Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

As TikTok ‘Spyware’ Rumor Swirls, Crypto Apps Safety In The Spotlight

As data becomes the main commodity for social media giants, can you trust crypto apps with your personal info? As TikTok ‘Spyware’ Rumor Swirls, Crypto Apps Safety In The Spotlight

Over the past few weeks, TikTok has found itself in hot water over security issues. First, it was axed in India along with 58 Chinese apps for “stealing and surreptitiously transmitting users’ data in an unauthorized manner.” Later, it became a major target for Trump’s administration against the backdrop of America’s faltering relationship with China and was even banned for Wells Fargo and Amazon employees, with the latter later retracing the news, saying it did not intend to prohibit using TikTok.

While the censure of TikTok’s data collection habits seems to stem from mostly geopolitical reasons — its harshest critics accuse the app of being spyware for the Communist Party of China — some research suggests that TikTok isn’t much different from Western apps in terms of privacy and security, with the Facebook–Cambridge Analytica data scandal being arguably the clearest example.

It seems safe to say that at this point, user data has become the main commodity for mainstream apps, but how do things stand with popular crypto apps?

Crypto And Cybersecurity

Cybersecurity remains a major weak point for the cryptocurrency and blockchain space. Each year, hackers manage to extract increasingly larger sums of money from cryptocurrency exchanges and ignorant investors, while the technology itself and the emergency of privacy coins have allowed criminals to stay relatively anonymous.

Data collection, however, is a slightly different matter. Unlike hacks, it falls into a grayer regulatory area.

“Private data” is a rather abstract umbrella term, and normally, users consent to data collection when they download an app and approve its terms and conditions. Nonetheless, they often don’t realize what kind of data they’ve allowed this app to access — and sometimes it’s much more than just their email address and approximate location.

“Mobile apps are generally very ‘thorough’ when it comes to targeted advertising,” Hartej Sawhney, the CEO and co-founder of cybersecurity agency Zokyo Labs, said in an email conversation with Cointelegraph. He went on to say: “Many apps track users even when their mobile app is not in use. In addition, there’s even concern about apps accessing your phone’s microphone.”

Indeed, a somewhat similar story happened with Binance recently. Earlier this month, Twitter user Sherpa posted a screenshot of a certificate issuer in a tweet, showing that the permissions requested by the top cryptocurrency exchange in its Android app include access to the camera and the ability to record audio.

At the time, the chief security officer of Binance told Cointelegraph that the camera is used during the KYC verification process, stressing that “the code developed in-house within the Binance app definitely does not use the microphone.”

Later, Binance CEO Changpeng Zhao said that he asked his team to review the code, clarifying to Cointelegraph that Binance chose to remove the audio recording permission and “keep other permissions required to a minimum, for our users’ peace of mind.”

CZ also shared a list of permissions from the updated version of the app, which seemed much more privacy-oriented when compared to the screenshots posted by Sherpa. Furthermore, Zhao stressed that Binance does not sell user data “of any kind, such as packaging KYC data together with blockchain analytics.”

Data Collection And Poor Security Ramifications

As CZ previously told Cointelegraph, apps with access to user’s clipboard data pose the greatest threat to users’ safety because they can potentially steal their private keys.

“Most crypto applications that ask for your key material can simply steal your funds, and you trust that they don’t,” Harry Halpin, the CEO of privacy mixnet Nym Technologies, confirmed to Cointelegraph, adding: “Any custodial service can obviously steal your cryptocurrency.”

Coin theft is one of the main risks associated with cryptocurrency applications, and wallet apps in particular. Alex Heid, the chief research and development officer at information security company SecurityScorecard, added in a conversation with Cointelegraph:

“Attackers have been known to use malware, compromised developer repositories and social engineering to obtain the wallet and private keys of vulnerable users. Examples of this has taken place in the past, such as with the ongoing plague of rogue applications in mobile app stores, the attack on Copay wallets via a compromised JavaScript library in 2018, and the attack on Electrum node messaging servers in 2019.”

Are Crypto Apps Generally Safer?

Are crypto apps any different from mainstream software in terms of data collection? Experts’ opinions are divided. “The nature of crypto apps is very similar to other financial apps in many ways,” Heid argued, elaborating: “Users are often required to provide identification information for KYC/AML compliance. There have been cases in the past where KYC/AML data has been obtained by attackers from successful hacks against cryptocurrency services.”

Matt Senter, a co-founder and the chief technology officer at Bitcoin rewards app Lolli, told Cointelegraph that “the incentive to lie, cheat and steal is much higher in Bitcoin apps than traditional apps” but warned that “users should stay alert for all types of apps.”

Halpin said he would be “shocked” if cryptocurrency applications did not have more malware and surveillance than other applications, given that cryptocurrency has to deal with money. “Sending cryptocurrency to a public ledger allows anyone to spy on your transaction,” he added.

Brian Kerr, the CEO of lending platform Kava Labs, told Cointelegraph he’s “much more concerned about data being shared from fintech apps like Robinhood and business communication apps like Zoom than data from crypto trading apps.”

How To Stay Safe?

But how can one stay safe when using crypto apps? Senter believes that knowing the basics of cryptocurrencies is a must when it comes to using industry apps or dealing with digital assets in general. Senter referenced the recent Twitter hack as an example:

“Users who don’t understand how Bitcoin works are in danger of outright losing all of it. We saw an attack on Twitter recently where people were duped into handing over their funds to a random address. While not a Bitcoin app, the Twitter attack does highlight a lack of understanding.”

According to Senter, crypto apps that don’t have a user-friendly interface to guide their customers through transaction verification “leave the uninitiated wondering if their funds are safe.” There are also app lookalikes, he warned, noting that these are threats “easily mitigated by education on Bitcoin and good opsec.”

However, “it is nearly impossible for a user to review the privacy and security of an application,” Halpin of NYM Technologies argued, adding: “Even developers often build technology that they believe is secure and private, and screw it up.” He is also largely skeptical about the assumption that decentralized apps offer more security when compared to solutions developed by centralized companies, at least in their current state:

“Is it more safe to trust a random group of people with your app than a single third party? For decentralization to work, we need stronger accountability and actual decentralization. Most of what I see in the blockchain space is decentralization theatre.”

As a result, Halpin concluded that it’s better to take advice from “reputable third parties” like academics or industry companies that have a good track record of finding and fixing vulnerabilities before their users’ funds or personal data get compromised.

As TikTok ‘Spyware’ Rumor,As TikTok ‘Spyware’ Rumor,As TikTok ‘Spyware’ Rumor,As TikTok ‘Spyware’ Rumor,As TikTok ‘Spyware’ Rumor,As TikTok ‘Spyware’ Rumor,

Related Articles:

US Says China Backed Hackers Who Targeted COVID-19 Vaccine Research

Apparent Coordinated Twitter Attack Targets Binance, CZ, Gemini, And More

Why Does Binance’s Android App Need To Use Your Microphone?

Encrypted Instant Chat App Promising ‘Worry Free Secure Communication’ Was Hacked

Security Expert Exposes Chaos With Trump And U.S. Intelligence Agencies

Some Of The Latest News On Cyber-Attacks And Cyber-Security Trends

New Decentralized Cybersecurity Solution Enables Passwordless Logins (#GotBitcoin?)

CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

Signal Is A Truly Private Chat App Ideal For Protestors (#GotBitcoin?)

Maintain Your Privacy And Security During A Protest (#GotBitcoin?)

Borrower, Beware: Credit-Card Fraud Attempts Rise During The Coronavirus Crisis

Senate Vote Allows FBI Access To Your Browsing History Without A Warrant And What You Can Do About It

Report Says Chinese And Iranian Hackers Seek To Steal Coronavirus Research

28,000 GoDaddy Hosting Accounts Compromised

Some States Dabble In Online Voting, Weighing Pandemic Against Cybersecurity Concerns

Antonopoulos: Chainalysis Is Helping World’s Worst Dictators & Regimes (#GotBitcoin?)

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys (#GotBitcoin?)

Blockfolio Quietly Patches Years-Old Security Hole That Exposed Source Code (#GotBitcoin?)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Gates Foundation, WHO And Wuhan Institute of Virology All Hacked!

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply