Study: Children’s Apps Could Be Sharing Personal Information With Third Parties; Ireland Orders Facebook to Stop Sending User Data to US; Windows Themes Can Be Exploited to Obtain User Passwords; Italy Probing Apple, Dropbox, Google for Cloud-Storage Issues. Click “Continue reading” below.
Study: Children’s Apps Could Be Sharing Personal Information With Third Parties
Children’s apps could be breaking federal laws by sharing the personal information of some preschoolers with businesses, a new study finds.
The study, published in JAMA Pediatrics, tested more than 451 children’s apps — finding that two-thirds collected data and shared it with other parties, which violates the Children’s Online Privacy Protection Act (COPPA).
The study was disclosed by Media Entertainment Arts WorldWide (MEAWW.com).
“Our study suggests that potential violations of child digital-privacy laws are common, and social-economic factors may influence which children are at greater risk,” said the study’s senior author, Dr. Jenny Radesky of the C.S. Mott Children’s Hospital in Ann Arbor, Mich.
Researchers also found that older children with smartphones and those from lower-education households were more susceptible to privacy breaches than those with parents with higher degrees.
Sources (all external links):
- MEAWW: Children’s privacy could be violated as advertisers may access their digital data with law unenforced: Study
- JAMA Network: Data Collection Practices of Mobile Applications Played by Preschool-Aged Children
Ireland Orders Facebook to Stop Sending User Data to US
Ireland’s Data Protection Commission has ordered Facebook to suspend its data transfers to the U.S. about its users in the European Union.
Ireland’s action comes after U.K. courts ruled that Europeans have no effective way of challenging American government surveillance, The Wall Street Journal reports.
The preliminary order is the first significant step EU regulators have taken to enforce the July ruling, restricting how companies like Facebook can send personal information about EU residents to the U.S.
Facebook also would have to re-engineer its service to remove the data it collected from European users or temporarily stop providing services.
If Facebook fails to comply with the order, Ireland’s data commission could fine the company as much as $2.8 billion or 4% of its annual revenue, the Journal reports.
“A lack of safe, secure and legal international data-transfers would damage the economy and prevent the emergence of data-driven businesses from the EU, just as we seek a recovery from COVID-19,” said Nick Clegg, Facebook’s top policy and communications executive.
Ireland’s data commission has given Facebook until the middle of the month to respond to the order.
- The Wall Street Journal: Ireland to Order Facebook to Stop Sending User Data to US – WSJ
Windows Themes Can Be Exploited to Obtain User Passwords
Hackers could exploit Windows theme packs to gain a user’s login credentials.
Jimmy Bayne, a security researcher who writes the Bohops blog, discovered that the text files used to configure theme packages in Windows could be exploited and used to execute a “pass-the-hash” attack, which sends passwords to a remote server, BetaNews reports.
Themes are made up with background images, cursors and sound files — and they are packaged in a plain-text file.
However, the configuration file can be exploited so that Windows looks to a remote server rather than to a locally stored image. That would allow the display to prompt a user for their credentials.
According to a Bleeping Computer report, once a user puts in their credentials, malicious actors could exploit their Windows username and password.
Users should avoid using theme packs from unknown sources to steer clear of the risk, BetaNews advises.
- BetaNews: Hackers could use Windows 10 themes to steal passwords
- Bleeping Computer: Windows 10 themes can be abused to steal Windows passwords
Italy Probing Apple, Dropbox, Google for Cloud-Storage Issues
The Italian Competition Authority (AGCM) on Wednesday launched six investigations against Apple, Dropbox, and Google over the companies’ cloud-storage systems.
The agency said in a news release disclosed by The Hill that the investigations concerned “unfair commercial practices and the possible presence of unfair clauses in the contractual conditions.”
AGCM also said that that the investigations involve “the failure or inadequate indication, when presenting the service, of the collection and use for commercial purposes of the data provided by the user and the possible undue influence in towards consumers, who, in order to use the cloud storage service, would not be in a position to give the operator their consent to the collection and use of information concerning them for commercial purposes.”
Italian antitrust authorities have been pursuing cases against top tech companies this year — and, in July, even raided the offices of Apple and Amazon over a separate investigation, the Hill reports.
- Italian Competition Authority: Investigation initiated against Google, Apple and Dropbox for cloud computing services
- The Hill: Italy launching probe into Apple, Google, Dropbox over cloud storage
— By DPN Staff