Data sharing, collection, and personal privacy concerns

The security risks created by COVID-19 continue to abound.  Applications have proliferated in the wild, offering concerned people the chance to test themselves for Coronavirus.  Now, I haven’t used any of these apps, I don’t know how reliable they are, but the point is they are being used.  People are submitting copious amounts of data to these apps and the companies behind them.  As such, it is imperative for those firms to ensure strong protections for the personal information they obtain.

You can imagine how rife with risks this situation is, though.  It doesn’t even take a full data breach to be vulnerable these days.  This is something Indian telecom Jio is learning for itself.  Just last week, Facebook bought a 10% share in the company for over $5 billion.  Now, a security researcher has discovered an unprotected Jio database containing millions of user data.  Unfortunately, its COVID-19 symptom tracker was storing the data without as much as password protection.  Once alerted to this exposure, Jio took the system storing the database offline.

There was more information stored, however, than that pertaining to personal health: user OS, browser versions, and location were also included in the hoard.  And this relates to another concern that’s growing as people share more of their data with companies and apps, whether for COVID-19 or any number of other purposes.  Big data collection presents stark security and privacy concerns as more of the world moves online, and companies are going to be accountable when questions arise.  Jio’s 370 million or so users had to worry about this exposure; users of Xiaomi smart phones, produced by the Chinese tech company, are likewise having their data harvested.  This includes web domains, search query histories, and even whether users set their search engines to an “incognito” mode—that, too, makes it to the company database.  It also appears the data was stored on servers owned by Chinese conglomerate Alibaba, which broaches the issue of third-party vulnerabilities.

In a statement, Xiaomi said that the data is all anonymized and encrypted, and used for internal analytics.  Still, why they store the supposedly incognito user data remains a mystery.

Unresolved questions like this should put people on guard, and make them more aware of what they’re sharing online.  It’s an issue anyone who uses a smartphone or an app or the Internet in any way will have to grapple with going forward.


By: Jonathan Weicher, post on May 6, 2020
Originally published at: http://www.netlibsecurity.com
Copyright: NetLib Security