Aptoide App Store Breached

Aptoide App Store Breached

The popular Android app store Aptoide has apparently been breached, with millions of users having their data stolen by a hacker.

Aptoide is a third-party app store, meaning it isn’t operated by Google or provided by a smartphone manufacturer, and claims to have over 150 million users, 7 billion downloads, and 1 million apps.

However, its popularity has now made it a target for a hacker, who has seemingly stolen the details of 39 million users and published 20 million of those online.

According to ZDNet:

The leaked information, which ZDNet obtained a copy with the help of data breach monitoring service Under the Breach, contains information on users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018.

 

Data leaked today that can be classified as “personal identifable information” includes details such as the user’s email address, hashed password, real name, sign-up date, sign-up IP address, device details, and date of birth (if provided).

 

Other details also include technical information such as account status, sign-up tokens, developer tokens, if the account was a super admin, or referral origin.

You can read the full article at ZDNet here.

Aptoide has subsequently taken steps to improve its security systems, and in a statement on their website stated:

We are working tirelessly to understand how this happened and already have a few leads. We feel deeply ashamed and would like to apologize sincerely. The security of our users is a priority for us, and we have always tried to implement policies that make Aptoide a safe environment.

 

Besides continuous training, we have hired external companies to audit our infra-structure and perform penetration testing. It was not enough, though. We have failed to keep some of the user data safe.

 

Besides providing updated information as we have it, we will also have an internal discussion on how to better store and protect user data moving forward.

Read the statement in full here.

While you should always be careful about using third party apps, Aptoide has generally been considered one of the more secure and it’s clear that they are taking positive steps in the wake of this breach to protect users and learn from the experience.

However, this also demonstrates the importance of not reusing usernames and passwords across multiple platforms. Any users doing so whose data was stolen will now find themselves at risk if they used the same credentials elsewhere.

If you’re concerned about how your organisation should respond to a data breach of this sort, contact us today to get our expert advice.

Smartphone apps can be listening in to your conversations at any time

Smartphone apps can be listening in to your conversations at any time

smartphone collection data

Is your smartphone listening to your conversations? I’ve had a lot of creepy experiences lately, where a verbal conversation I’ve had with someone is suddenly being reflected in the adverts being served up to me by my Android smartphone. For example, someone asked me about who Help For Heroes were, so I explained it – and then what was the very next advert to show up on my phone, after never being considered or searched for before using that device or any other?

Mental health support for ex-servicemen. Just one of many. So I started digging to find out more about how this is happening – and whether anyone genuinely has the rights to listen in to my conversations.

As it turns out, it’s not a conspiracy theory. It’s been discovered that your smartphone really is listening in and collecting data about you. Hundreds of smartphone apps are using a technology from a company called Alphonso, which accesses a phone’s microphone to collect advertising data.

Alphonso’s software seems to be particularly focused on a user’s TV-watching habits. It listens in on the phone’s local environment, and receives audio samples which it compares to commercial content. If a match is found, it will then attempt to deliver targeted ads for that same content to your phone.

There are obvious concerns here regarding data protection. Although Alphonso states that its software doesn’t record conversations, and that consent is given by users by agreeing to each app’s privacy policy, there are still questions to be answered about whether its actions are in contravention of data protection laws.

Did these apps genuinely get our specific, informed, granular consent to do this? And is this consent retractable? If not, then it would appear that this kind of data collection doesn’t conform to GDPR.

If you want to prevent your smartphone listening to your conversations, there are several things you can do to safeguard your data. Most crucially, you need to control permissions for your smartphone’s microphone:

  • For iOS, go to Settings -> Privacy -> Microphone
  • For Android, go to Settings -> Apps -> App Permissions

So I changed the permissions of which apps could use my phone’s microphone. Now the ads I see are stuck in a timewarp – still trying to flog the same things they were a month ago. So, you win some… you lose some!

Want to find out more about GDPR and data protection? Click here for all the information you need…