Room: ANDROID - Tech News

Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported on Friday.

“In all instances, the malware was not downloaded to the device as a result of the users’ use — it arrived with it,” noted Oren Koriat, a member of Check Point’s Mobile Research Team.

The malicious apps on the phones of a telecommunications company and a multinational technology business were not part of the official ROM supplied by the vendor, he explained. They were added somewhere along the supply chain.

Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed, Koriat added.

Most of the preinstalled malware consisted of information stealers and rough ad networks, he said. Included in the malicious software array was Slocker, a mobile ransomware program that encrypts all the information on a device and demands a payment to decrypt it.

Loki malware also was part of the mix. It not only generates revenue by displaying bogus ads, but also steals data about a device and can take control of it.

Customization Vulnerabilities

“Unfortunately, this isn’t unexpected or even the first time we’ve seen this type of supply chain attack,” said Mark Nunnikhoven, principal engineer of cloud and emerging technologies at Trend Micro.

The path from maker to user for a third-party Android phone typically entails four steps: First, a new version of the operating system is released. Then a phone vendor will test and customize the OS before passing it on to a carrier. The carrier also will test and customize the phone. Finally, it will end up in the user’s hands.

“The problem is that when the phone is customized, malicious software or adware can be injected into it,” Nunnikhoven told LinuxInsider. “This appears to have been the case here.”

There is a law of computer security that physical access is always enough for an attacker to gain control of a device, said Craig Young, a senior security researcher at Tripwire.

“That means that anyone with physical access to the device — either an intruder or an insider — could connect the devices one by one to a computer and install malicious applications,” he told LinuxInsider.

Consumers Helpless

Supply chain attacks like the one discovered by Check Point pose a serious problem to any consumer who receives such a phone.

“In a scenario like this, the only method to protect yourself from this threat would be to scan the phone right out of the box,” said Troy Gill, a senior security analyst with AppRiver.

“Of course, this is a fairly disturbing proposition,” he told LinuxInsider, “but unfortunately the only solution in this case.”

Consumers are at the mercy of manufacturers in a case like this, said Michael Patterson, CEO of Plixer International.

“There is an expectation of trust, which in this case was broken,” he told LinuxInsider.

“Given this situation where malware was installed as part of the supply chain, the only way for consumers to be protected is for manufacturers to begin to do a final quality assurance test of products before they are shipped to the consumer,” Patterson suggested.

Hunting Mobile Users

Because Android is an open operating system, it can be more vulnerable to malware attacks than its chief rival, Apple’s iOS. However, Android’s openness isn’t the culprit in this case, argued Patterson.

“In this case, the issue is one of a corrupt supply chain,” he said. “This was not a matter of whether or not there are inherent vulnerabilities in Android — this was a matter of a manufacturing process that failed the consumer.”

While a ROM attack on an iPhone is unlikely, hackers have attacked the Apple supply chain successfully. One of the most notable forays was the poisoning of SDK kits used by Chinese iOS developers, which resulted in preinfected apps being uploaded to Apple’s App Store.

Enterprise certificates are another route being used by hackers to attack iOS, noted Tripwire’s Young.

“Enterprises can’t cook their own ROMs to run iOS,” he said, “and all code running on it needs to be signed.”

However, Apple allows businesses to issue “enterprise certificates.” Apps with one of those certificates will be accepted by an iPhone as if they were downloaded from the App Store.

“That has been used in the past to distribute malware,” Young said.

Mobile users can never exercise too much care to protect their phones, said Tom Kellermann, CEO of Strategic Cyber Ventures.

“Consumers must realize that they are being hunted,” he told LinuxInsider.

“When someone hacks your mobile device, they invade your physical life as they can become present in your immediate surroundings via the microphone, camera and location settings,” Kellermann pointed out.

“Consumers must deploy mobile security on these devices and turn off location and Bluetooth when not using those functions,” he advised. “If in a sensitive setting, turn on airplane mode.”

We saw yet another government breach last week, and more secrets went out to WikiLeaks. I’m of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work.

I don’t know about you, but I really don’t want any organization spying on me — not even my own government. Given how I often dress around the house, this is as much for their protection as my own.

When Steve Jobs took over, Apple also had a severe leak problem, and he was pragmatic about fixing it. Ironically, he used the U.S. government’s approach as a template. As a side note, Jobs also had a WikiLeaks problem, but whether it really was a leak or was fake news was never determined. Now that is an interesting coincidence, given the topic.

I’ll offer some suggestions about what Trump could learn from Steve Jobs, and I’ll close with my product of the week: the Jetson TX2, an amazing high-speed drone that uses Nvidia’s value-priced digital brain, to ensure that it doesn’t get you into trouble.

Steve Jobs’ Problem

When Steve came back to Apple, he had a massive problem in that he wanted to create excitement around his new products — but only when he actually had them to sell. He knew that product leaks tended to kill sales for existing products and made launches far less exciting because there was no mystery.

He also knew if that sometimes to get a product out the door you had to defeature it, and if folks expected a feature that didn’t show up, they not only wouldn’t be excited but also might avoid buying the product as a result of their disappointment.

Given that the products he started with were crap, in his opinion, he sure didn’t want people to stop buying them until he had replacements in market. At the time, though, Apple was a sieve. People who worked there had developed relationships with reporters, and they used their inside knowledge on coming products to gain status.

Simply telling them to stop really didn’t seem to have the intended effect — but since Apple’s survival was at stake, Jobs went full WWII.

Steve early on developed a reputation for firing people on the spot, often for what seemed to be trivial causes — employees referred to it as “being Steved.” So when Jobs made it clear that anyone caught leaking would be terminated immediately, folks took him seriously.

He also pulled posters out of the old-World War II campaigns, like “loose lips sink ships” and made it clear to the employees that keeping quiet could make the difference between whether Apple survived and prospered or failed.

He looked to others to report anyone they knew was leaking, for the good of the company. (In one instance, this firing thing supposedly backfired badly.)

Finally, Jobs would deliberately include slight alterations about coming products in internal memos, so that if anyone did leak, he could track the leak back to the group that leaked it and then locate the individual.

That not only was sneaky, but also made the leakers less reliable, because the facts they were leaking were inaccurate. It had the dual purpose of locating and discrediting the leaker at the same time.

Saved My Job

While I was at IBM, I ran security for my organization for a short while implemented something similar because I suspected some of my own reports — which were highly sensitive at the time — would be leaked. One was, and the SVP of sales wanted me fired.

Fortunately, I was able to track the leak to that same SVP, and I outlasted him as a result. I’ll likely never forget this practice of altering reports so they can be tracked back, if leaked in whole or part.

Technology Approach

Since the Steve Jobs era, a host of tools that monitor access of information in real time, like Varonis, have emerged. They can send out alerts if people gain access to data outside of their responsibility, start copying or printing sensitive documents, or suddenly show an interest in an area they never before accessed.

These tools address the kind of bulk information theft that the U.S. intelligence community has experienced, by identifying perpetrators so they can be caught quickly and punished. It continues to surprise me that solutions such as these either aren’t in place or have not been implemented properly, even after the Snowden breach.

I agree with Julian Assange that this latest breach showcases a level of incompetence that should be unacceptable in a small private company — let alone one of the most powerful and storied intelligence organizations in the world.

Trump Channeling Jobs

Here is where Trump needs to channel Steve Jobs. When a leak like this occurs, the career bureaucrats responsible for protecting the breached data should be terminated for cause. This would convey the seriousness of the problem. Clearly, if and when the perpetrator is located, that person has to be brought to justice definitively, so that the personal risks surrounding leaking exceed the benefit of leaking.

The government should implement an access-tracking tool like Varonis, and make sure the implementation is comprehensive so that in addition to document access, system access would be tracked, so that any related types of security breaches also would be caught.

Finally, the administration seriously needs to consider a WWII level of organizational attitude readjustment, so that employees recognize they are putting their nation at risk and help to ensure that other employees report any questionable things they observe in a timely way.

Wrapping Up: Taking Security Seriously

I do think there is one other aspect of this that should be addressed, and that is that there really needs to be a better way for employees of the intelligence community to report illegal activities other than leaking them. Much of this looks like an employee saw management do something wrong, and in a fit of conscience — and with no other recourse — leaked it to stop the activity.

I mean if the CIA is planning to take over and crash cars, then at the very least, I’d like that exploit reported and fixed so that they don’t accidentally kill me in the process, or enable someone else to do it on purpose.

In short, I think the Intelligence Community should reprioritize its goal to keep citizens safe and its goal to attack others, putting the “keep us safe” part first again. Or, put more bluntly, if they know of an exploit that puts me at risk, then I’d like them to help fix it rather than keep it secret so they can kill someone else. (By the way this leaking thing doesn’t appear to be stopping the illegal activity at all — something the leakers should reflect on.)

Given that the hacking techniques leaked likely could be used against a sitting president, who is by far a larger target than I am, fixing that priority should be compelling for President Trump. In the end, I think Trump could learn a lot from how Jobs secured Apple, and it would make all of us a lot safer if he did.

One other quote President Trump might want to consider from Jobs: “If you want to make Apple great again, let’s get going. If not, get the hell out.”

I was at the Nvidia Jetson TX2 launch last week and up to my armpits in security technology, autonomous drones, and what looked like a 3D scanning Ray Gun.

At nearly US$1,300 it is not cheap date. Given how successful DJI is in this space, you have to ask yourself why anyone would want an expensive drone with no camera gimbal in the first place. The answer is this puppy is fast.

It goes from 0-60 in 1.2 seconds and has a top speed of 85 mph. The lack of a gimbal means you can fly this with a headset on and actually feel like you are flying. That said, if you hit something at 85 mph it will be expensive, which is where the Jetson TX2 comes in.

Effectively, when turned on, it gives you a capability similar to the guardian angel for self-driving cars. It provides a bubble of safety around the drone, helping to prevent that spectacular crash that could kill your drone and end your flying days for some time.

This thing is amazing. At top speed, it sounds like a howling banshee (which is what I would have named it had it been up to me).

It defaults to your phone as a controller, but it also will use a range of professional controllers if you prefer, and it will broadcast the video to several wireless headsets for that flying experience.

It is modular in design, so that if you break an arm or blade you can replace it. The body is a single streamlined piece without the breakable parts of a typical drone has in this class.

Because it uses an AI engine, things like being able to tell the person it is following is you, along with more advanced features — like followiong complex flight plans while avoiding obstacles — are possible. The Teal is one kick-ass drone. Yes, I ordered one, and it is my product of the week.

Linux Academy, an online training platform for the Linux OS and cloud computing, on Tuesday announced a public beta rollout of its Cloud Assessments platform, which is designed to let large enterprise firms train and assess their IT workers and prospective job candidates.

The academy offers training on a variety of cloud-based platforms, including Amazon Web Services, Open Stack, DevOps, Azure and others.

The Cloud Assessments platform will focus initially on training and testing of AWS, due to the strong demand for that cloud-based computing platform and the large skills gap of existing knowledge among IT workers.

“Since AWS is a leader in the market, companies and individuals are rushing to ensure they can handle these technologies,” said Linux Academy CEO Anthony James.

AWS Demand

The academy’s current focus is preparation and validation for the AWS Certified Solutions Architect Associate level exam, James told LinuxInsider. However, there are other in-demand areas that it is beginning to explore.

Hands-on learning has been very important to professionals who have taken these courses, James said. “We came to understand that not only do people want to learn, but they also want to validate their skills in a way that our industry would recognize.”

Another critical aspect of the Academy’s approach is what it calls “lean learning,” which involves recommending specific training based on a user’s specific performance, he continued. The new training efforts target specific areas that need improvement.

The Cloud Assessments platform offers a different approach to teaching IT professionals by using live servers in existing work environments. Workers actually learn skills they can use on the job in real time. They’re not limited to responding to questions in a test environment.

Individuals also can use Cloud Assessments to earn micro-certfiications for AWS skills.

Linux Academy and Cybrary last month conducted a survey of 6,000 IT professionals, and 35 percent said that micro-certifications would help them get a job or advance in an existing position.

In addition, 85 percent said they would pursue micro-certifications if their employers helped facilitate the training.

Skills Gap

“The launch of this program is another indication of the accelerating adoption of cloud services,” noted Jeffrey Kaplan, managing director of ThinkStrategies, “and there is no question that initial focus on AWS specialists is because of its dominant position in the market at this time.”

As the demand for multi-cloud services increases, the academy’s program likely will broaden to include training courses for additional cloud platforms, he told LinuxInsider.

Certification programs directly from AWS are exam-based, said Paul Teich, principal analyst at Tirias Research.

However, Linux Academy has created a more practical “live assessment” environment in which users are graded on actually using AWS rather than just answering questions correctly, he told LinuxInsider.

“Cloud services really don’t care about certification, but enterprise does,” Teich pointed out. “Enterprise needs these certifications to start implementing hybrid cloud business models. Upleveling certification to demonstrate practical experience should play well with enterprise IT shops.”

Amazon Web Services last year announced an effort to enhance its AWS Educate program to offer additional modules, called “cloud career pathways,” to help educate students about cloud-based skills, as well as connect them with specific cloud-based jobs offered by various employers, including AWS, Salesforce, Cloudnexa and Splunk.

Welcome to Gadget Dreams and Nightmares, the column that sometimes takes a break from figuring out why people are investing in an ephemeral content company losing half a billion dollars a year and suffering slowing user growth to pore over the latest gadget announcements.

This time around, we take a look at an automated transcription device, the return of a classic cellphone, and Bang and Olufsen’s latest wireless speaker.

As ever, these are not reviews — a difficult prospect when I’ve yet to see any of these items in person, let alone rigorously test them. The ratings relate only to how much I’d like to use each with my somehow-still-frigid-in-March fingers.

Transcription Tedium Killer

As someone who deals with words for a living, there are countless occasions on which I have to transcribe speech. It’s tedious, and until voice recognition truly can handle all manner of accents and verbal tics, it’s a necessary evil. Hands up, everyone who thinks I wouldn’t want a machine to take care of that for me. No one? Good.

Titan Note records and transcribes audio, with a particular trick up its sleeve: It can discern different speakers when it’s transcribing. It can operate as a speaker as well — and if you’re in a pinch, it can charge your mobile device.

That sounds great. It’s hard to tell how successful the Titan Note will prove in practice, given that even the most intelligent AI tools, like Siri and Google’s Assistant, struggle to transcribe accurately.

Yet if it can do the bulk of my transcription work, letting me drop in at the end to clean up any mistakes, I can’t see any reason why I wouldn’t want this in my toolbag.

Fine Finnish

Nokia’s classic 3310 mobile phone is back with a twist. The hugely successful phone made its bow in 2000, selling more than 126 million units.

Nokia discontinued the sturdy handset in 2005, but 12 years later, HMD Global has revived the 3310 under the Nokia banner as a feature phone for a new generation.

The modern incarnation, which uses the Nokia S30+ operating system, includes an FM radio, a basic Web browser and a voice recorder. Though the 3310 carries only 16 MB of onboard storage, that’s expandable up to 32 GB with a microSD card. You’ll need that for the 2-MP rear camera, which can capture video.

You won’t have to worry about shelling out for ringtones or composing them yourself: This version can play MP3 ringtones.

Most importantly, the 3310 includes a version of Snake, the game that’s synonymous with the original phone. An infuriatingly simple game to play, I’d wager Snake was a key harbinger for the success of mobile gaming in its current state.

The most attractive aspect of the 3310 for your humble, clumsy columnist is the hope it’ll prove as rigid as the original device. I recently dropped my iPhone 6 one time too many, and I am forced either to overspend on a repair or tough it out with a spider-web screen until renewal time.

At 49 euros, the 3310 could prove a useful backup until then. Also, I could play Snake with physical buttons on a mobile device again, which would be nice.

Sadly, the 3310 apparently works only on 2.5G GSM networks, meaning it’s impossible to use in many territories, including the U.S. and Canada.

It taps into the wave of nostalgia in the zeitgeist night now, with many yearning for glories gone by. If Stranger Things and the board game resurgence can do it for entertainment, why not the 3310 for technology?

Bang For Your Buck?

Good heavens, this is a pretty wireless speaker.

Bang & Olufsen’s Beolit 17 offers 240 watts of power, a boost from the Beolit 15 from two years ago. The leather carrying strap should make it a cinch to transport the Beolit 17, which has an aluminum speaker grill and a polymer material on the top and bottom for protection.

The top of the device has a non-slip tray that’s designed to house your phone while you’re streaming music without having to worry that you’ll scratch any surface. Critically, the Beolit apparently offers 24 hours of battery life.

There’s a connection button that links to one of four modes in the Beoplay app: Alarm with snooze; Connect, which continues music from when you stopped; Remote; and ToneTouch, which employs your preferred audio preset.

I’m not completely sure that I’m willing to spend US$499 on something I don’t absolutely need in my life right now. Still, I keep looking at the images, knowing the audio quality is bound to be at least good, and I yearn.

Accenture and Docker on Wednesday announced an expanded global alliance and the availability of container services within the Accenture Cloud Factory.

The new services provide a faster industrialized on-ramp solution for enterprises moving to the cloud. They focus on container enablement of applications and feature use of Docker Datacenter (Enterprise Edition – Standard).

Docker Datacenter is an integrated container management platform for development and IT operations that brings security, policy and controls to the software delivery lifecycle. It is supported by a global network of certified Accenture DevOps and cloud migration consultants.

Accenture and Docker have agreed to collaborate on developing migration accelerators and best practices for enterprise clients adopting containers. Their goal is to reduce risk and costs while migrating business-critical applications to the cloud.

Accenture has expanded its relationship with Docker to enhance its existing multicloud Container as a Service solutions. The company will leverage Docker Datacenter to provide enterprises with the capabilities needed to secure the software supply chain, expand workload portability, and improve application resilience.

Docker stands to gain significantly from the alliance, given the size of Accenture’s client base for its Cloud Factory and Cloud First solutions. Accenture has more than 20,000 projects, with three-quarters from Fortune 500 firms, according to Charles King, principal analyst at Pund-IT.

“The deal is likely to provide a significant boost for Docker’s business. Accenture has long been a major force in IT consulting, so it is easy to see how supporting Docker’s container and container management solutions will help extend the opportunities for those technologies among Accenture’s client base,” he told LinuxInsider.

Caveats about the deal are similar to any proprietary technology. Engaging often is easier than disengaging, King noted.

“Interested companies should make certain they understand, want and need what Accenture and Docker are offering before they sign on the dotted line,” he said.

Deal Details

Some 70 percent of a typical corporation’s global transactions run on legacy applications created for a different era, according to Adam Burden, senior managing director of advanced technology and architecture at Accenture. That can complicate the migration process to the cloud.

For example, containers enable more resilient approaches for modernizing applications, such as gradually decomposing monolithic programs into collections of independent and API-enabled services. Containers can support workload portability from the laptop all the way to the cloud.

Enterprises have been using Docker Datacenter to modernize their traditional applications. It allows them to ship software 13 times faster, while greatly simplifying application maintenance, said Roger Egan, senior vice president of sales and channel at Docker.

Applications in many cases are the lifeblood of enterprise business, so Docker teamed with the enterprise system experts at Accenture to develop a factory model for migrating to and securely managing containerized environments across the entire software supply chain, Egan explained.

That will enable organizations to quickly realize significant value that transforms both their application infrastructure and their business agility, he said.

Critical Changes

The alliance between Accenture and Docker, along with other container-oriented technologies, is critical to the success of modern application development initiatives. This is especially true for companies redesigning existing applications or venturing into the land of microservices — that is, using containers as an enabling technology, said Lee Calcote, senior director for technology strategy at SolarWinds.

“Consulting partners like Accenture play a critical role in what I believe will be some of the more challenging projects engineers have faced since the dawn of virtual machines,” he told LinuxInsider.

The industry is seeing a fundamental shift in the way that modern cloud-native software is designed, continuously delivered and operated, Calcote said.

For example, similar technology and consulting partner programs, including IBM Bluemix Garages, Red Hat Innovation Labs and CloudFoundry Dojos, offer immersive labs in which a group of engineers convene and collaboratively create prototypes leveraging open source projects, Calcote pointed out.

“In some cases, the consulted developers leave the lab not only with a completed application or feature prototype in-hand, but have learned the process and methodology required to become committers on those open source projects,” he said.

Accenture and Docker’s partnership is yet another sign of containers permeating the enterprise.

“It is exciting to consider how much more productive organizations will be once they have passed their first few modernization hurdles,” Calcote remarked.

“Certainly, most new software projects are considering containers as a core-enabling technology. Considering the current skills and experience gap our industry as a whole faces with respect to containerization and cloud-native design, Accenture’s partnership with Docker will accelerate enterprises through their modernization journeys,” he said.

What It Does

For enterprises and devs building cloud-native applications, containers offer a solution for accelerating software delivery and enabling automation. Accenture has worked with Docker for several years to help enterprise clients adopt containers. Accenture has seen a growing interest in the space as its clients sought to move workloads to the cloud with a strong desire for portability, said Accenture’s Burden.

“The Docker-based container services within the Accenture Cloud Factory are unique in that they are cloud-agnostic, enabling our clients to run containers in their preferred cloud — public or private,” he told LinuxInsider.

The new container services within the Accenture Cloud Factory containerize legacy workloads and move them to public and private clouds. The process involves using repeatable patterns, as well as defined entry and exit criteria, to standardize processes. It also provides industrialized and automated delivery. For more advanced needs, service decomposition of legacy into containers and configuration and setup of Docker Datacenter are also available.

“Other CaaS services do not offer the portability or multicloud capability,” said David Messina, senior vice president of product and marketing at Docker.

It lets users move their workloads across cloud types, from on-premises to the cloud, he told LinuxInsider. Additionally, other solutions are focused solely on cloud-native applications, whereas customers that Accenture and Docker engage also are looking for ways to use containerization to modernize their traditional, business-critical applications.

Security Issues

The cloud services expansions provide consultancy services with the ability to transform internal processes and move into a DevOps mode of operations. That offers enterprise clients a lot of benefits that come with containerizing applications, noted Sergey Maximov, head of product management atVirtuozzo, but the new technology requires a change in app architecture, development process and operations culture.

“The complexity of this technology should not be underestimated,” he told LinuxInsider. “In an ideal world, applications should be redesigned from the scratch, and moving existing business-critical apps into container world can be quite time consuming. Redesigning also means entirely redefining your approach to security, as the old approach may not directly be applicable for containers.”

Looking at cost, each new service inevitably will have a high operation cost until ops and devs learn how to work with it and create the appropriate tooling to manage it. In the long run, automation will be a key to reducing these costs, suggested Maximov.

“I would call these changes more a cultural shift for an organization. Devs should be concerned about how their apps are being run in a production environment,” he said.

Alternative Space

The advantage gained from the alliance is Accenture’s track record as a global consultancy, according to Kiyoto Tamura, vice president of marketing forTreasure Data.

Accenture Cloud Factory is an alternative cloud-native application platform, in his view.

“Cloud native is 10 percent about infrastructure and 90 percent about mindset, and mindset is much harder to migrate than bits and bytes,” Tamura told LinuxInsider. “I believe that Accenture will play — if not already — a key role in evangelizing cloud-native to CXOs and transforming IT from a cost center to a strategic differentiator.”

Accenture’s entry into this space, in partnership with Docker, is very welcome, he said. More choices mean market validation.

Facebook on Monday moved to prevent spy applications from accessing its users’ data.

The company has updated its Facebook and Instagram policies to prohibit developers from using data obtained from those platforms in surveillance tools, according to Rob Sherman, deputy chief privacy officer at Facebook.

Facebook already has taken enforcement actions against devs who created and marketed surveillance tools in violation of the company’s previous policy, he noted, adding that “we want to be sure everyone understands the underlying policy and how to comply.”

Facebook has been under pressure to beef up its rules governing surveillance apps since last fall, when the American Civil Liberties Union released a report exposing how Geofeedia was using Facebook, Instagram and Twitter data to track protesters in Baltimore and Ferguson, Missouri.

Marketing materials for surveillance companies urged police to monitor hashtags associated with Black Lives Matter, and labeled unions and activist groups as “overt threats,” the ACLU also reported.

“We depend on social networks to connect and communicate about the most important issues in our lives and the core political and social issues in our country,” said Nicole Ozer, technology and civil Liberties director at the ACLU of California.

“Now more than ever, we expect companies to slam shut any surveillance side doors and make sure nobody can use their platforms to target people of color and activists,” she added.

Data Sellers Chill Dissent

The ACLU is part of a coalition that includes the Center for Media Justice and the Color of Change. The group aims to persuade social media companies to establish robust systems to make sure the rules prohibiting surveillance are followed.

“When technology companies allow their platforms and devices to be used to conduct mass surveillance of activists and other targeted communities, it chills democratic dissent and gives authoritarianism a license to thrive,” said Malkia Cyril, executive director of the Center for Media Justice.

“Social media platforms are a powerful tool for black people to draw attention to the injustices our community faces,” remarked Brandi Collins, campaign director for Color of Change.

“We commend Facebook and Instagram for this step,” she continued, “and call on all companies who claim to value diversity and justice to also stand up and do what’s needed to limit invasive social media surveillance from being used to target black and brown people in low-income communities.”

All Facebook users will benefit from the crackdown on surveillance apps, said Andrew Sudbury, CTO of Abine.

“This should improve user privacy, as there shouldn’t be any commercial companies reselling access to them and their data to law enforcement for tracking and intelligence gathering purposes,” he told TechNewsWorld.

Mixed Bag for Cops

For law enforcement agencies using information from developers of surveillance apps, Facebook’s policy will be a mixed bag.

“There’s nothing to stop law enforcement from looking as a suspect’s Facebook feed, but it will stop these intermediary-type companies like Geofeedia from getting automated feeds of information,” said Timothy Toohey, an attorney with Greenberg Glusker Fields Claman & Machtinger.

Enforcement still could be a problem for Facebook, though.

“There may be other companies that have ways to scrape this information from Facebook without developer access,” Toohey told TechNewsWorld.

Facebook’s ability and willingness to police its antisurveillance policy will be key to its success.

“A company could simply do its surveillance anyway,” Abine’s Sudbury noted. “Then it would fall on Facebook to carefully monitor what and how developers access data, looking for clues as to the purposes of the data.”

Controversies over what’s done with Facebook’s data are unavoidable, Toohey maintained.

“The data is incredibly valuable. It’s valuable to law enforcement. It’s valuable to private enterprises,” he said. “Facebook wants to monetize that, which puts them in very difficult positions balancing their commercial interests with other interests.”