NID cookies. User interaction data is also transmitted to Firebase Analytics servers. Users have limited control over the data stored on their devices, with disabling Google Play Services or the Google Play Store being impractical options.