ICYMI is posted every Monday recapping privacy news over the last week from around the web.
In the latest instance of iOS 14’s beta mode tattling on unexpected app behavior, some users reported that they were seeing the green “camera on” indicator while using Instagram when they were just scrolling through their feeds, not taking a photo or video.
An Instagram spokesperson said in an email to The Verge that the behavior was a bug and that it’s being fixed.
There sure been a lot of privacy invasive bugs ever since iOS 14 came out. Weird.
But for the apps to work on smartphones with Google’s Android operating system — the most popular in the world — users must first turn on the device location setting, which enables GPS and may allow Google to determine their locations.
[...] Apple, which does not require iPhone users of the virus apps to turn on location, declined to comment on Google’s location practices.
"We found the public health authority component of these apps generally shares little data and is quite private.
"However, on Android devices we found the Google component of the apps is far from private and continuously shares a great deal of data with Google servers.
"This data includes the phone IMEI, hardware serial number, SIM serial number, handset phone number, the wifi MAC address and approximate phone location.
[...] However, Google executives admit the requirement to have an Android phone's location setting switched on, in order for the Bluetooth setting to work properly, might be considered "confusing".
You'd think Google would chill out on the data collection when trying to help society push through a pandemic.
In the interest of providing full disclosure, below you will find the executive summary that was compiled from the team at Insight Risk Consulting along with an internal report containing a summary of each issue, impact analysis, and the actions taken/planned by Bitwarden regarding the identified issues. We are happy to report that no major issues were identified during this audit. One moderate issue has been patched in the latest Bitwarden server update.
One of the best password managers, Bitwarden, has completed their second independent audit since they launched in 2016. Most companies never have an audit done at all and here we have one compeleting them on a two year cadence.
Here's their 2018 audit for those interested. PDF
How much user data does TikTok collect?
Browsing history (i.e., the content you viewed on TikTok)
Location data if you are using a mobile device (including GPS coordinates and WiFi and mobile cell data)
Info on the device you used to access TikTok (for Android devices, this includes your IMEI number, which is essentially your device’s fingerprint so it can be identified, and potentially your IMSI number, which is used to track users from one phone to another)
To open an account, you must enter a phone number or email and your date of birth. Once you have created an account, TikTok asks your permission for access to your social media accounts (like Twitter, Instagram, Facebook, etc.), your phone’s contact list, and GPS data.
Once you start using the app, TikTok logs details about:
Every video you upload
How long you watch videos
Which videos you like
Which videos you share
Any messages you exchange in the app
Finally, if you buy coins, the in-app currency you can use to support your favorite video creators, TikTok will store your payment information.
According to TikTok, if you delete your account, the company will delete your account data, videos, and information within 30 days. This claim is impossible to independently verify, as is the case with most social media companies.
An eye opening post about Tik Tok and the extreme invasiveness of the platform.