{"id":80595,"date":"2021-02-03T09:46:30","date_gmt":"2021-02-03T04:16:30","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=80595"},"modified":"2021-02-03T09:46:30","modified_gmt":"2021-02-03T04:16:30","slug":"more-privacy-control-for-all-with-tinycheck-tool","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/more-privacy-control-for-all-with-tinycheck-tool\/","title":{"rendered":"More privacy control for all with TinyCheck tool"},"content":{"rendered":"

To increase privacy control over users\u2019 data, two Kaspersky experts have combined the results of their research and upgraded the openly available TinyCheck tool. Initially developed as a stalkerware detection tool for service organizations working with victims of domestic violence, TinyCheck now also offers help to uncover all types of geo-tracking apps.<\/span><\/p>\n

In December 2020, Apple and Google\u00a0prohibited\u00a0any apps in their stores which use X-Mode\u2019s technology that secretly enables tracking and selling of location data. Several months prior to the tech companies\u2019 decision, Kaspersky\u2019s Global Research and Analysis Team (GReAT) director, Costin Raiu started to analyze such apps after he had seen a\u00a0visualization\u00a0that identified people\u2019s movements using their GPS data made available by X-Mode.<\/span><\/p>\n

Raiu found more than 240 distinct apps with X-Mode\u2019s tracking technology which in total have been installed more than 500 million times. Such data collection becomes possible when developers embed a component \u2013 a software development kit (SDK) \u2013 in their app. The problem with these tracking SDKs is that it is impossible for a user to tell whether an app contains such location tracking components. Also, the app may have a legitimate reason to ask for the user\u2019s location as many rely on location to function properly, but such an app might also sell the GPS data.<\/span><\/p>\n

In addition, any app can contain more than just one tracking SDK. For example, while Raiu was looking at an app that included the X-Mode SDK in question, he discovered five other components from other companies that were also collecting location data.<\/span><\/p>\n

Making life harder for secret trackers<\/strong><\/span><\/p>\n

Now, Raiu\u2019s findings have been integrated into\u00a0TinyCheck<\/a>, an open-source tool developed and\u00a0published<\/a>\u00a0in November last year by F\u00e9lix Aim\u00e9, another of Kaspersky\u2019s GReAT experts. Initially, TinyCheck was developed to help tackle the issue of stalkerware.<\/span><\/p>\n

Stalkerware is software used to secretly spy on another person\u2019s private life via a smart device and also installed without the user\u2019s knowledge. While often used to facilitate violence against an intimate partner, the software may also be used in a different context. TinyCheck can now detect both stalkerware and tracking apps, but the tool issues two different alerts to the user.\u00a0<\/span><\/p>\n

\"tc.png\"<\/span><\/p>\n

A TinyCheck alert when stalkerware is detected.<\/em><\/span><\/p>\n

\"tcc.png\"<\/span><\/p>\n

A TinyCheck alert when geo-tracking apps are detected.<\/em><\/span><\/p>\n

\"tccc.png\"<\/span><\/p>\n

An excerpt of the TinyCheck report on any detected geo-tracking apps.<\/em><\/span><\/p>\n

Using a regular Wi-Fi connection, TinyCheck scans a mobile device\u2019s outgoing traffic and identifies interactions with known malicious sources. In order to make use of TinyCheck, a computer with a Raspberry Pi OS Buster is needed along with one of the following two options: either two Wi-Fi interfaces, one for connecting to the internet and one for your mobile\u2019s connectivity (AP mode), or one Wi-Fi interface and an Ethernet connection for internet. In both cases, the best choice is a Raspberry Pi Model 3 or higher with a small touch screen.<\/span><\/p>\n

\"tinycheck.png\"<\/span><\/p>\n

A visualization of how TinyCheck works.<\/em><\/span><\/p>\n

\u201cSecret tracking of users and using their data without their knowledge should not happen for any reason. Having the combined list of indicators of compromise for mobile trackers and stalkerware integrated in TinyCheck, users are able to increase their privacy control. TinyCheck is therefore designed as an open source tool that is freely available to anyone, and one which the security community can share and contribute their knowledge to,\u201d\u00a0comments F\u00e9lix Aim\u00e9, a Kaspersky GReAT security researcher.<\/strong><\/span><\/p>\n

In addition to using TinyCheck, there are a few tips to follow to lower the chances of being tracked by such apps and services, which involve limiting apps\u2019 permissions:<\/span><\/strong><\/span><\/p>\n