The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 2/8 Edition

by Chris Brook on Friday February 8, 2019

Contact Us
Free Demo
Chat

Learn how Apple wants to crackdown on travel apps that record your iPhone screen, ITAR and NIST 800-171, how Facebook is firing back at Germany, and more in this week’s Friday Five.

1. Big-name travel apps may secretly record your iPhone screen, including credit card info by Nick Statt

Some fascinating news here via The Verge via Techcrunch: A handful of popular travel apps, Air Canada, Expedia, and Hotels.com to name a few, actually record users' iPhone screens, thanks to a third party analytics app. While this may be common knowledge for experts in the mobile phone industry, neither the company behind the app, Glassbox, nor the apps that employ it ask for its users' consent, which is problematic. It’s a little like déjà vu; last week Techcrunch broke the news that Facebook had an app that essentially spied on users, effectively breaking the rules of Apple's iOS platform. Apple banned the app after temporarily revoking Facebook's access to internal iOS apps. It's apparently threatening to the do the same thing to apps that use Glassbox this week.

Read more

2. Senators Grill Facebook, Google, and Apple Over Invasive Apps by Issie Lapowsky

Speaking of that Techcrunch report from last week: three senators - Richard Blumenthal (D-Connecticut), Ed Markey (D-Massachusetts), and Josh Hawley (R-Missouri)  - have some questions. In wake of the article, the three senators sent letters to execs at Facebook, Google, and Apple this week to learn more about the app, what type of data it collected, and perhaps most important: how much of the data Facebook actually used and why. “These reports fit with long-standing concerns that Facebook has used its products to deeply intrude into personal privacy,” the letters all read.

Read more

3. Technical data protection a priority for Australian and US regulators by Kevin Chenney and Ray Harvey

Australian Defence Magazine (ADM) might sound like a relatively niche trade journal and for the most part it is but that doesn't make an article published by the magazine this week any less relevant, even for U.S. organizations. The piece is a nice primer on export control regulations like the U.S.’s International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). There's also some information here on how NIST's 800-171 regulations can serve as a baseline for federal agencies looking to protect data. Sure, there’s content for Australian supply chain enterprises but any organization that isn't aware of either ITAR and NIST 800-171 would be well served to review too.

Read more

4. Go Update iOS Right Now to Fix That Very Bad FaceTime Bug by Lily Hay Newman

Well, it took them a week longer than they said it would but Apple finally rolled out a fix for that nasty FaceTime bug that took the internet by storm last week. The bug, which in case you missed it could have allowed any iOS user to eavesdrop on another iOS user via the operating system's group FaceTime feature, was fixed in iOS 12.1.4, which dropped on Thursday. While news the bug is fixed is certainly welcome the internet is also rejoicing to the news that Apple is going to compensate the 14-year-old who discovered the bug. The Cupertino company suffered an onslaught of bad press last week when it was mum over whether or not it would reward the high schooler. The company told publications this week it was compensating the family that reported it and providing an additional gift to fund the tuition of Grant Thompson, the 14-year-old.

Read more

5. Why We Disagree With the Bundeskartellamt by Yvonne Cunnane, Head of Data Protection, Facebook Ireland and Nikhil Shanbhag, Director and Associate General Counsel

Okay, not an article per se but an interesting blog from Facebook on how it interprets some pressure Germany’s competition watchdog, Bundeskartellamt (FCO), put on the company recently. The FCO called out Facebook for combining user data from different sources, a la data sharing between WhatsApp and Instagram, adding that it was planning on banning the company from doing so last month. Facebook is insisting it complies with GDPR and how it empowers data protection regulators, not competition authorities. The blog, which is co-written in part by Facebook Ireland's Head of Data Protection, accuses Bundeskartellamt of "trying to implement an unconventional standard for a single company."

Read more

Tags: Privacy, Mobile Security, Data Protection

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.