Friday Five: 2/8 Edition
Learn how Apple wants to crackdown on travel apps that record your iPhone screen, ITAR and NIST 800-171, how Facebook is firing back at Germany, and more in this week’s Friday Five.
1. Big-name travel apps may secretly record your iPhone screen, including credit card info by Nick Statt
Some fascinating news here via The Verge via Techcrunch: A handful of popular travel apps, Air Canada, Expedia, and Hotels.com to name a few, actually record users' iPhone screens, thanks to a third party analytics app. While this may be common knowledge for experts in the mobile phone industry, neither the company behind the app, Glassbox, nor the apps that employ it ask for its users' consent, which is problematic. It’s a little like déjà vu; last week Techcrunch broke the news that Facebook had an app that essentially spied on users, effectively breaking the rules of Apple's iOS platform. Apple banned the app after temporarily revoking Facebook's access to internal iOS apps. It's apparently threatening to the do the same thing to apps that use Glassbox this week.
2. Senators Grill Facebook, Google, and Apple Over Invasive Apps by Issie Lapowsky
Speaking of that Techcrunch report from last week: three senators - Richard Blumenthal (D-Connecticut), Ed Markey (D-Massachusetts), and Josh Hawley (R-Missouri) - have some questions. In wake of the article, the three senators sent letters to execs at Facebook, Google, and Apple this week to learn more about the app, what type of data it collected, and perhaps most important: how much of the data Facebook actually used and why. “These reports fit with long-standing concerns that Facebook has used its products to deeply intrude into personal privacy,” the letters all read.
3. Technical data protection a priority for Australian and US regulators by Kevin Chenney and Ray Harvey
Australian Defence Magazine (ADM) might sound like a relatively niche trade journal and for the most part it is but that doesn't make an article published by the magazine this week any less relevant, even for U.S. organizations. The piece is a nice primer on export control regulations like the U.S.’s International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). There's also some information here on how NIST's 800-171 regulations can serve as a baseline for federal agencies looking to protect data. Sure, there’s content for Australian supply chain enterprises but any organization that isn't aware of either ITAR and NIST 800-171 would be well served to review too.
4. Go Update iOS Right Now to Fix That Very Bad FaceTime Bug by Lily Hay Newman
Well, it took them a week longer than they said it would but Apple finally rolled out a fix for that nasty FaceTime bug that took the internet by storm last week. The bug, which in case you missed it could have allowed any iOS user to eavesdrop on another iOS user via the operating system's group FaceTime feature, was fixed in iOS 12.1.4, which dropped on Thursday. While news the bug is fixed is certainly welcome the internet is also rejoicing to the news that Apple is going to compensate the 14-year-old who discovered the bug. The Cupertino company suffered an onslaught of bad press last week when it was mum over whether or not it would reward the high schooler. The company told publications this week it was compensating the family that reported it and providing an additional gift to fund the tuition of Grant Thompson, the 14-year-old.
5. Why We Disagree With the Bundeskartellamt by Yvonne Cunnane, Head of Data Protection, Facebook Ireland and Nikhil Shanbhag, Director and Associate General Counsel
Okay, not an article per se but an interesting blog from Facebook on how it interprets some pressure Germany’s competition watchdog, Bundeskartellamt (FCO), put on the company recently. The FCO called out Facebook for combining user data from different sources, a la data sharing between WhatsApp and Instagram, adding that it was planning on banning the company from doing so last month. Facebook is insisting it complies with GDPR and how it empowers data protection regulators, not competition authorities. The blog, which is co-written in part by Facebook Ireland's Head of Data Protection, accuses Bundeskartellamt of "trying to implement an unconventional standard for a single company."