Day: January 18, 2019

One of the purported benefits of modern day app stores is to make it easier for companies to review and ensure that the software you download isn’t harmful or malicious. But with upwards of 2.1 million apps on Google Play, sometimes things slip through the cracks, which seems precisely how at least 19 different free navigation apps were found to actually be knock-offs based on Google Maps saddled with an extra layer of ads.

First discovered by ESET malware researcher Lukas Stefanko, the 19 apps he tested were navigation apps with over 1 million installs each, totaling a combined install base of more than 50 million. Sadly, despite claims that these apps can help users map their routes or include tools such as a compass or speedometer, every single app ended up relying on Google Maps or its related API to perform the real work.

The main difference between these knock-off apps and real Google Maps usually came down to a redesigned home screen with a tweaked or sometimes stolen UI that functioned as way to serve up ads while also masking the fact the app was really running off of Google’s data all along.

To make things a bit more concerning, a few of these Google Maps clones sometimes asked for permissions to access a device’s phone dialer and other services that a map app typically wouldn’t need, something that could pose a potential security risk.

What’s even more annoying is that despite a number of one star reviews for these apps trying to alert other users that these Google Maps knock-offs weren’t legit, many still maintained overall ratings above 4 stars. Thankfully, it seems many of these apps are in violation of Google Maps’ terms of use, which generally states that customers are not allowed to re-distribute or create substitutes for Google Maps Core Services and pass them off as if they were something else.

Stefanko has since reported the 19 offending apps he found, and while some like the one pictured above are still available, others have been already been removed from the Play Store.

In the end, the big takeaway from all this may be a reminder that there are only a handful of companies such as Google, Apple, Here, and a few others that actually have the capacity to gather highly detailed mapping info. So unless you really like a specific app’s special features like the crowdsourced alerts you get in Waze (which is owned by Google and relies on Google Maps for general location info), it’s probably best to just go straight to the source and use one of the big map apps instead.

[via Bleeping Computer]

US Sen. Marco Rubio (R-Fla.) has proposed a federal privacy law that would preempt tougher privacy rules issued by states.

Rubio’s announcement Wednesday said that his American Data Dissemination (ADD) Act “provides overdue transparency and accountability from the tech industry while ensuring that small businesses and startups are still able to innovate and compete in the digital marketplace.”

But Rubio’s bill establishes a process for creating rules instead of issuing specific rules right away, and it allows up to 27 months for Congress or the Federal Trade Commission to write the actual rules.

In addition, the bill text says it “shall supersede” any provision of a state law that pertains to the same consumer data governed by Rubio’s proposed federal law. That includes names, Social Security numbers, other government ID numbers, financial transactions, medical histories, criminal histories, employment histories, user-generated content, “unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation,” and other personal data collected by companies.

California last year imposed a privacy law that gives consumers more control over how their personal data is collected, used, and sold by corporations.

“We oppose any attempt to preempt California’s privacy laws,” Sarah Lovenheim, communications advisor to California Attorney General Xavier Becerra, wrote on Twitter yesterday.

Rubio’s bill based on 45-year-old law

Rubio’s bill wouldn’t do much to protect Americans’ data privacy, consumer advocacy group Public Knowledge said. The Rubio bill uses the Privacy Act of 1974 as its framework; the 1974 law applies to federal agencies, but Rubio’s bill would apply similar rules to the private sector.

“The 1974 Privacy Act is fundamentally a transparency and data accuracy law, designed well before the popularization of the Internet and cloud computing,” and not suited to today’s “constant stream of data breaches and scandals,” Public Knowledge Global Policy Director Gus Rossi said.

“It’s absurd that the bill would preempt state law and constrain the jurisdiction of specialized agencies like the FCC in exchange for very limited protections for consumers,” Rossi also said.

DOJ says 1974 law difficult to enforce

The Privacy Act of 1974 generally prohibits disclosure of data about an individual without that individual’s consent, but it contains various exceptions, and the Department of Justice says the law is difficult to interpret and enforce.

The Act “can generally be characterized as an omnibus ‘code of fair information practices’ that attempts to regulate the collection, maintenance, use, and dissemination of personal information by federal executive branch agencies,” the DOJ says in an overview last updated in 2015. “However, the Act’s imprecise language, limited legislative history, and somewhat outdated regulatory guidelines have rendered it a difficult statute to decipher and apply.”

Despite the DOJ saying the law is confusing, Rubio argued in an op-ed for The Hill that the Privacy Act of 1974 is “widely considered one of the seminal pieces of privacy law in effect today.”

“Any national privacy law must provide clear, consistent protections that both consumers and companies can understand, and the FTC can enforce. That is why my bill leans heavily on the Privacy Act framework,” Rubio wrote.

Rubio’s bill would have the FTC establish a process in which individuals can contact companies to request access to their personal data. Companies would have to either provide the data to consumers or delete the data. If a company lets an individual view the data, the company would have to correct any mistakes if the person demonstrates that the records are “not accurate, relevant, timely, or complete.” Companies would only have to delete the data if they choose not to provide it to consumers upon consumers’ requests.

Upon requests from individuals, companies would also have to tell individuals about instances in which their records have been disclosed to other parties. The FTC would be responsible for enforcing the new rules under its authority to police unfair and deceptive acts or practices.

Rubio wrote that cumbersome regulations might “entrench large, incumbent corporations.”

“Facebook, Apple, Amazon, Netflix, Google (FAANG) and others would welcome cumbersome regulations that prevent start-ups and smaller competitors from challenging the FAANG’s current dominance,” he wrote.

Rubio’s bill instructs the FTC to “establish criteria for exempting certain small, newly formed covered providers from the requirements.”

Rubio justified his proposed preemption of state laws by writing that “a state-by-state patchwork of laws is simply not an effective means of dealing with an issue of this magnitude” and that “Internet data is unquestionably interstate commerce, and it is the responsibility of Congress to take appropriate action.”

Bill delays final rules for up to 27 months

Rubio’s bill would not impose privacy protections immediately upon passage. It would give the Federal Trade Commission six months to submit “detailed recommendations for privacy requirements” to Congress. Congress would have up to two years after the bill’s passage to issue actual privacy requirements. During that time, the FTC would not be able to issue final rules on its own.

If Congress fails to act within two years, the FTC would be authorized to act on its own and would be required to issue final regulations “not later than 27 months after” the bill is enacted.

Congressional Democrats recently proposed a much stricter privacy law, which could issue steep fines to companies and send their top executives to prison for up to 20 years if they violate Americans’ privacy.

As the government shutdown neared the one-month mark, the political landscape shifted under Washington’s feet Thursday night, dramatically and perhaps permanently altering the path of our nation’s politics. BuzzFeed’s duo of Russia probe reporters posted a blockbuster report that President Trump directed Michael Cohen to lie to Congress about the Trump Tower Moscow Project.

The allegation, which Buzzfeed sourced to two federal law enforcement officials, simultaneously
adds new information to both the “collusion” and “obstruction” sides of the Russia probe. The idea that the President of the United States directed his personal attorney to lie to Congress about his attempt to complete a multi-hundred-million-dollar deal with Vladimir Putin in the midst of the presidential campaign is, in short, as big as it gets.

As senator Sheldon Whitehouse, a former prosecutor, laid out, the accusation at the core of the BuzzFeed report constitutes at least four potential felonies: “criminal obstruction of justice (18 U.S.C. 1505, 1512), subornation of perjury (18 U.S.C. 1622), conspiracy (18 U.S.C. 371) and likely aiding and abetting perjury (18 U.S.C. 2).” Those phrases also meant something specific to students of recent political history: Suborning perjury was part of the articles of impeachment that targeted both Richard Nixon and Bill Clinton.

While we’ll be unpacking the implications of the apparent revelation for days to come, there are six aspects of the new report which, if true, make clear the scale of the political peril facing the president as of Friday morning:

1. Mueller has the receipts. According to Buzzfeed, special counsel Robert Mueller’s investigators have more than Cohen’s word to support the claim. In fact, the lead instead originated with documents and witnesses inside the Trump Organization, a great sign of how much visibility Mueller has into the private business world of Donald Trump pre-presidency.

Remember that Trump Organization chief financial officer Allen Weisselberg received immunity from prosecutors and is cooperating. To have both your company’s accountant and your personal fixer—Cohen—turn on you usually is criminally fatal. This report from BuzzFeed, as rich in detail as it is, probably represents just the tip of the iceberg of Mueller’s knowledge. Every single indictment and court filing from Mueller has been more detailed, more knowledgeable, and better informed than we imagined. And this is just one of at least 17 investigations targeting the president’s circle right now, run by at least seven different sets of prosecutors. The potential criminal liability remains enormous.

2. The politics just changed in a big way. Any investigation that targets the President of the United States is more a political question than a criminal question. The ultimate judge and jury would almost certainly be Congress or the voters, either in an impeachment trial or a reelection bid.

These allegations are about lying to Congress, which makes it harder for Congress to brush them away—and given the new Democratic majority in the House, they’re certainly not inclined to. Democratic congressmen were quick out of the gate hinting at the “I” word (which coincidentally also appears on the cover of the latest issue of The Atlantic, out yesterday). The chairman of the House Judiciary Committee, where impeachment articles would begin, moved further than he has before in discussing the seriousness of the accusation.

The allegation that the president is instructing people to lie to Congress cuts to the heart of its legitimacy as a co-equal branch of government. While they’ve so far seemingly ignored the fact that the president, aka Individual-1, is already an unindicted co-conspirator in Cohen’s campaign finance case, lying to Congress is the kind of violation that gets even staid institutionalists squawking.

3. The obstruction case could be much bigger than Comey. The BuzzFeed report also helps provide context to our evolving understanding of a potential obstruction of justice case focused on the president. Whereas we’ve tended to shorthand that area of the probe as focusing on the firing of FBI Director Jim Comey, it’s quite possible that Mueller won’t in the end focus on any single incident, but instead paint a broader picture of Trump’s apparent years-long effort to hide the truth of his dealings with Russia, during the campaign, the transition, and even into the White House.

We’ve known for some time that Mueller was interested in the cover-up of the June 2016 Trump Tower meeting, as well. As I mentioned in December, he has already pointed us to what worries him: “A specific line from the special counsel’s filing in Cohen’s case also jumps out: ‘By publicly presenting this false narrative, the defendant deliberately shifted the timeline of what had occurred in hopes of limiting the investigations into possible Russian interference in the 2016 US presidential election.’ It’s not hard to imagine that same line cut-and-pasted into a future obstruction case regarding Donald Trump’s personal handling of a false narrative put out by the White House after reports first surfaced of the June 2016 meeting at Trump Tower.”

If Cohen was conspiring with the president, after the fact, to cover up the Trump Tower Moscow project, that would alter the whole timeline of an obstruction case. It would no longer hinge on Trump’s thinking on the precise date in May 2017 when he fired Comey, but instead could point to a pattern of actions and behaviors over nearly three years—up to present day, potentially—that would be hard to explain away as constitutionally valid.

4. The president’s family is potentially in lots of legal trouble. The BuzzFeed report also says that Cohen kept the Trump children up to date on his plans, which was hinted at in the earlier court filings around Cohen’s guilty plea concerning his lies to Congress. We’ve long known that unnamed “executives” of the Trump Organization were involved in both the campaign finance conspiracy surrounding the hush money payments to Stormy Daniels, as well as the Moscow Trump Tower project. The most likely suspects have always been Trump’s children—the idea, after all, that the vaunted “Trump Organization” is anything more in day-to-day reality than a small family business has long been a fiction. It’s Donald Trump and his children. The BuzzFeed reporting now attaches names—Ivanka and Donald Jr.—to that suspicion, and shows that the president’s family and his innermost inner circle are almost certainly going to be wrapped up in the investigation in the days, weeks, or months ahead. That’s doubly true given that the House Intelligence Committee plans to hand over additional evidence to Mueller of other witnesses it suspects lied to Congress—a list that seems likely to include Donald Trump, Jr.

The president has brushed away other targets of Mueller’s probe as coffee boys, short-timers, or people he hardly knew. It’s tougher to do that if it’s your son or daughter, but not impossible given the president’s only casual affiliation to the truth.

5. Trump’s new attorney general already said it’s a crime. This week, attorney general nominee Bill Barr appears to have already boxed himself in. While much of the questioning around Barr focused on how, when, and what he might make public from a still-theoretical “Mueller Report,” senator Amy Klobuchar zeroed in on what Barr would consider troublesome behavior by the occupant of the White House: “The president persuading a person to commit perjury would be obstruction, is that right?” Barr’s answer was simple: “Yes.” Which is to say, two days before tentative evidence emerged that Trump allegedly did just that, his presumptively incoming attorney general said that behavior would surely represent a crime.

And remember, we again likely only know a fraction of the evidence Mueller could present about the president’s behavior at this point.

6. Trump’s defense team is rattled. Lastly, the president’s TV lawyer, Rudy Giuliani, tried unsuccessfully to move the goalposts of the investigation this week. After months of endlessly repeating the phrase “no collusion,” Giuliani tried to tell CNN’s Chris Cuomo that he’s only meant there was no personal collusion by the president himself—he can’t speak for the rest of the campaign: “I never said there was no collusion between the campaign, or people in the campaign. I said the President of the United States. There is not a single bit of evidence the President of the United States committed the only crime you can commit here, conspiring with the Russians to hack the DNC.”

Most of the umbrage at the absurdity of Giuliani’s statement focused on the first half, but the second half is almost more interesting from the standpoint of how the president’s potential defense is shaping up—evidently, that it would only be a crime if the president actively conspired in advance with Russian intelligence to attack and leak Democratic officials’ inboxes. Of course, that’s absurd. There are any manner of crimes Donald Trump could have committed either before or after the DNC hack—and while we don’t that there’s evidence of such crimes, it certainly seems like the president’s own defenders are worried evidence exists.

Putting it all together, unfortunately, we’re still left with this: The president should almost hope that Robert Mueller concludes he’s a Russian agent, because the alternative might be even worse. As I wrote earlier this week, a lifetime ago in this investigation given Thursday’s new bombshell, “We’ve reached a point in the Mueller probe where there are only two scenarios left: Either the president is compromised by the Russian government and has been working covertly to cooperate with Vladimir Putin after Russia helped win him the 2016 election—or Trump will go down in history as the world’s most famous ‘useful idiot,’ as communists used to call those who could be co-opted to the cause without realizing it.”

Thursday’s revelations—lending new weight to both the obstruction and collusion questions—clear that the answer might be, simply, “Both, all of the above.”

---

Garrett M. Graff (@vermontgmg) is a contributing editor for WIRED and coauthor of Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat. He can be reached at garrett.graff@gmail.com.

---

More Great WIRED Stories