We analysed several authenticator apps after Twitter had stopped the SMS method for 2FA. We saw many scam apps looking almost the same. They all trick users to take out a yearly subscription for $40/year. We caught four that have near identical binaries. We also caught one app that sends every scanned QR code to the developer’s Google analytics account.

Unlike the clean OSes you'd get from Google or Apple, Samsung sells space in its devices to the highest bidder via pre-installed crapware. A company like Facebook will buy a spot on Samsung's system partition, where it can get more intrusive system permissions that aren't granted to app store apps, letting it more effectively spy on users. You'll also usually find Netflix, Microsoft Office, Spotify, Linkedin, and who knows what else. Another round of crapware will also be included if you buy a phone from a carrier, i.e., all the Verizon apps and whatever space they want to sell to third parties. The average amount users are reporting is 60GB, but crapware deals change across carriers and countries, so it will be different for everyone.

In materials provided to law enforcement, Fog states that it has access to a “near real-time” database of billions of geolocation signals derived from smartphones. It sells subscriptions to a service, which the company usually billed as “Fog Reveal,” that lets law enforcement look up location data in its database through a website. The smartphone signals in Fog’s database include latitude, longitude, timestamp, and a device ID. The company can access historical data reaching back to at least June 2017.

WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.

The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack.

...

NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.

NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime.

But mostly to spy on people said governments don't particularly like, of course.

Uninstall tracking exploits a core element of Apple Inc.’s and Google’s mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user—to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn’t ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device’s unique advertising ID, details that make it easy to identify just who’s holding the phone and advertise the app to them wherever they go.

The tools violate Apple and Google policies against using silent push notifications to build advertising audiences, says Alex Austin, CEO of Branch Metrics Inc., which makes software for developers but chose not to create an uninstall tracker. “It’s just generally sketchy to track people around the internet after they’ve opted out of using your product,” he says, adding that he expects Apple and Google to crack down on the practice soon. Apple and Google didn’t respond to requests for comment.

NTT Docomo on Monday announced its Japan Welcome SIM TM series will introduce Plan 0 to allow overseas visitors in Japan to access the Internet for free via the Docomo mobile network, from Tuesday. The free service will initially be available in Hokkaido and Niigata prefectures, after which other areas will be added sequentially.

The cards, aptly named Prepaid SIM for Japan, can be purchased along with smartphones, mobile routers and smartphone accessories at the vending machines, the Tokyo-based telecommunications firm said.

The airport will have two such machines, for Terminal 1 and Terminal 2, with only credit cards accepted for added ease.

NTT Communications said the SIM cards are priced at ¥3,450 for one week and ¥4,950 for two weeks. Both types offer a maximum download speed of 150 megabytes per second and 50 Mbps as an upload speed. If the data amount exceeds 100 MB a day, the network speed will slow down.

The problem in a predominantly pre-paid phone connection market like India is that caller identities are often a mystery. So people end up taking a lot of unwanted calls and spam. That’s why an app like TrueCaller, developed in Sweden, is more popular in India than in the West.

Now there’s a new app called Holaa!, just launched today, which claims to help smartphone users manage their calls better. It’s a product of Nimbuzz, which shifted its base from the Netherlands to India in 2012 to serve a growing Indian user base for voice over IP (VoIP), messaging, and mobile advertising services.

Of particular concern are newer Android gadgets, specifically those running Android 3.1 "Honeycomb" or later. That version of the Google OS introduced a feature called Preferred Network Offload (PNO), which has a habit of broadcasting the names of the last 15 Wi-Fi networks a device has joined, even when the screen is off.

The idea is to conserve battery by allowing a phone to connect to known Wi-Fi networks even while in sleep mode, since Wi-Fi uses less power than the mobile data radio. The problem, the EFF says, is that your wireless network history can give a worryingly accurate and thorough picture of your movements.

App.js is a lightweight JavaScript UI library for creating mobile webapps that behave like native apps, sacrificing neither performance nor polish.