Hacking & Security
RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service. The blog post came four days after the Norwegian Consumer Council filed a complaint against the Boston company.
In the blog post, CEO Jason Jacobs wrote:
Like other Android apps, when the Runkeeper app is in the background, it can be awakened by the device when certain events occur (like when the device receives a Runkeeper push notification). When such events awakened the app, the bug inadvertently caused the app to send location data to the third-party service.
Today we are releasing a new version of our app that eliminates this bug and removes the third-party service involved. Although the bug affected only our Android app, we have decided to remove this service from our iOS product too out of an abundance of caution. The iOS release will be made available once approved by Apple.
We take our responsibility for the privacy of user data very seriously, and we are thankful to the Runkeeper user community for your continued trust and support.
In an e-mail sent to Ars, Jacobs declined further questions, noting the statement "will be our only comment at this time."
Some people never seem to learn. A recent investigation by security firm Compaas trawled Google Docs and Dropbox and found thousands of sensitive documents belonging to hospitals, schools, and corporations. In many cases, the spreadsheets caused the organizations to run afoul of consumer privacy laws.
"We found a couple hospitals that had breaches in HIPAA compliance," Compaas COO Doron David said. "There was patient information, what types of surgeries they had, social security numbers. Anything that you would think of that you would consider personal is the type of thing we've come across."
In most cases, the documents are uploaded by employees who don't understand the privacy implications of what they're doing. They simply know that Google Docs and similar services are a much easier way to exchange documents than official methods provided by their employer. In other cases, they use misconfigured third-party apps to swap documents with co-workers. The end result is documents that never should have been made public but can in fact be downloaded by anyone.
Phishing scams are everywhere – in your inbox, your web browser, and even on your smartphone. Here are a few tips we hope will help prevent you from getting hooked. Recognizing a Phishing Email First and foremost, it’s important to know how to recognize an email that is actually a phishing scam. After all, as […]
Phishing Landscape Phishing Networks Phishing Chat Rooms Botnets Phishing Marketplace Ransomware Evolution of Phishing Attacks Adopting New Technologies Circumventing Anti-phishing Solutions Growing Sophistication of Phishing Messages