Search Results for “Craig Silverman”

March 10, 2020
Craig Silverman / Buzzfeed News

Craig Silverman / Buzzfeed News  
Analytics Platform Sensor Tower Has Been Secretly Collecting User Data From VPN, Ad-Blocking Apps for Android, iOS

A Buzzfeed investigation found that Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS. The apps didn’t disclose their connection to the company, or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads. Sensor Tower has owned at least 20 Android and iOS apps since 2015. Four of the apps, Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus, were recently available in the Google Play Store. Two of the apps, Adblock Focus and Luna VPN were in Apple’s App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. Google and Apple say they are investigating further. A Sensor Tower representative said the company’s apps do not collect sensitive data or personally identifiable information and that “the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting.”

May 20, 2019
Craig Silverman / Buzzfeed News

Craig Silverman / Buzzfeed News  
Chinese Video App VidMate, Which Has Been Downloaded 500,000 Times, Displays Hidden Ads, Secretly Subscribes Users to Paid Services, Drains Mobile Data and Exposes Personal Information, Report

Popular Android application VidMate, which has been downloaded more than half a billion times and is used to download videos from YouTube, WhatsApp, and other platforms, triggers suspicious background activity including displaying hidden ads, secretly subscribing people to paid services, and draining users’ mobile data allowances, according to mobile technology company Upstream. Upstream said that “over a recent period Upstream’s security platform, Secure-D, detected and blocked nearly 130 million suspicious mobile transactions initiated by VidMate.,” with 43 million of the suspicious transactions flagged by coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. VidMate is not available in the Google Play Store but is distributed through third-party app stores like CNET or Uptodown. The VidMate app was developed by a subsidiary of UC Web, which is owned by Chinese conglomerate Alibaba, according to publicly available information. According to Upstream, VidMate also collected personal user information, such as International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI) or IP address, and transferred these data to servers in Singapore, belonging to Nonolive, a China-based company funded by Alibaba, according to publicly available information.

April 29, 2019
Craig Silverman / BuzzFeed News

Craig Silverman / BuzzFeed News  
Google Removes Dozens of Apps From Major Chinese Android Developer Do Global for Ad Fraud, Concealing Ownership

Google has begun the mass removal of apps from a major Chinese Android developer, DO Global, which is partly owned by internet giant Baidu, after a BuzzFeed investigation revealed it was committing ad fraud and concealing app ownership details from users, with 45 of DO Global’s apps removed from the Google Play store and no longer available for ad inventory for purchase via Google’s AdMob network. DO Global acknowledged and apologized for “irregularities” in its apps, and said it accepts Google’s decision and thanked BuzzFeed for its investigation.

February 21, 2020
Craig Silverman / Buzzfeed News

Craig Silverman / Buzzfeed News  
Google Removes Nearly 600 Apps from Play Store, Bans Developers in Massive Crackdown on Ad Fraud, Disruptive Mobile Ads

Google removed close to 600 Android apps and banned their developers from the Play Store and Google AdMob and Google Ad Manager for violating its disruptive ads policy and disallowed interstitial policy as part of a massive crackdown on ad fraud and “disruptive” mobile ads. One of the biggest developers banned in the crackdown was Cheetah Mobile, a publicly-traded Chinese company that BuzzFeed News revealed in November 2018 had been engaging in ad fraud. The banned apps, which had been installed more than 4.5 billion times, primarily targeted English-speaking users and were mainly from developers based in China, Hong Kong, Singapore, and India.

Related: Check Point,, xda-developers, Security News | Tech Times, The Hacker News, Android Central , The Register – Security, Techradar, ZDNet, Digital Trends, The Next Web, Android Authority, Google

December 5, 2019
Craig Silverman / Buzzfeed News

Craig Silverman / Buzzfeed News  
Facebook Sues Hong Kong-Based Company ILikeAd Media and Two Individuals for Using Malware to Compromise User Accounts and Run Deceptive Ads

Facebook is suing a Hong Kong-based company ILikeAd Media International Company Ltd. and two Chinese citizens, Chen Xiao Cong and Huang Tao, for creating malware, tricking people into installing it, compromising people’s Facebook accounts and then using people’s accounts to run deceptive ads. The company says the defendants used malware to compromise user accounts to run millions of dollars of misleading Facebook ads peddling counterfeit goods, diet pills and male enhancement supplements that often featured celebrities. Facebook says that Cong, of Wuhan, Hubei province, China, developed the malware, while Tao, who is based in Guangzhou, Guangdong province, China, was responsible for the “distribution and installation of the malicious extension.” In some instances, the defendants also engaged in a practice known as cloaking, Facebook claims. Through cloaking, the defendants deliberately disguised the true destination of the link in the ad by displaying one version of an ad’s landing page to Facebook’s systems and a different version to Facebook users.

January 18, 2020
Kashmir Hill / New York Times

Kashmir Hill / New York Times  
More Than 600 Law Enforcement Agencies Use Peter Thiel-backed Facial Recognition App That Can Link Photos Taken on the Street to Billions of Images

More than 600 law enforcement agencies have started using a groundbreaking universal facial recognition app developed by a tiny company called Clearview AI in the past year, according to the company. Backed by a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites, the tool allows law enforcement to take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. Until now, companies such as Google have viewed such a tool as taboo because it could be used in a “very bad way.” The underlying code to the tool includes programming language to pair it with augmented-reality glasses allowing users to potentially be able to identify every person they see. Moreover, Clearview can monitor whom law enforcement is searching for – the New York Times reporter investigating this story asked police to run her own photo, and shortly after she did so, Clearview contacted the relevant police department to ask if they were talking to the media. The company was founded by Hoan Ton-That and Richard Schwartz, who was an aide to Rudolph W. Giuliani when he was mayor of New York and backed financially by Peter Thiel, a venture capitalist behind Facebook and Palantir. Another early investor is a small firm called Kirenaga Partners.

Related: Business Insider, Android Police, Engadget, Mashable, Slashdot, Softpedia News, Trusted Reviews, NS Tech, The Verge, Schneier on Security

Tweets:@kashhill @kashhill @mcwm @zittrain @kentremendous @stuntbox @lucyparsonslabs @craigsilverman @evacide @jeffstone500 @mattblaze @kateconger @daveyalba @bobgourley @kashhill

Business Insider: A startup company took billions of photos from Facebook and other websites to create a facial-recognition database, and hundreds of law-enforcement agencies are using it
Android Police: Five-year ban on facial recognition being considered in the EU
Engadget: Law enforcement is using a facial recognition app with huge privacy issues
Mashable: A facial recognition company dug up billions of photos from Facebook and beyond
Slashdot: Facial Recognition Database With 3 Billion Scraped Images ‘Might End Privacy as We Know It’
Softpedia News: FBI in Possession of Software Able to Profile Anyone Using Just a Picture
Trusted Reviews: This app lets strangers find info about you with a snap of your face
NS Tech: Clearview AI facial recognition startup partners with “600” law enforcement agencies
The Verge: Go read this NYT expose on a creepy new facial recognition database used by US police
Schneier on Security: Clearview AI and Facial Recognition

@kashhill: The privacy paranoid among us have long worried that all of our online photos would be scraped to create a universal face recognition app. My friends, it happened and it’s here:
@kashhill: I'm not sure which is scarier/more desirable. An app that puts a name to a face in seconds, or an app that shows you all the online photos of you that you didn't realize were there. This app does both, but only law enforcement has access to it, for now.
@mcwm: I think what struck me the most in this excellent piece is that Clearview AI just brazenly broke the terms of service of major social networks to build their database. What will be the repercussions be? Genie seems like it’s out of the bottle now
@zittrain: Researchers have objected that using bots to scrape information in bulk from, say, Facebook could be deemed a felony. If there were ever a case to make, though, this is it: a company snatching 3 billion photos to build a service to identify any stranger.
@kentremendous: Delete your Facebook accounts. Delete your kids’ Facebook accounts. Don’t let your kids start Facebook accounts. And also — importantly — Peter Thiel drove Gawker into bankruptcy on a “privacy” issue and now he’s literally funding the Surveillance State. Fuck that.
@stuntbox: Massive, holy shit-level “caught with their hand in the cookie jar” moment 10 paragraphs into this NY Times piece about Clearview’s facial recognition work for law enforcement:
@lucyparsonslabs: A facial recognition vendor has scraped three billion images for its database by scraping social media like Venmo, LinkedIn, and Facebook. Its quietly selling that data to police agencies in the US.
@craigsilverman: Peter Thiel is connected to this company, which appears to violate Facebook’s TOS. Thiel sits on FB’s board. We reported a few weeks ago that FB is aggressively suing companies that abuse its TOS, so eager to see what action FB takes here: Quote Tweet
@evacide: This is your reminder that @kashhill is a national treasure and also a reminder that EFF, often in the form of @maassive and @NaSh12, works to ban law enforcement use of facial recognition tech.
@jeffstone500: sorry to say privacy is dead, in case you were holding out for a last minute comeback.
@mattblaze: Terrific reporting by @kashhill. Today this data and tech is used to efficiently identify petty criminals, which means that next week it will be used to identify insurance risks, and the week after to locate stalking targets. Trickle down big brother.
@kateconger: epic ?@kashhill? story on facial recognition
@daveyalba: There are so many jaw-dropping moments in this @kashhill feature on law enforcement’s use of face recognition tech from the secretive company Clearview AI (backed by Peter Thiel!) And the reporting goes so deep. I have reporter’s envy. Everyone go read it
@bobgourley: You openly put your pictures in a big computer that 7 billion people also use. And you are surprised when others see those pictures. There are issues here to think through but this company is not the end of privacy. Posting all your stuff online is the end of privacy.
@kashhill: I wrote about how I got Clearview story. To sum up: 1. Thank the gods for FOIA researchers like @_blip_ & @OpenTheGov 2. Police officers willing to talk w/media 3. Door-knocking 4. Incredible colleagues 5. Not mentioned: Dosing my unborn child w/espresso

October 23, 2018
Craig Silverman / Buzzfeed News

Craig Silverman / Buzzfeed News  
Massive, Sophisticated Digital Advertising Fraud Scheme Used More Than 125 Android Apps, Websites to Steal Hundreds of Millions of Dollars in Bot Views

A number of apps purchased by a company called We Purchase Apps were used as part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere, a Buzzfeed investigation discovered. The apps stole hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. According to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites, We Purchase Apps and associates shell companies captured the behavior of each app’s human users, including many children, and programmed a vast network of bots to mimic it, meaning the Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. Another fraud detection firm, Pixalate, said the apps were so effective because they worked with the biggest partners in digital advertising. All of the apps were listed on the Google Play Store and Google said it took down more than 700,000 apps last year for violating its policies.