<!--#include virtual="/server/header.html" --> <!-- Parent-Version:1.851.96 --> <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Malware in Mobile Devices - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <style type="text/css"media="print,screen"><!-- li dl { margin-top: .3em; } li dl dtmedia="screen,print"><!-- .article .emph-box {margin: .3em 0padding: 00; font-weight: normal; font-style: italic; } li dl dd {2em 1.5em; border-radius: 1em; margin:0 3%;2em 0; } --></style> <!--#include virtual="/proprietary/po/malware-mobiles.translist" --> <!--#include virtual="/server/banner.html" --> <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <p class="breadcrumb"> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By product / </p> </div> <!--GNUN: OUT-OF-DATE NOTICE--> <!--#include virtual="/server/top-addendum.html" --> <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Malware in Mobile Devices</h2><p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p><divclass="highlight-para"> <p> <em>Malware</em> meansclass="infobox"> <hr class="full-width" /> <p>Nonfree (proprietary) softwaredesignedis very often malware (designed tofunction in ways thatmistreator harmtheuser. (This does not include accidental errors.) </p> <p> Malware and nonfree software are two different issues. The difference between <a href="/philosophy/free-sw.html">free software</a> and nonfreeuser). Nonfree software is controlled by its developers, which puts them in<a href="/philosophy/free-software-even-more-important.html"> whether the users have control of the program or vice versa</a>. It's not directlyaquestionposition ofwhatpower over theprogram <em>does</em> when it runs. However, in practice nonfree softwareusers; <a href="/philosophy/free-software-even-more-important.html">that isoften malware, becausethedeveloper's awarenessbasic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the userswould be powerlessthey ought tofix any malicious functionalities temptsserve.</p> <p>This typically takes thedeveloper to impose some. </p>form of malicious functionalities.</p> <hr class="full-width" /> </div> <div class="article"> <p>Nearly all mobile phones do two grievous wrongs to their users: tracking their movements, and listening to their conversations. This is why we call them “Stalin's dream”.</p> <p>Tracking users' location is a consequence of how the cellular network operates: it needs to know which cell towers the phone is near, so it can communicate with the phone via a nearby tower. That gives the network location data which it saves for months or years. See <a href="#phone-communications">below</a>.</p> <p>Listening to conversations works by means of a universal <a href="#universal-back-door-phone-modem">back door</a> in the software of the processor that communicates with the phone network.</p> <p>In addition, the nonfree operating systems for “smart” phones have specific malicious functionalities, described in <a href="/proprietary/malware-apple.html">Apple's Operating Systems are Malware</a> and <a href="/proprietary/malware-google.html">Google's Software Is Malware</a> respectively.</p> <p>Many phone apps are malicious, too. See <a href="#TOC">below</a>.</p> <div class="important"> <p>If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.</p> </div><ul> <li><p>The<div class="emph-box"> <h3 id="phone-communications">Network location tracking</h3> <p>This section describes a malicious characteristic of mobile phone networks: location tracking. The phone network <ahref="https://ssd.eff.org/en/module/problem-mobile-phones">href="https://ssd.eff.org/playlist/privacy-breakdown-mobile-phones"> tracks the movements of each phone</a>.</p><p>This<p>Strictly speaking, this tracking is not implemented by any specific software code; it is inherent in thedesign of the phone network: as long ascellular network technology. The network needs to know which cell towers the phone isin communicationnear, so it can communicate with thenetwork, therephone via a nearby tower. There is no technical way tostopblock or avoid thenetwork from recording its location.tracking and still have cellular communication with today's cellular networks.</p> <p>Networks do not limit themselves to using that data momentarily. Many countries (including the US and the EU) require the network to store alltheselocation data for months oryears.</p>years, and while stored it is available for whatever use the network permits, or the State requires. This can put the user in great danger.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202208290"> <!--#set var="DATE" value='<small class="date-tag">2022-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>US states that ban abortion talk about making it a crime to go to another state to get an abortion. They could <a href="https://www.cnn.com/2022/08/29/tech/wireless-carriers-locations-fcc/index.html"> use various forms of location tracking, including the network, to prosecute abortion-seekers</a>. The state could subpoena the data, so that the network's “privacy” policy would be irrelevant.</p> <p>That article explains why wireless networks collect location data, one unavoidable reason and one avoidable (emergency calls). It also explains some of the many ways the location data are used.</p> <p>Networks should never do localization for emergency calls except when you make an emergency call, or when there is a court order to do so. It should be illegal for a network to do precise localization (the kind needed for emergency calls) except to handle an emergency call, and if a network does so illegally, it should be required to inform the owner of the phone in writing on paper, with an apology.</p> </li><li><p id="universal-back-door">Almost<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202101130"> <!--#set var="DATE" value='<small class="date-tag">2021-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>The authorities in Venice track the <a href="https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html"> movements of all tourists</a> using their portable phones. The article says that <em>at present</em> the system is configured to report only aggregated information. But that could be changed. What will that system do 10 years from now? What will a similar system in another country do? Those are the questions this raises.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202006110"> <!--#set var="DATE" value='<small class="date-tag">2020-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Network location tracking is used, among other techniques, for <a href="https://www.linkedin.com/pulse/location-based-advertising-has-starbucks-coupon-finally-john-craig"> targeted advertising</a>.</p> </li> </ul> <p>Designs for networks that wouldn't track phones have been developed, but using those methods would call for new networks as well as new phones.</p> </div> <div id="TOC" class="toc-inline"> <h3>Types of malware in mobiles</h3> <ul> <li><a href="#addictions">Addictions</a></li> <li><a href="#back-doors">Back doors</a></li> <!--<li><a href="#censorship">Censorship</a></li>--> <li><a href="#deception">Deception</a></li> <li><a href="#drm">DRM</a></li> <li><a href="#insecurity">Insecurity</a></li> <li><a href="#interference">Interference</a></li> <li><a href="#jails">Jails</a></li> <li><a href="#manipulation">Manipulation</a></li> <li><a href="#sabotage">Sabotage</a></li> <li><a href="#surveillance">Surveillance</a></li> <li><a href="#tyrants">Tyrants</a></li> </ul> </div> <h3 id="addictions">Addictions</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202411030"> <!--#set var="DATE" value='<small class="date-tag">2024-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theguardian.com/lifeandstyle/2024/nov/03/addicted-to-love-how-dating-apps-exploit-their-users">Dating apps exploit their users</a>; fundamental features require an expensive subscription, and they are designed to be addictive.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201604040"> <!--#set var="DATE" value='<small class="date-tag">2016-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many popular mobile games include a random-reward system called <a href="/proprietary/proprietary-addictions.html#gacha"> <i>gacha</i></a> which is especially effective on children. One variant of gacha was declared illegal in Japan in 2012, but the other variants are still <a href="https://www.forbes.com/sites/olliebarder/2016/04/04/japanese-mobile-gaming-still-cant-shake-off-the-spectre-of-exploitation/"> luring players into compulsively spending</a> inordinate amounts of money on virtual toys.</p> </li> </ul> <h3 id="back-doors">Back Doors</h3> <p id="universal-back-door-phone-modem"> Almost every phone's communication processor has a universal back door which is <a href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html"> often used to make a phone transmit all conversations it hears</a>.</p> <p>The back door <ahref="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">class="not-a-duplicate" href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/"> may take the form of bugs that have gone 20 years unfixed</a>. The choice to leave the security holes in place is morally equivalent to writing a back door.</p> <p>The back door is in the “modem processor”, whose job is to communicate with the radio network. In most phones, the modem processor controls the microphone. In most phones it has the power to rewrite the software for the main processor too.</p> <p>A few phone models are specially designed so that the modem processor does not control the microphone, and so that it can't change the software in the main processor. They still have the back door, but at least it is unable to turn the phone unto a listening device.</p> <p>The universal back door is apparently also used to make phones <a href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html"> transmit even when they are turned off</a>. This means their movements are tracked, and may also make the listening feature work.</p></li> </ul> <p>Here are examples of malware<ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit inmobile devices. See alsomalware-mobiles.html. --> <li id="M202001090"> <!--#set var="DATE" value='<small class="date-tag">2020-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android phones subsidized by the US government come with <ahref="/proprietary/malware-apple.html">the Apple malware page</a>href="https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/"> preinstalled adware and a back door for forcing installation of apps</a>.</p> <p>The adware is in a modified version of an essential system configuration app. The back door is a surreptitious addition to a program whose stated purpose is to be a <a href="https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/"> universal back door for firmware</a>.</p> <p>In other words, a program whose raison d'être is maliciousfunctionalities specifichas a secret secondary malicious purpose. All this is in addition to theApple iThings.</p> <div class="summary" style="margin-top: 1em"> <h3>Type of malware</h3> <ul> <li><a href="#back-doors">Back doors</a></li> <!--<li><a href="#censorship">Censorship</a></li>--> <li><a href="#insecurity">Insecurity</a></li> <!--<li><a href="#sabotage">Sabotage</a></li>--> <!--<li><a href="#interference">Interference</a></li>--> <li><a href="#surveillance">Surveillance</a></li> <li><a href="#drm">Digital restrictions management</a> or “DRM” means functionalitiesmalware of Android itself.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201908270"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>A very popular app found in the Google Play store contained a module that was designed torestrict<a href="https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/">secretly install malware on the user's computer</a>. The app developers regularly used it to make the computer download and execute any code they wanted.</p> <p>This is a concrete example of what users are exposed to when they run nonfree apps. They cando with the data in their computers.</li> <li><a href="#jails">Jails</a>—systems that impose censorship on application programs.</li> <li><a href="#tyrants">Tyrants</a>—systemsnever be completely sure thatreject any operating systema nonfree app is safe.</p> </li> <!-- Copied from workshop/mal.rec. Do not“authorized” byedit in malware-mobiles.html. --> <li id="M201609130"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Xiaomi phones come with <a href="https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/"> a universal back door in themanufacturer.</li> </ul> </div> <h3 id="back-doors">Mobile Back Doors</h3> <ul> <li> <p>See aboveapplication processor, fortheXiaomi's use</a>.</p> <p>This is separate from <ahref="#universal-back-door">generalhref="#universal-back-door-phone-modem">the universal backdoor</a>door inessentiallythe modem processor that the local phone company can use</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201511090"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Baidu's proprietary Android library, Moplus, has a back door that <a href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made"> can “upload files” as well as forcibly install apps</a>.</p> <p>It is used by 14,000 Android applications.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201412180"> <!--#set var="DATE" value='<small class="date-tag">2014-12</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor"> A Chinese version of Android has a universal back door</a>. Nearly all models of mobilephones, which permits converting them into full-time listening devices.</p>phones have a <a href="#universal-back-door-phone-modem"> universal back door in the modem chip</a>. So why did Coolpad bother to introduce another? Because this one is controlled by Coolpad.</p> </li><li><p><a<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201403120.1"> <!--#set var="DATE" value='<small class="date-tag">2014-03</small>' --><!--#echo encoding="none" var="DATE" --> <p id="samsung"><a href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor"> Samsung Galaxy devices running proprietary Android versions come with a back door</a> that provides remote access to thedatafiles stored on the device.</p> </li><li><p><a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access</ul> <h3 id="deception">Deception</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202002020"> <!--#set var="DATE" value='<small class="date-tag">2020-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many Android apps fool their users by asking them toany file on the system.</p> </li> <li> <p>In Android, <a href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html"> Google has a back doordecide what permissions toremotely delete apps.</a> (It was in a program called GTalkService, which seems sincegive the program, and thento have been merged into Google Play.) </p> <p> Google can also<ahref="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/"> forcibly and remotely install apps</a> through Google Play. Thishref="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/"> bypassing these permissions</a>.</p> <p>The Android system isnot equivalentsupposed toa universal back door,prevent data leaks by running apps in isolated sandboxes, butpermits various dirty tricks. </p> <p> Although Google's <em>exercise</em> of this power has not been malicious so far, the point is that nobody shoulddevelopers havesuch power, which could also be used maliciously. You might well decidefound ways tolet a security service remotely <em>deactivate</em> programs that it considers malicious. Butaccess the data by other means, and there isno excuse for allowing itnothing the user can do to<em>delete</em>stop them from doing so, since both theprograms,system andyou should havetherightapps are nonfree.</p> </li> </ul> <h3 id="drm">DRM</h3> <p>Digital restrictions management, or “DRM,” refers todecide who (if anyone)functionalities designed totrustrestrict what users can do with the data inthis way. </p>their computers.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201501030"> <!--#set var="DATE" value='<small class="date-tag">2015-01</small>' --><!--#echo encoding="none" var="DATE" --> <p id="netflix-app-geolocation-drm">The Netflix Android app <a href="https://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/"> forces the use of Google DNS</a>. This is one of the methods that Netflix uses to enforce the geolocation restrictions dictated by the movie studios.</p> </li> </ul> <h3id="insecurity">Mobile Insecurity</h3>id="insecurity">Insecurity</h3> <p>These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.</p><ul> <li><ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202208240"> <!--#set var="DATE" value='<small class="date-tag">2022-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>A security researcher found that the iOS in-app browser of TikTok <a href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows"> injects keylogger-like JavaScript code into outside web pages</a>. This code has the ability to track all users' activities, and to retrieve any personal data that is entered on the pages. We have no way of verifying TikTok's claim that the keylogger-like code only serves purely technical functions. Some of the accessed data could well be saved to the company's servers, and even sent to third parties. This would open the door to extensive surveillance, including by the Chinese government (to which TikTok has indirect ties). There is also a risk that the data would be stolen by crackers, and used to launch malware attacks.</p> <p>The iOS in-app browsers of Instagram and Facebook behave essentially the same way as TikTok's. The main difference is that Instagram and Facebook allow users to access third-party sites with their default browser, whereas <a href="https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/"> TikTok makes it nearly impossible</a>.</p> <p>The researcher didn't study the Android versions of in-app browsers, but we have no reason to assume they are safer than the iOS versions.</p> <p><small>Please note that the article wrongly refers to crackers as “hackers.”</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201908020"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Out of 21 gratis Android antivirus apps that were tested by security researchers, eight <a href="https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/"> failed to detect a test virus</a>. All of them asked for dangerous permissions or contained advertising trackers, with seven being more risky than the average of the 100 most popular Android apps.</p> <p><small>(Note that the article refers to these proprietary apps as “free”. It should have said “gratis” instead.)</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201807100"> <!--#set var="DATE" value='<small class="date-tag">2018-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Siri, Alexa, and all the other voice-control systems can be <ahref="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">hijackedhref="https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa"> hijacked by programs that play commands in ultrasound that humans can'thear</a>. </p>hear</a>.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201807020"> <!--#set var="DATE" value='<small class="date-tag">2018-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some Samsung phones randomly <a href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send photos to people in the owner's contact list</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201704050"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many Android devices <ahref="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">href="https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/"> can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom'snon-freenonfree firmware.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201703070"> <!--#set var="DATE" value='<small class="date-tag">2017-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>The CIA exploited existing vulnerabilities in “smart” TVs and phones to design a malware that <a href="https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html"> spies through their microphones and cameras while making them appear to be turned off</a>. Since the spyware sniffs signals, it bypasses encryption.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201702170"> <!--#set var="DATE" value='<small class="date-tag">2017-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>The mobile apps for communicating <a href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with a smart but foolish car have very bad security</a>.</p> <p>This is in addition to the fact that the car contains a cellular modem that tells big brother all the time where it is. If you own such a car, it would be wise to disconnect the modem so as to turn off the tracking.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201701270"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Samsung phones <a href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have a security hole that allows an SMS message to install ransomware</a>.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201701130"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>WhatsApp has a feature that <a href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/"> has been described as a “back door”</a> because it would enable governments to nullify its encryption.</p> <p>The developers say that it wasn't intended as a back door, and that may well be true. But that leaves the crucial question of whether it functions as one. Because the program is nonfree, we cannot check by studying it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201612060.1"> <!--#set var="DATE" value='<small class="date-tag">2016-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>The “smart” toys My Friend Cayla and i-Que can be <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/">remotely controlled with a mobile phone</a>; physical access is not necessary. This would enable crackers to listen in on a child's conversations, and even speak into the toys themselves.</p> <p>This means a burglar could speak into the toys and ask the child to unlock the front door while Mommy's not looking.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201607290"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted” WhatsApp messages are not entirely deleted</a>. They can be recovered in various ways.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201607280"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>A half-blind security critique of a tracking app: it found that <a href="https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/"> blatant flaws allowed anyone to snoop on a user's personal data</a>. The critique fails entirely to express concern that the app sends the personal data to a server, where the <em>developer</em> gets it all. This “service” is for suckers!</p> <p>The server surely has a “privacy policy,” and surely it is worthless since nearly all of them are.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201607190"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>A bug in a proprietary ASN.1 library, used in cell phone towers as well as cell phones and routers, <a href="https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/">allows taking control of those systems</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201605020"> <!--#set var="DATE" value='<small class="date-tag">2016-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Samsung's “Smart Home” has a big security hole; <a href="https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/"> unauthorized people can remotely control it</a>.</p> <p>Samsung claims that this is an “open” platform so the problem is partly the fault of app developers. That is clearly true if the apps are proprietary software.</p> <p>Anything whose name is “Smart” is most likely going to screw you.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201603100"> <!--#set var="DATE" value='<small class="date-tag">2016-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many proprietary payment apps <ahref="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data"> transmithref="https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit personal data in an insecure way</a>. However, the worse aspect of these apps is that <a href="/philosophy/surveillance-vs-democracy.html">payment is notanonymous</a>. </p>anonymous</a>.</p> </li><li><p><a href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201505294"> <!--#set var="DATE" value='<small class="date-tag">2015-05</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html"> Many smartphone apps use insecure authentication methods when storing your personal data on remote servers</a>. This leaves personal information like email addresses, passwords, and health information vulnerable. Because many of these apps are proprietary it makes it hard to impossible to know which apps are at risk.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201405190"> <!--#set var="DATE" value='<small class="date-tag">2014-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>An app to prevent “identity theft” (access to personal data) by storing users' data on a special server <a href="https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was deactivated by its developer</a> which had discovered a security flaw.</p> <p>That developer seems to be conscientious about protecting personal data from third parties in general, but it can't protect that data from the state. Quite the contrary: confiding your data to someone else's server, if not first encrypted by you with free software, undermines your rights.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201402210"> <!--#set var="DATE" value='<small class="date-tag">2014-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>The <a href="https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity of WhatsApp</a> makes eavesdropping a snap.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201311120"> <!--#set var="DATE" value='<small class="date-tag">2013-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <ahref="#universal-back-door">href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/"> lots of bugs in the phones' radio software</a>.</p> </li> </ul> <h3id="surveillance">Mobile Surveillance</h3> <ul> <li><p>Theid="interference">Interference</h3> <p>This section gives examples of mobile apps harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202311090"> <!--#set var="DATE" value='<small class="date-tag">2023-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20231011121908/https://www.makeuseof.com/how-to-remove-ads-on-samsung/">Samsung's Push Service proprietary app</a> sends notifications to the user's phone about “updates” in Samsung apps, including the Gaming Hub, but these updates only sometimes have to do with a new version of the apps. Many times, the notifications from Gaming Hub are simply ads for games that they think the user should install based on the data collected from the user. Most importantly, <a href="https://web.archive.org/web/20240305093416/https://getfastanswer.com/3486/how-to-remove-samsung-push-service-on-a-smartphone">it cannot be permanently disabled.</a></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202104060"> <!--#set var="DATE" value='<small class="date-tag">2021-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The <a href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire app saves people's wedding photos forever and hands over data to others</a>, giving users no control over their personal information/data. The app also sometimes shows old photos and memories to users, without giving them any control over this either.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201901110"> <!--#set var="DATE" value='<small class="date-tag">2019-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Samsung phones come preloaded with <a href="https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook"> a version of the Facebook app that can't be deleted</a>. <a href="https://www.infopackets.com/news/10484/truth-behind-undeletable-facebook-app"> Facebook claims this is a stub</a> which doesn't do anything, but we have to take their word for it, and there is the permanent risk that the app will be activated by an automatic update.</p> <p>Preloading crapware along with a nonfree operating system is common practice, but by making the crapware undeletable, Facebook and Samsung (<a class="not-a-duplicate" href="https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook">among others</a>) are going one step further in their hijacking of users' devices.</p> </li> </ul> <h3 id="manipulation">Manipulation</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201905300"> <!--#set var="DATE" value='<small class="date-tag">2019-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Femm “fertility” app is secretly a <a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"> tool for propaganda</a> by natalist Christians. It spreads distrust for contraception.</p> <p>It snoops on users, too, as you must expect from nonfree programs.</p> </li> </ul> <h3 id="sabotage">Sabotage</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202311301"> <!--#set var="DATE" value='<small class="date-tag">2023-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html">To block non-Apple repairs, Apple encodes the iMonster serial number in the original parts</a>. This is called “parts pairing”. Swapping parts between working iMonsters of the same model causes malfunction or disabling of some functionalities. Part replacement may also trigger persistent alerts, unless it is done by an Apple store.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202011060"> <!--#set var="DATE" value='<small class="date-tag">2020-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>A new app published by Google <a href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets banks and creditors deactivate people's Android devices</a> if they fail to make payments. If someone's device gets deactivated, it will be limited to basic functionality, such as emergency calling and access to settings.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202010120"> <!--#set var="DATE" value='<small class="date-tag">2020-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Samsung is forcing its smartphone users in Hong Kong (and Macau) <a href="https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to use a public DNS in Mainland China</a>, using software update released in September 2020, which causes many unease and privacy concerns.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201902041"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Twenty nine “beauty camera” apps that used to be on Google Play had one or more malicious functionalities, such as stealing users' photos instead of “beautifying” them, <a href="https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/"> pushing unwanted and often malicious ads on users, and redirecting them to phishing sites</a> that stole their credentials. Furthermore, the user interface of most of them was designed to make uninstallation difficult.</p> <p>Users should of course uninstall these dangerous apps if they haven't yet, but they should also stay away from nonfree apps in general. <em>All</em> nonfree apps carry a potential risk because there is no easy way of knowing what they really do.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201810240"> <!--#set var="DATE" value='<small class="date-tag">2018-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Apple and Samsung deliberately <a href="https://www.theguardian.com/technology/2018/oct/24/apple-samsung-fined-for-slowing-down-phones">degrade the performance of older phones to force users to buy their newer phones</a>.</p> </li> </ul> <h3 id="surveillance">Surveillance</h3> <p>See above for the general universal back door in essentially all mobile phones, which permits converting them into <a class="not-a-duplicate" href="#universal-back-door-phone-modem"> full-time listening devices</a>.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202411040"> <!--#set var="DATE" value='<small class="date-tag">2024-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Pixel 9 “smart”phone <a href="https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/"> frequently updates Google servers with its location and current configuration</a> along with personally identifiable data, raising concerns about user privacy. Moreover, it communicates with services that are not in use, and periodically attempts to download experimental, possibly insecure software. The system does not inform the user that it is doing all this.</p> <p>There is hope, however: it is possible to <a href="https://doc.e.foundation/devices"> replace the original Android operating system with a deGoogled version</a> in Pixel phones up to 8a, and in phones from many other brands. No doubt that the Pixel 9 will be supported soon.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202308080"> <!--#set var="DATE" value='<small class="date-tag">2023-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Yandex company has started to <a href="https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b"> give away Yango taxi ride data to Russia's Federal Security Service (FSB)</a>. The Russian government (and whoever else receives the the data) thus has access to a wealth of personal information, including who traveled where, when, and with which driver. Yandex <a href="https://yandex.ru/legal/confidential/?lang=en"> claims that it complies with European regulations</a> for data collected in the European Economic Area, Switzerland or Israel. But what about the rest of the world?</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202304030"> <!--#set var="DATE" value='<small class="date-tag">2023-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Pinduoduo app <a href="https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html"> snoops on other apps, and takes control of them</a>. It also installs additional malware that is hard to remove.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202206020"> <!--#set var="DATE" value='<small class="date-tag">2022-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Canada has fined the company Tim Hortons for making <a href="https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/"> an app that tracks people's movements</a> to learn things such as where they live, where they work, and when they visit competitors' stores.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202201270"> <!--#set var="DATE" value='<small class="date-tag">2022-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>The data broker X-Mode <a href="https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker">bought location data about 20,000 people collected by around 100 different malicious apps</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202106170"> <!--#set var="DATE" value='<small class="date-tag">2021-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost all proprietary health apps harvest users' data</a>, including sensitive health information, tracking identifiers, and cookies to track user activities. Some of these applications are tracking users across different platforms.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202106030"> <!--#set var="DATE" value='<small class="date-tag">2021-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok apps collect biometric identifiers and biometric information from users' smartphones</a>. The company behind it does whatever it wants and collects whatever data it can.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202102200"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>The proprietary program Clubhouse is malware and a privacy disaster. Clubhouse <a href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects people's personal data such as recordings of people's conversations</a>, and, as a secondary problem, does not encrypt them, which shows a bad security part of the issue.</p> <p>A user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora (the company behind the app) would likely have access to users' raw audio, potentially providing access to the Chinese government.</p> <p>Even with good security of data transmission, collecting personal data of people is wrong and a violation of people's privacy rights.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202102010"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many cr…apps, developed by various companies for various organizations, do <a href="https://www.expressvpn.com/digital-security-lab/investigation-xoth"> location tracking unknown to those companies and those organizations</a>. It's actually some widely used libraries that do the tracking.</p> <p>What's unusual here is that proprietary software developer A tricks proprietary software developers B1 … B50 into making platforms for A to mistreat the end user.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202012070"> <!--#set var="DATE" value='<small class="date-tag">2020-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Baidu apps were <a href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/"> caught collecting sensitive personal data</a> that can be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to the Chinese government, possibly putting Chinese people in danger.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202006260"> <!--#set var="DATE" value='<small class="date-tag">2020-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Most apps are malware, but Trump's campaign app, like Modi's campaign app, is <a href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/"> especially nasty malware, helping companies snoop on users as well as snooping on them itself</a>.</p> <p>The article says that Biden's app has a less manipulative overall approach, but that does not tell us whether it has functionalities we consider malicious, such as sending data the user has not explicitly asked to send.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202004300"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Xiaomi phones <a href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report many actions the user takes</a>: starting an app, looking at a folder, visiting a website, listening to a song. They send device identifying information too.</p> <p>Other nonfree programs snoop too. For instance, Spotify and other streaming dis-services make a dossier about each user, and <a href="/malware/proprietary-surveillance.html#M201508210"> they make users identify themselves to pay</a>. Out, out, damned Spotify!</p> <p>Forbes exonerates the same wrongs when the culprits are not Chinese, but we condemn this no matter who does it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202004131"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google, Apple, and Microsoft (and probably some other companies) <a href="https://www.lifewire.com/wifi-positioning-system-1683343">are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off</a>, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M202003010"> <!--#set var="DATE" value='<small class="date-tag">2020-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Alipay Health Code app estimates whether the user has Covid-19 and <a href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html"> tells the cops directly</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201912220"> <!--#set var="DATE" value='<small class="date-tag">2019-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>The ToToc messaging app seems to be a <a href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html"> spying tool for the government of the United Arab Emirates</a>. Any nonfree program could be doing this, and that is a good reason to use free software instead.</p> <p><small>Note: this article uses the word “free” in the sense of “gratis.”</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201912090"> <!--#set var="DATE" value='<small class="date-tag">2019-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>iMonsters and Android phones, when used for work, give employers powerful <a href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy"> snooping and sabotage capabilities</a> if they install their own software on the device. Many employers demand to do this. For the employee, this is simply nonfree software, as fundamentally unjust and as dangerous as any other nonfree software.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201909091"> <!--#set var="DATE" value='<small class="date-tag">2019-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Facebook app <a href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/"> tracks users even when it is turned off</a>, after tricking them into giving the app broad permissions in order to use one of its functionalities.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201909090"> <!--#set var="DATE" value='<small class="date-tag">2019-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some nonfree period-tracking apps including MIA Fem and Maya <a href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem"> send intimate details of users' lives to Facebook</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201909060"> <!--#set var="DATE" value='<small class="date-tag">2019-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Keeping track of who downloads a proprietary program is a form of surveillance. There is a proprietary program for adjusting a certain telescopic rifle sight. <a href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/"> A US prosecutor has demanded the list of all the 10,000 or more people who have installed it</a>.</p> <p>With a free program there would not be a list of who has installed it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201907081"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many unscrupulous mobile-app developers keep finding ways to <a href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/"> bypass user's settings</a>, regulations, and privacy-enhancing features of the operating system, in order to gather as much private data as they possibly can.</p> <p>Thus, we can't trust rules against spying. What we can trust is having control over the software we run.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201907080"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many Android apps can track users' movements even when the user says <a href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location"> not to allow them access to locations</a>.</p> <p>This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201905280"> <!--#set var="DATE" value='<small class="date-tag">2019-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night <a href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html"> sending users' personal information to third parties</a>.</p> <p>The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as phone fingerprint, exact location, email address, phone number or even delivery address (in the case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201905060"> <!--#set var="DATE" value='<small class="date-tag">2019-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>BlizzCon 2019 imposed a <a href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/"> requirement to run a proprietary phone app</a> to be allowed into the event.</p> <p>This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has <a href="https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/"> near-complete control</a> over the phone.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201904131"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Data collected by menstrual and pregnancy monitoring apps is often <a href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance"> available to employers and insurance companies</a>. Even though the data is “anonymized and aggregated,” it can easily be traced back to the woman who uses the app.</p> <p>This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do so. A free-software app that does more or less the same thing without spying on you is available from <a href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a href="https://web.archive.org/web/20231230011724/https://dcs.megaphone.fm/BLM6228935164.mp3?key=23a58d3f686794e6d8b8678a5204887b&request_event_id=36469053-3d0b-4724-bf2d-6dbeeeac282e"> a new one is being developed</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201903251"> <!--#set var="DATE" value='<small class="date-tag">2019-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many Android phones come with a huge number of <a href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html"> preinstalled nonfree apps that have access to sensitive data without users' knowledge</a>. These hidden apps may either call home with the data, or pass it on to user-installed apps that have access to the network but no direct access to the data. This results in massive surveillance on which the user has absolutely no control.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201903211"> <!--#set var="DATE" value='<small class="date-tag">2019-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>The MoviePass dis-service <a href="https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/"> is planning to use face recognition to track people's eyes</a> to make sure they won't put their phones down or look away during ads—and trackers.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201903201"> <!--#set var="DATE" value='<small class="date-tag">2019-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>A study of 24 “health” apps found that 19 of them <a href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows"> send sensitive personal data to third parties</a>, which can use it for invasive advertising or discriminating against people in poor medical condition.</p> <p>Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201902230"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Facebook offered a convenient proprietary library for building mobile apps, which also <a href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html"> sent personal data to Facebook</a>. Lots of companies built apps that way and released them, apparently not realizing that all the personal data they collected would go to Facebook as well.</p> <p>It shows that no one can trust a nonfree program, not even the developers of other nonfree programs.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201902140"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>The AppCensus database gives information on <a href="https://www.appcensus.io/"> how Android apps use and misuse users' personal data</a>. As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the <a href="/proprietary/proprietary-surveillance.html#M201812290"> Advertising ID</a> to other companies, and <a href="https://web.archive.org/web/20240501141046/https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/"> 18,000 (23% of the total) link this ID to hardware identifiers</a>, so that users cannot escape tracking by resetting it.</p> <p>Collecting hardware identifiers is in apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to take action. This proves that the policies of a development platform are ineffective at preventing nonfree software developers from including malware in their programs.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201902060"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many nonfree apps have a surveillance feature for <a href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/"> recording all the users' actions</a> in interacting with the app.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201902010"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>An investigation of the 150 most popular gratis VPN apps in Google Play found that <a href="https://www.top10vpn.com/research/free-vpn-investigations/risk-index/"> 25% fail to protect their users' privacy</a> due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well.</p> <p>Moreover, a previous investigation had found that <a href="https://www.top10vpn.com/research/free-vpn-investigations/ownership/">half of the top 10 gratis VPN apps have lousy privacy policies</a>.</p> <p><small>(It is unfortunate that these articles talk about “free apps.” These apps are gratis, but they are <em>not</em> <a href="/philosophy/free-sw.html">free software</a>.)</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201901050"> <!--#set var="DATE" value='<small class="date-tag">2019-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Weather Channel app <a href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling"> stored users' locations to the company's server</a>. The company is being sued, demanding that it notify the users of what it will do with the data.</p> <p>We think that lawsuit is about a side issue. What the company does with the data is a secondary issue. The principal wrong here is that the company gets that data at all.</p> <p><a href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps"> Other weather apps</a>, including Accuweather and WeatherBug, are tracking people's locations.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201812290"> <!--#set var="DATE" value='<small class="date-tag">2018-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Around 40% of gratis Android apps <a href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report"> report on the user's actions to Facebook</a>.</p> <p>Often they send the machine's “advertising ID,” so that Facebook can correlate the data it obtains from the same machine via various apps. Some of them send Facebook detailed information about the user's activities in the app; others only say that the user is using that app, but that alone is often quite informative.</p> <p>This spying occurs regardless of whether the user has a Facebook account.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201812060"> <!--#set var="DATE" value='<small class="date-tag">2018-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Facebook's app got “consent” to <a href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent"> upload call logs automatically from Android phones</a> while disguising what the “consent” was for.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201810244"> <!--#set var="DATE" value='<small class="date-tag">2018-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some Android apps <a href="https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/"> track the phones of users that have deleted them</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201806110"> <!--#set var="DATE" value='<small class="date-tag">2018-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Spanish football streaming app <a href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks the user's movements and listens through the microphone</a>.</p> <p>This makes them act as spies for licensing enforcement.</p> <p>We expect it implements DRM, too—that there is no way to save a recording. But we can't be sure from the article.</p> <p>If you learn to care much less about sports, you will benefit in many ways. This is one more.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201804160"> <!--#set var="DATE" value='<small class="date-tag">2018-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>More than <a href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50% of the 5,855 Android apps studied by researchers were found to snoop and collect information about its users</a>. 40% of the apps were found to insecurely snitch on its users. Furthermore, they could detect only some methods of snooping, in these proprietary apps whose source code they cannot look at. The other apps might be snooping in other ways.</p> <p>This is evidence that proprietary apps generally work against their users. To protect their privacy and freedom, Android users need to get rid of the proprietary software—both proprietary Android by <a href="https://replicant.us">switching to Replicant</a>, and the proprietary apps by getting apps from the free software only <a href="https://f-droid.org/">F-Droid store</a> that <a href="https://f-droid.org/docs/Anti-Features/"> prominently warns the user if an app contains anti-features</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201804020"> <!--#set var="DATE" value='<small class="date-tag">2018-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Grindr collects information about <a href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status"> which users are HIV-positive, then provides the information to companies</a>.</p> <p>Grindr should not have so much information about its users. It could be designed so that users communicate such info to each other but not to the server's database.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201803050"> <!--#set var="DATE" value='<small class="date-tag">2018-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>The moviepass app and dis-service spy on users even more than users expected. It <a href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records where they travel before and after going to a movie</a>.</p> <p>Don't be tracked—pay cash!</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201711240"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Tracking software in popular Android apps is pervasive and sometimes very clever. Some trackers can <a href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/"> follow a user's movements around a physical store by noticing WiFi networks</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201711230"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>AI-powered driving apps can <a href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move"> track your every move</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201708270"> <!--#set var="DATE" value='<small class="date-tag">2017-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Sarahah app <a href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/"> uploads all phone numbers and email addresses</a> in user's address book to developer'sserver. Noteserver.</p> <p><small>(Note that this article misuses the words “<a href="/philosophy/free-sw.html">free software</a>” referring to zeroprice.</p>price.)</small></p> </li><li><p>Some portable phones<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201707270"> <!--#set var="DATE" value='<small class="date-tag">2017-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>20 dishonest Android apps recorded <ahref="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lotshref="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/">phone calls and sent them and text messages and emails to snoopers</a>.</p> <p>Google did not intend to make these apps spy; on the contrary, it worked in various ways to prevent that, and deleted these apps after discovering what they did. So we cannot blame Google specifically for the snooping ofdatathese apps.</p> <p>On the other hand, Google redistributes nonfree Android apps, and therefore shares in the responsibility for the injustice of their being nonfree. It also distributes its own nonfree apps, such as Google Play, <a href="/philosophy/free-software-even-more-important.html">which are malicious</a>.</p> <p>Could Google have done a better job of preventing apps from cheating? There is no systematic way for Google, or Android users, toChina</a>.</p></li> <li> <p>Facebook'sinspect executable proprietary apps to see what they do.</p> <p>Google could demand the source code for these apps, and study the source code somehow to determine whether they mistreat users in various ways. If it did a good job of this, it could more or less prevent such snooping, except when the applistens alldevelopers are clever enough to outsmart thetime,checking.</p> <p>But since Google itself develops malicious apps, we cannot trust Google to protect us. We must demand release of source code to the public, so we can depend on each other.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201705230"> <!--#set var="DATE" value='<small class="date-tag">2017-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Apps for BART <ahref="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">tohref="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/"> snoop onwhat people are listeningusers</a>.</p> <p>With free software apps, users could <em>make sure</em> that they don't snoop.</p> <p>With proprietary apps, one can only hope that they don't.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201705040"> <!--#set var="DATE" value='<small class="date-tag">2017-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>A study found 234 Android apps that track users by <a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening to ultrasound from beacons placed in stores orwatching</a>. In addition,played by TV programs</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201704260"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Faceapp appears to do lots of surveillance, judging by <a href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much access itmaydemands to personal data in the device</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201704190"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Users are suing Bose for <a href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a spyware app for its headphones</a>. Specifically, the app would record the names of the audio files users listen to along with the headphone's unique serial number.</p> <p>The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should beanalyzing people's conversationsflat out <a href="/philosophy/surveillance-vs-democracy.html"> illegal toserve themdesign the app to snoop at all</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201704074"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Pairs of Android apps can collude to transmit users' personal data to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands of pairs that collude</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201703300"> <!--#set var="DATE" value='<small class="date-tag">2017-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that it will</a> pre-install on some of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine.</p> <p>Currently, the app is <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installed on only one phone</a>, and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201703140"> <!--#set var="DATE" value='<small class="date-tag">2017-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>A computerized vibrator <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack"> was snooping on its users through the proprietary control app</a>.</p> <p>The app was reporting the temperature of the vibrator minute by minute (thus, indirectly, whether it was surrounded by a person's body), as well as the vibration frequency.</p> <p>Note the totally inadequate proposed response: a labeling standard withtargeted advertisements.</p>which manufacturers would make statements about their products, rather than free software which users could have checked and changed.</p> <p>The company that made the vibrator <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit"> was sued for collecting lots of personal information about how people used it</a>.</p> <p>The company's statement that it was anonymizing the data may be true, but it doesn't really matter. If it had sold the data to a data broker, the data broker would have been able to figure out who the user was.</p> <p>Following this lawsuit, <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"> the company has been ordered to pay a total of C$4m</a> to its customers.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201701210"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Meitu photo-editing app <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends user data to a Chinese company</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201611280"> <!--#set var="DATE" value='<small class="date-tag">2016-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Uber app tracks <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients' movements before and after the ride</a>.</p> <p>This example illustrates how “getting the user's consent” for surveillance is inadequate as a protection against massive surveillance.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201611160"> <!--#set var="DATE" value='<small class="date-tag">2016-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>A <ahref="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">href="https://research.csiro.au/isp/wp-content/uploads/sites/106/2016/08/paper-1.pdf"> research paper</a> that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.”</p> <p>Following is a non-exhaustivelistlist, taken from the research paper, of some proprietary VPN appsfrom the research paperthattrackstrack users andinfringes the privacy of users:</p> <dl>infringe their privacy:</p> <dl class="compact"> <dt>SurfEasy</dt> <dd>Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads.</dd> <dt>sFly Network Booster</dt> <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code> permissions upon installation, meaning it has full access to users' text messages.</dd> <dt>DroidVPN and TigerVPN</dt> <dd>Requests the <code>READ_LOGS</code> permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this.</dd> <dt>HideMyAss</dt> <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested.</dd> <dt>VPN Services HotspotShield</dt> <dd>Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly5five tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website).</dd> <dt>WiFi Protector VPN</dt> <dd>Injects JavaScript code into HTML pages, and also uses roughly5five tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking the user anddisplaydisplaying ads.</dd> </dl> </li><li> <p><a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study in 2015</a> found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%.</p> <p>The article confusingly describes gratis apps as “free”, but most of them are<!-- Copied from workshop/mal.rec. Do not edit infact <a href="/philosophy/free-sw.html">free software</a>. It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly.</p> </li> <li> <p>A study found 234 Android apps that track users bymalware-mobiles.html. --> <li id="M201611150"> <!--#set var="DATE" value='<small class="date-tag">2016-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some portable phones <ahref="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening to ultrasound from beacons placed in stores or played by TV programs</a>. </p> </li> <li> <p>Faceapp appears to dohref="https://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lots ofsurveillance, judging by <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much access it demands to personal data in the device</a>. </p> </li> <li> <p>Pairs of Android apps can collude to transmit users' personaldata toservers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands of pairs that collude.</a></p>China</a>.</p> </li><li> <p>Google Play intentionally sends<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201606050"> <!--#set var="DATE" value='<small class="date-tag">2016-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Facebook's new Magic Photo appdevelopers<ahref="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the personal details of users that install the app</a>.</p> <p>Merely askinghref="https://www.theregister.com/2015/11/10/facebook_scans_camera_for_your_friends/"> scans your mobile phone's photo collections for known faces</a>, and suggests you circulate the“consent” of userspicture you take according to who isnot enoughin the frame.</p> <p>This spyware feature seems tolegitimize actions like this. At this point, most users have stopped readingrequire online access to some known-faces database, which means the“Terms and Conditions” that spell out what theypictures are“consenting” to. Google should clearly and honestly identifylikely to be sent across theinformation it collects on users, instead of hiding it in an obscurely worded EULA.</p> <p>However,wire totruly protect people's privacy, we must prevent GoogleFacebook's servers andother companies from getting this personal information in the first place!</p> </li> <li> <p>Google Play (a componentface-recognition algorithms.</p> <p>If so, none ofAndroid) <a href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks theFacebook users'movements without their permission</a>.</p> <p>Evenpictures are private anymore, even ifyou disable Google Maps and location tracking, you must disable Google Play itself to completely stopthetracking. This is yet another example of nonfree software pretendinguser didn't “upload” them toobeytheuser, when it's actually doing something else. Such a thing would be almost unthinkable with free software.</p>service.</p> </li><li> <p>Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that it will</a> pre-install on some of its phones. The<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201605310"> <!--#set var="DATE" value='<small class="date-tag">2016-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Facebook's appwill give Verizon the same information about the users' searches that Google normally gets when they use its search engine.</p> <p>Currently,listens all theapp istime, <ahref="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installedhref="https://www.independent.co.uk/tech/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to snoop ononly one phone</a>, and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware.</p> </li> <li><p>The Meitu photo-editing app <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends user datawhat people are listening toa Chinese company</a>.</p></li> <li> <p>A half-blind security critique of a tracking app:or watching</a>. In addition, itfound that <a href="http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/"> blatant flaws allowed anyonemay be analyzing people's conversations tosnoopserve them with targeted advertisements.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201604250"> <!--#set var="DATE" value='<small class="date-tag">2016-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>A pregnancy test controller application not only can <a href="https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security"> spy ona user's personal data</a>. The critique fails entirely to express concern that the app sends the personalmany sorts of datato a server, wherein the<em>developer</em> gets it all. This “service” is for suckers!</p> <p>The server surely has a “privacy policy,”phone, andsurelyin server accounts, itis worthless since nearly all ofcan alter themare.</p>too</a>.</p> </li><li><p>Apps<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201601130"> <!--#set var="DATE" value='<small class="date-tag">2016-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Apps that include <ahref="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/"> Symphony surveillance software snoop on what radio and TV programs are playing nearby</a>. Also on what users post on various sites such as Facebook, Google+ and Twitter.</p> </li><li><p>More than 73% and 47% of mobile applications, both<!-- Copied fromAndroid and iOS respectively <a href="http://jots.pub/a/2015103001/index.php">share personal, behavioral and location information</a>workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201601110"> <!--#set var="DATE" value='<small class="date-tag">2016-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>The natural extension oftheir users with third parties.</p>monitoring people through “their” phones is <a href="https://news.northwestern.edu/stories/2016/01/fool-activity-tracker"> proprietary software to make sure they can't “fool” the monitoring</a>.</p> </li><li><p>“Cryptic<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201511190"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>“Cryptic communication,” unrelated to the app's functionality, was <ahref="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">href="https://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"> found in the 500 most popular gratis Android apps</a>.</p> <p>The article should not have described these apps as “free”—they are not free software. The clear way to say “zero price” is “gratis.”</p> <p>The article takes for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any other snooping.</p> </li><li><p>Many proprietary apps for<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201510300"> <!--#set var="DATE" value='<small class="date-tag">2015-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>More than 73% and 47% of mobiledevices report which other apps the user has installed.applications, for Android and iOS respectively <ahref="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this in a way that at least is visiblehref="https://techscience.org/a/2015103001/">hand over personal, behavioral andoptional</a>. Not as bad as what the others do.</p>location information</a> of their users to third parties.</p> </li><li><p>Portable<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201510050"> <!--#set var="DATE" value='<small class="date-tag">2015-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>According to Edward Snowden, <a href="https://www.bbc.com/news/uk-34444233">agencies can take over smartphones</a> by sending hidden text messages which enable them to turn the phoneswith GPS will send their GPSon and off, listen to the microphone, retrieve geo-location data from the GPS, take photographs, read text messages, read call, location and web browsing history, and read the contact list. This malware is designed to disguise itself from investigation.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201508210"> <!--#set var="DATE" value='<small class="date-tag">2015-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Like most “music screaming” disservices, Spotify is based onremote commandproprietary malware (DRM andusers cannot stop them:snooping). In August 2015 it <ahref="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers"> http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>. (The US sayshref="https://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy"> demanded users submit to increased snooping</a>, and some are starting to realize that itwill eventually require all new portable phonesis nasty.</p> <p>This article shows the <a href="https://www.theregister.com/2015/08/21/spotify_worse_than_the_nsa/"> twisted ways that they present snooping as a way to “serve” users better</a>—never mind whether they want that. This is a typical example of the attitude of the proprietary software industry towards those they haveGPS.)</p>subjugated.</p> <p>Out, out, damned Spotify!</p> </li><li><p>Spyware in Cisco TNP IP phones: <a href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html"> http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a>.</p></li> <li><p>Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked<!-- Copied fromus by a paywall) reportsworkshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201507281"> <!--#set var="DATE" value='<small class="date-tag">2015-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many retail businesses publish cr…apps that ask to <ahref="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the FBI can remotely activatehref="https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/"> spy on theGPS and microphoneuser's own data</a>—often many kinds.</p> <p>Those companies know that snoop-phone usage trains people to say yes to almost any snooping.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit inAndroidmalware-mobiles.html. --> <li id="M201507030"> <!--#set var="DATE" value='<small class="date-tag">2015-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Samsung phones come with <a href="https://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps that users can't delete</a>, andin laptops</a>. (I suspect this means Windows laptops.) Herethey send so much data that their transmission is a substantial expense for users. Said transmission, not wanted or requested by the user, clearly must constitute spying of some kind.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201506264"> <!--#set var="DATE" value='<small class="date-tag">2015-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf"> A study in 2015</a> found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%.</p> <p>The article confusingly describes gratis apps as “free”, but most of them are not in fact <ahref="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>href="/philosophy/free-sw.html">free software</a>. It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly.</p> </li><li><p>Some Motorola phones modify<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201505060"> <!--#set var="DATE" value='<small class="date-tag">2015-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Gratis Androidtoapps (but not <ahref="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> send personal datahref="/philosophy/free-sw.html">free software</a>) connect toMotorola.</a></p> </li> <li><p>Some manufacturers add a100 <ahref="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package such as Carrier IQ.</a></p>href="https://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking and advertising</a> URLs, on the average.</p> </li><li><p>Widely<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201504060"> <!--#set var="DATE" value='<small class="date-tag">2015-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Widely used <ahref="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietaryhref="https://freedom-to-tinker.com/2015/04/06/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary QR-code scanner apps snoop on the user</a>. This is in addition to the snooping done by the phone company, and perhaps by the OS in the phone.</p> <p>Don't be distracted by the question of whether the app developers get users to say “I agree”. That is no excuse for malware.</p> </li></ul> <h3 id="drm">Mobile DRM</h3> <ul><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <liid="android-apps-detect-rooting"> <p>Google now allows Androidid="M201411260"> <!--#set var="DATE" value='<small class="date-tag">2014-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many proprietary appsto detect whether a devicefor mobile devices report which other apps the user hasbeen rooted, <a href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and refuse to install if so</a>.</p> <p>Update: Google <i>intentionally</i>installed. <ahref="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/"> changed Android sohref="https://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this in a way thatapps can detect rooted devicesat least is visible andrefuseoptional</a>. Not as bad as what the others do.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201403120"> <!--#set var="DATE" value='<small class="date-tag">2014-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access torunany file onthem</a>.</p>the system.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201401150.1"> <!--#set var="DATE" value='<small class="date-tag">2014-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>TheiPhone 7 contains DRM specifically designedSimeji keyboard is a smartphone version of Baidu's <a href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr title="Input Method Editor">IME</abbr></a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201312270"> <!--#set var="DATE" value='<small class="date-tag">2013-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>The nonfree Snapchat app's principal purpose is to restrict the use of data on the user's computer, but it does surveillance too: <ahref="https://motherboard.vice.com/en_us/article/iphone-7-home-button-unreplaceable-repair-software-lock"> brickhref="https://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"> itif an “unauthorized” repair shop fixes it</a>. “Unauthorized” essentially means anyone besides Apple.</p>tries to get the user's list of other people's phone numbers</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201312060"> <!--#set var="DATE" value='<small class="date-tag">2013-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Thearticle usesBrightest Flashlight app <a href="https://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers"> sends user data, including geolocation, for use by companies</a>.</p> <p>The FTC criticized this app because it asked theterm “lock”user to approve sending personal data todescribetheDRM,app developer butwe preferdid not ask about sending it touseother companies. This shows theterm <a href="https://gnu.org/philosophy/words-to-avoid.html#DigitalLocks"> digital handcuffs</a>.</p>weakness of the reject-it-if-you-dislike-snooping “solution” to surveillance: why should a flashlight app send any information to anyone? A free software flashlight app would not.</p> </li><li><p>Android<!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201307000"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Portable phones with GPS <ahref="https://developer.android.com/reference/android/drm/package-summary.html">contains facilities specificallyhref="https://www.aclu.org/issues/privacy-technology/location-tracking/you-are-being-tracked"> will send their GPS location on remote command, and users cannot stop them</a>. (The US says it will eventually require all new portable phones tosupport DRM</a>.</p>have GPS.)</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201212100"> <!--#set var="DATE" value='<small class="date-tag">2012-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>FTC says most mobile apps for children don't respect privacy: <a href="https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/"> https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201111170"> <!--#set var="DATE" value='<small class="date-tag">2011-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some manufacturers add a <a href="https://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package such as Carrier IQ</a>.</p> </li> </ul> <h3id="jails">Mobile Jails</h3> <ul> <li><p><a href="https://fsf.org/campaigns/secure-boot-vs-restricted-boot/">Mobile devicesid="jails">Jails</h3> <p>Jails are systems thatcome withimpose censorship on application programs.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201210080"> <!--#set var="DATE" value='<small class="date-tag">2012-10</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20190917162027/https://www.itworld.com/article/2832657/microsoft-metro-app-store-lock-down.html"> Windows 8are tyrants</a>. <a href="http://www.itworld.com/article/2832657/operating-systems/microsoft-metro-app-store-lock-down.html">Windows 8on “mobile devices”is(now defunct) was ajail.</a></p>jail</a>.</p> </li> </ul> <h3id="tyrants">Mobile Tyrants</h3> <ul> <li><p><a href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html"> Some Android phonesid="tyrants">Tyrants</h3> <p>Tyrants aretyrants</a> (though someone found a way to cracksystems that reject any operating system not “authorized” by therestriction). Fortunately, most Androidmanufacturer.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-mobiles.html. --> <li id="M201110110"> <!--#set var="DATE" value='<small class="date-tag">2011-10</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/"> Mobile devices that come with Windows 8 arenot tyrants.</p>tyrants</a>.</p> </li> </ul></div><!-- for id="content", starts in the include above</div> </div> <!--#include virtual="/proprietary/proprietary-menu.html" --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright ©2014, 2015, 2016, 2017, 20182014-2025 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license"href="http://creativecommons.org/licenses/by-nd/4.0/">Creativehref="http://creativecommons.org/licenses/by/4.0/">Creative CommonsAttribution-NoDerivativesAttribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2025/03/16 17:37:48 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>