• Verizon is Bringing Spyware to its Android Phones



    With Congress having cleared the way for U.S. operators to sell your browsing history to advertisers, Verizon is wasting no time, partnering with the developers of the popular Android launcher Evie to bring a new search tool to its customers on that platform. Unlike Evie, this new Verizon app isn't exactly getting rave reviews. Here's Cory Doctorow to explain why:

    "AppFlash" will come pre-installed on all Verizon Android handsets; it's a Google search bar replacement, but instead of feeding telemetry about your searches, handset, apps and activities to Google, it will send them to Verizon.
    The Electronic Frontier Foundation pored through Verizon's privacy policy for AppFlash, and found proof that your data will indeed be sold to third parties:

    “AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experience and in other places, including non-Verizon sites, services and devices.”
    If you're an Android user with a Verizon-branded phone, you might want to look into rooting and de-bloating it.

    Sources: Android Police, Boing Boing, EFF, The Verge

    ---------
    This article was originally published in forum thread: Verizon is Bringing Spyware to its Android Phones started by acurrie View original post
    Comments 33 Comments
    1. aaronwt's Avatar
      aaronwt -
      I don't care if Verizon gets that info. If they can sell it and make money then good for them. It will have zero effect on my usage.
    1. GeezLouise's Avatar
      GeezLouise -
      Not paying for service that uses that paid service to spam me with ads, unless there is an "opt out" and/or there is a discount for agreeing to receive the ads.
    1. Abstract08's Avatar
      Abstract08 -
      I've been doing some research on this. With the new FCC policy can't the wireless carriers also sell out your actual internet usage too? I'm referring to raw data packets sent and received on the network end. This way they don't need an actual app on your phone to sell your information to different companies / marketers?

      I'm asking because I read an article that ISP's are now able to monitor and sell your data at home. Why wouldn't this apply to mobile networks too? Obviously because Verizon is so excited to sell data thru their new app I'm NEVER going to switch to them.
    1. j'vai's Avatar
      j'vai -
      Quote Originally Posted by Abstract08 View Post
      I've been doing some research on this. With the new FCC policy can't the wireless carriers also sell out your actual internet usage too? I'm referring to raw data packets sent and received on the network end. This way they don't need an actual app on your phone to sell your information to different companies / marketers?

      I'm asking because I read an article that ISP's are now able to monitor and sell your data at home. Why wouldn't this apply to mobile networks too? Obviously because Verizon is so excited to sell data thru their new app I'm NEVER going to switch to them.
      the thing is, with android & it's native services (gmail, youtube, now, etc) use https / tls by default, regardless of the carrier sim used, much better during a wifi session -

      TLS/SSL Default Configuration Changes

      "Android 7.0 makes the following changes to the default TLS/SSL configuration used by apps for HTTPS and other TLS/SSL traffic:
      •RC4 cipher suites are now disabled.
      •CHACHA20-POLY1305 cipher suites are now enabled.

      RC4 being disabled by default may lead to breakages in HTTPS or TLS/SSL connectivity when the server does not negotiate modern cipher suites. The preferred fix is to improve the server’s configuration to enable stronger and more modern cipher suites and protocols. Ideally, TLSv1.2 and AES-GCM should be enabled, and Forward Secrecy cipher suites (ECDHE) should be enabled and preferred.

      An alternative is to modify the app to use a custom SSLSocketFactory to communicate with the server. The factory should be designed to create SSLSocket instances that have some of the cipher suites required by the server enabled in addition to default cipher suites. ""


      this Android launcher Evie thingy, Verizon's introduction of it invites it's usage as a bypass / replacement of android's native offering (though, it offers NOTHING of any difference than what's in android natively)..

      use it, Verizon gets to bypass the https /tls connections & peep tom into all your business..
    1. Jack T. Chance's Avatar
      Jack T. Chance -
      While this may be a new program/implementation, how, exactly, is this NEWS, i.e. NEW? Verizon's been gathering and selling info about your usage on their network for awhile. Current programs have had an opt-out option, so one would hope that option remains with this. Or you can just buy an unlocked, unbranded phone with Stock Android that leaves out all of Verizon's added bloatware!
    1. zeus4509's Avatar
      zeus4509 -
      https://www.eff.org/deeplinks/2017/0...nnounces-plans no they're not. False alarm. It's a single app, on a single device, that you have to opt in to use, and that you can disable at any time. This is why companies need to do all of their homework before writing stuff.
    1. Abstract08's Avatar
      Abstract08 -
      Quote Originally Posted by zeus4509 View Post
      https://www.eff.org/deeplinks/2017/0...nnounces-plans no they're not. False alarm. It's a single app, on a single device, that you have to opt in to use, and that you can disable at any time. This is why companies need to do all of their homework before writing stuff.
      I still don't trust it. How ironic that Verizon comes out with this "app discovery" app just around the time the FCC starts allowing your online information to be sold. I smell a rat. Google's launcher already helps with app searches. Of course Verizon is going to fight negative press.
    1. new-toy's Avatar
      new-toy -
      Quote Originally Posted by Abstract08 View Post
      I still don't trust it. How ironic that Verizon comes out with this "app discovery" app just around the time the FCC starts allowing your online information to be sold. I smell a rat. Google's launcher already helps with app searches. Of course Verizon is going to fight negative press.
      No one should be surprised by this. Verizon has been trying to get more customers so that they have more data to sell to advertisers. Why do you think they 'suddenly' started offering unlimited again? Verizon still uses the UIDH on it's postpaid customers unless you can find where to disable it in your account settings (and i'm sure that the ability to opt out of it is going to go away REAL soon).
      By the way, you people out there that say "I'm not doing anything wrong so who cares" are fools. You may not be doing anything wrong but think about every website you visit, or every search you do or every place you go or your texts or phone call meta data.
      The carriers can now collect and sell what ever they want to who ever they want. Doesn't that give you a nice warm feeling.
      What really gets me is that Verizon is trying out stuff like this so soon. It's not going to stop here, so buckle up, we are in for a ruff ride.
    1. zeus4509's Avatar
      zeus4509 -
      Quote Originally Posted by Abstract08 View Post
      I still don't trust it. How ironic that Verizon comes out with this "app discovery" app just around the time the FCC starts allowing your online information to be sold. I smell a rat. Google's launcher already helps with app searches. Of course Verizon is going to fight negative press.
      Just disable it and don't opt in. Or don't buy a v20. It's the only phone with the app. I'm sure if it got enough bad press or if people found out it was still reporting data even when not enabled or opted into it would be a press nightmare. As far as them releasing a statement of course they did, any company would especially if the original information posted was wrong, and the original report was 100 percent inaccurate. Google doesn't have a universal launcher anymore. They are ending support for Google launcher and the pixel launcher is only officially supported on pixel devices. Foundations like EFF and other liberal watchdog groups generally do great work, but sometimes they can have "the sky is falling and apocalypse is here" mentality over nothing. This seems to be one of those cases as they have retracted all of their statements on it. I'm sure if something important pops up or it turns into something to worry about they will be the first to tell us.
    1. new-toy's Avatar
      new-toy -
      Quote Originally Posted by zeus4509 View Post
      Just disable it and don't opt in. Or don't buy a v20. It's the only phone with the app. I'm sure if it got enough bad press or if people found out it was still reporting data even when not enabled or opted into it would be a press nightmare. As far as them releasing a statement of course they did, any company would especially if the original information posted was wrong, and the original report was 100 percent inaccurate. Google doesn't have a universal launcher anymore. They are ending support for Google launcher and the pixel launcher is only officially supported on pixel devices.
      This is just the beginning. Here you go again sticking up and defending Verizon. Please do yourself and all of us a favor and read about UIDH and other crap Verizon does and plans to do. Read about how much money AT&T and Verizon paid politicians to get the privacy laws scrapped. One of Verizon's top ex-lawyer's is now head of the FCC and he is anti-net neutrality and anti-consumer privacy. How convenient.
      Educate yourself about privacy before you start defending how Verizon really is.
    1. Abstract08's Avatar
      Abstract08 -
      Quote Originally Posted by new-toy View Post
      This is just the beginning. Here you go again sticking up and defending Verizon. Please do yourself and all of us a favor and read about UIDH and other crap Verizon does and plans to do. Read about how much money AT&T and Verizon paid politicians to get the privacy laws scrapped. One of Verizon's top ex-lawyer's is now head of the FCC and he is anti-net neutrality and anti-consumer privacy. How convenient.
      Educate yourself about privacy before you start defending how Verizon really is.
      That is VERY convenient and also VERY ironic.... Oh no. It doesn't matter what carrier we go to anymore, does it? This is it? Even if I were to go to Sprint?
      You know what... I already know that answer. Don't answer that
    1. new-toy's Avatar
      new-toy -
      Quote Originally Posted by Abstract08 View Post
      Oh no. It doesn't matter what carrier we go to anymore, does it? This is it? Even if I were to go to Sprint?
      You know what... I already know that answer. Don't answer that
      Laugh all you want. Maybe you should read about what freedom the carriers have just been granted to collect and sell. It's not a joke. People should have the right to know what is collected and sold and also the right to opt out if they don't want that to happen.
    1. Abstract08's Avatar
      Abstract08 -
      Quote Originally Posted by new-toy View Post
      Laugh all you want. Maybe you should read about what freedom the carriers have just been granted to collect and sell. It's not a joke. People should have the right to know what is collected and sold and also the right to opt out if they don't want that to happen.
      I'm not laughing. I'm serious. Do you think I'm joking?!?!? I'm trying to get away from this. I agree with you.
    1. new-toy's Avatar
      new-toy -
      Quote Originally Posted by acurrie View Post
      Attachment 150285

      With Congress having cleared the way for U.S. operators to sell your browsing history to advertisers, Verizon is wasting no time, partnering with the developers of the popular Android launcher Evie to bring a new search tool to its customers on that platform. Unlike Evie, this new Verizon app isn't exactly getting rave reviews. Here's Cory Doctorow to explain why:



      The Electronic Frontier Foundation pored through Verizon's privacy policy for AppFlash, and found proof that your data will indeed be sold to third parties:



      If you're an Android user with a Verizon-branded phone, you might want to look into rooting and de-bloating it.

      Sources: Android Police, Boing Boing, EFF, The Verge
      Thanks for reporting this. HoFo is a great place to come to for all kinds of information related to phones and carriers. Privacy is a very important part of this and it's nice to see that you are aware of this and I hope you will continue to post information about privacy and security relating to carriers and our devices.
    1. zeus4509's Avatar
      zeus4509 -
      Quote Originally Posted by new-toy View Post
      This is just the beginning. Here you go again sticking up and defending Verizon. Please do yourself and all of us a favor and read about UIDH and other crap Verizon does and plans to do. Read about how much money AT&T and Verizon paid politicians to get the privacy laws scrapped. One of Verizon's top ex-lawyer's is now head of the FCC and he is anti-net neutrality and anti-consumer privacy. How convenient.
      Educate yourself about privacy before you start defending how Verizon really is.
      Yea yes the sky is falling I know. Blah blah blah this is the beginning and by next year the evil mastermind Verizon will have chips in your brain. Save your conspiricy nonsense for other people. Maybe the lizard people will rise and take over the world. Seems Verizon's explanation was enough for the EFF, they retracted all of their statements on the matter. Guess they're not sitting beside you with a tin foil hat on.
    1. zeus4509's Avatar
      zeus4509 -
      Quote Originally Posted by Abstract08 View Post
      I am presently trying to find a way to block your posts from showing up. If anyone know's how to do that please PM me. Thanks
      Then stop quoting me. Easy as pie. Only a weirdo would quote somebody then be upset they responded. Are you posting this because you think I'll overly care and beg you not to?? Lol sorry not gonna happen, care less honestly.
    1. anthonyjones's Avatar
      anthonyjones -
      I have data sold to third parties all the time and I get the phone calls and mail that backs it up so not a fan for more of it.
    1. new-toy's Avatar
      new-toy -
      Quote Originally Posted by zeus4509 View Post
      Yea yes the sky is falling I know. Blah blah blah this is the beginning and by next year the evil mastermind Verizon will have chips in your brain. Save your conspiricy nonsense for other people. Maybe the lizard people will rise and take over the world. Seems Verizon's explanation was enough for the EFF, they retracted all of their statements on the matter. Guess they're not sitting beside you with a tin foil hat on.
      Conspiracy nonsense? You don't care what your precious Verizon does because you do nothing but defend them when ever possible. There is no conspiracy theory here. Verizon was caught using an ID header (UIDH) on all of it's cellular traffic to track and collect information on it's users. They were doing it secretly for 2 years before someone discovered it and made it into the news. Verizon still does this even today, even after they were shamed and blasted for it.
      Verizon is the worst company when it comes to their customers privacy. Again, before you start flinging names around and accusing people of conspiracies maybe you should educate yourself because you are going to keep making a fool of yourself.
      Now that Verizon and all the other internet providers have free reign with your data, believe me, Verizon is going to take FULL advantage of this and do anything they can think of to collect and sell as much user data as possible.
      Verizon knows that most people (like you) are not aware of privacy issues and what these companies do with your information so they are going to go full steam ahead.
    1. zeus4509's Avatar
      zeus4509 -
      Quote Originally Posted by new-toy View Post
      Conspiracy nonsense? You don't care what your precious Verizon does because you do nothing but defend them when ever possible. There is no conspiracy theory here. Verizon was caught using an ID header (UIDH) on all of it's cellular traffic to track and collect information on it's users. They were doing it secretly for 2 years before someone discovered it and made it into the news. Verizon still does this even today, even after they were shamed and blasted for it.
      Verizon is the worst company when it comes to their customers privacy. Again, before you start flinging names around and accusing people of conspiracies maybe you should educate yourself because you are going to keep making a fool of yourself.
      Now that Verizon and all the other internet providers have free reign with your data, believe me, Verizon is going to take FULL advantage of this and do anything they can think of to collect and sell as much user data as possible.
      Verizon knows that most people (like you) are not aware of privacy issues and what these companies do with your information so they are going to go full steam ahead.
      Then don't use them and move on? Blasted for it? The EFF had to retract all of their article after they got the full story.....This actually looks bad on the EFF. Maybe read what actually happened next time before you respond. Will help you out immensely in the future. As the EFF said, they will monitor it and report if anything is worth reporting about, they prolly should of did that before they wrote an inaccurate article about it riling up the tin foil hat crowd.
    1. Abstract08's Avatar
      Abstract08 -
      Quote Originally Posted by new-toy View Post
      Conspiracy nonsense? You don't care what your precious Verizon does because you do nothing but defend them when ever possible. There is no conspiracy theory here. Verizon was caught using an ID header (UIDH) on all of it's cellular traffic to track and collect information on it's users. They were doing it secretly for 2 years before someone discovered it and made it into the news. Verizon still does this even today, even after they were shamed and blasted for it.
      Verizon is the worst company when it comes to their customers privacy. Again, before you start flinging names around and accusing people of conspiracies maybe you should educate yourself because you are going to keep making a fool of yourself.
      Now that Verizon and all the other internet providers have free reign with your data, believe me, Verizon is going to take FULL advantage of this and do anything they can think of to collect and sell as much user data as possible.
      Verizon knows that most people (like you) are not aware of privacy issues and what these companies do with your information so they are going to go full steam ahead.
      You can lead the horse to the water, but you can't make it drink unfortunately.

      Sent from my SAMSUNG-SM-J320A using HoFo mobile app