Last week, all those involved in the technology have heard the news that Lanovo wants to have installed Superfish adware together with a certificate security on its devices.
Meanwhile, Microsoft, Lenovo and other companies have released software to remove Superfish and the security certificate, but the problem seems to be on mobile devices as well.
The equivalent of Superfish for mobile devices is called LikeThat and is available for iOS and Android devices in the special app stores of each platform.
Η application έχει σχεδιαστεί για να “διευκολύνει” τους χρήστες της σε αγορές με τη λήψη φωτογραφιών. Η photo it then uploads to Superfish's servers and compares it to discover visually similar results provided by thousands of other retailers.
Ο Jonathan Zdziarski, ένας ειδικός ερευνητής του iOS, ελέγχοντας τον κώδικα της εφαρμογής ανακάλυψε ότι συμπεριλάμβανε ορισμένα χαρακτηριστικά που προσδίδουν σε κάθε συσκευή μια μοναδική ταυτότητα, και διατηρούν όλα τα EXIF δεδομένα που είναι διαθέσιμα στις φωτογραφίες.
The device ID is also sent to an analytics company assigned to the device without any notification to the user while also sending its MAC address mobile.
As for the EXIF data in the images, each user's private life is trapped if the GPS is enabled. So, among other things, companies have their exact location and the time that photography was taken. Imagine many photos from different locations can very well show the movements of a user in a specific time period.
The researcher found that the LikeThat Superfish for iOS is quite invasive and includes code that can leak device-related information such as free disk space, MAC address, memory used, CPU frequency, or type screen.
In a Friday's publication, the investigator points out that if some of the tracking capabilities are disabled (closed GPS) in versions of the application for iOS ή Android, the ability to collect and transmit the user's location is possible through the SFLocationAPI they use.
"It seems that Superfish, if it doesn't have the way to collect information from an image you select from your photo album (UIImagePicker), uses a technique that could allow access to underlying image metadata that most users don't know is stored," says the researcher.
You can see it all analysis of the researcher from here.
