Twitter users have raised concerns about the possibility of Binance’s Android app containing spyware. This speculation comes after recent revelations suggest that the social video platform, TikTok, contains spyware created by the Chinese government.

 

According to the Twitter user @ShitcoinSherpa, who posted a certificate issuer’s screenshot, the permissions asked by Binance in its Android app include access to the camera and the ability to record audio. Notedly the app does not appear to have any public features that use these functions:

Speaking With Cointelegraph, Binance’s Chief Security Officer Addressed To The Concerns And Clarified Some Inputs:

“The camera is used during the KYC process. The code developed in house within the Binance app definitely does not use the microphone. We have a third-party SDK that requests this permission. It is used during the KYC process. The third-party vendor is Megvii. It is used during KYC for ID scanning. We are trying to determine if we can get rid of this permission. However, it could be that Megvii uses the background noise to determine fraud. We will let you know when we hear back from Megvii to confirm on the point above.”

@ShitcoinSherpa Additionally Clarified:

“I’m not necessarily saying that it *is* spyware, but rather that the permissions it asks for are not necessary to run an exchange app. It has camera & audio permissions, which shouldn’t be necessary for trading. Previous versions, however, have flagged for malware. Whether false-positives or not (as with ESET), those versions still had unnecessary levels of access, and are still flagged. (…) It essentially has the same access to user data as TikTok, and has the same concerns re: China, in my opinion.”

 

 

 

Permission Requests Common In Mobile Apps

Speaking With Cointelegraph On The Condition Of Anonymity, A Source Who Works For A Malware Lab Said:

“It’s not uncommon for apps to ask for more permissions than necessary. It’s not necessarily a sign that they’re up to anything nefarious and users don’t have to grant those permissions.”

The expert adds that Android 11’s recent updates may have led the company to “tighten up” the measures used to combat malicious mobile apps.

In 2017, a Reddit user asked if Binance’s PC or Android software contain “spyware”. At the time, a Binance rep refuted the user’s suggestion:

“Of course it isn’t spyware. Due to the network connections it must make to provide accurate data (required for an exchange platform), it can be misinterpreted by some anti-virus software. It’s simply a false-positive. However, you are free to make your own decisions.”

Updated: 7-14-2020

Binance to Remove In-App Audio Recording Feature In Next Update

Top cryptocurrency exchange Binance has reviewed its Android app code following spyware concerns.

Binance will remove the ability to record audio from its Android app in the upcoming update scheduled for “mid-July”, cryptocurrency exchange CEO Changpeng Zhao, also known as CZ, told Cointelegraph.

Binance App Will Allegedly Drop The Microphone Permission

The company’s privacy-oriented move follows spyware concerns raised by crypto community members last week. Specifically, user @ShitcoinSherpa tweeted certificate issuer screenshots, showing that the permissions asked by Binance in its Android app include access to the camera and the ability to record audio.

At the time, Binance’s chief security officer told Cointelegraph that “the camera is used during the KYC process,” stressing that “the code developed in house within the Binance app definitely does not use the microphone.”

Now, CZ stated that the Binance team has “worked on removing the requirement for the audio recording permission.” He told Cointelegraph:

“Our next version of the Binance app scheduled for release in mid-July, we will remove the audio recording permission. We keep other permissions required to a minimum, for our users’ peace of mind.”

The Updated List Of Permissions Looks More Privacy-Focused Overall

Additionally, CZ shared the list of permissions that are required for KYC procedures and therefore will be featured in the latest Android app version:

“android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.VIBRATE”

When cross-referenced with @ShitcoinSherpa’s certificate issuer’s screenshots, the updated list also excludes a number of permissions that allow the app to get information about the running tasks, access precise location, or check the status of ongoing calls, among other things.

Binance Does Not Sell User Data “Of Any Kind,” CZ Says

Zhao stressed that Binance does not rely on advertising or selling user data “of any kind, such as packaging KYC data together with blockchain analytics.” He also noted the potential danger of using apps with access to user’s clipboard data:

“The thought of looking at the users’ clipboard data scares us. We view that as a major security concern for our users.

Many of our users may use a crypto wallet of some kind. They may have a copy of their seed or private key in their clipboard at some time. Any App collecting this data could steal the users’ funds and should be classified as a trojan horse or virus. We don’t want to go anywhere near that.”

When asked what exactly prompted the exchange to review the app’s code, be it the TikTok security risks that CZ addressed on Twitter yesterday or the above-mentioned findings, the CEO said:

“Keeping our users’ funds #SAFU is always a top priority for us. So as soon as there is chatter about this, we immediately looked into our own app to make sure such concerns are non-existent in our Apps.”

 

Related Articles:

Encrypted Instant Chat App Promising ‘Worry Free Secure Communication’ Was Hacked

Security Expert Exposes Chaos With Trump And U.S. Intelligence Agencies

Some Of The Latest News On Cyber-Attacks And Cyber-Security Trends

New Decentralized Cybersecurity Solution Enables Passwordless Logins (#GotBitcoin?)

CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

Signal Is A Truly Private Chat App Ideal For Protestors (#GotBitcoin?)

Maintain Your Privacy And Security During A Protest (#GotBitcoin?)

Borrower, Beware: Credit-Card Fraud Attempts Rise During The Coronavirus Crisis

Senate Vote Allows FBI Access To Your Browsing History Without A Warrant And What You Can Do About It

Report Says Chinese And Iranian Hackers Seek To Steal Coronavirus Research

28,000 GoDaddy Hosting Accounts Compromised

Some States Dabble In Online Voting, Weighing Pandemic Against Cybersecurity Concerns

Antonopoulos: Chainalysis Is Helping World’s Worst Dictators & Regimes (#GotBitcoin?)

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys (#GotBitcoin?)

Blockfolio Quietly Patches Years-Old Security Hole That Exposed Source Code (#GotBitcoin?)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Gates Foundation, WHO And Wuhan Institute of Virology All Hacked!

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.