Pages Navigation Menu

The blog of DataDiggers

Categories Navigation Menu

Apple bumps the App Store cell connection download cap up to 200 MB

Posted by on Jun 1, 2019 in Apple, iOS, TC | 0 comments

Good news: Apple now allows you to download bigger apps over a cellular connection than it used to.

Bad news: there’s still a cap, and you still can’t bypass it.

As noticed by 9to5Mac, the iOS App Store now lets you download apps up to 200 MB in size while on a cell network; anything bigger than that, and you’ll need to connect to WiFi. Before this change, the cap was 150 MB.

And if you’ve got an unlimited (be it actually unlimited or cough-cough-‘unlimited’) plan, or if you know you’ve got enough monthly data left to cover a big download, or you just really, really need a certain big app and WiFi just isn’t available? You’re still out of luck. That 200 MB cap hits everyone. People have found tricky, fleeting workarounds to bypass the cap over the years, but there’s no official “Yeah, yeah, the app is huge, I know.” button to click or power user setting to toggle.

The App Store being cautious about file size isn’t inherently a bad thing; with many users only getting an allotment of a couple gigs a month, a few accidental downloads over the cell networks can eat up that data quick. But it really does suck to open up an app you need and find it’s requiring some update that exceeds the cap, only to realize you’re nowhere near a friendly WiFi network. At least give us the choice, you know?

On the upside, most developers seem to be pretty aware of the cap; they’ll hack and slash their app install package until it squeaks under the limit, even if it means downloading more stuff through the app itself post-install. Now, at least, they’ve got 50 more megabytes of wiggle room to start with.


Source: The Tech Crunch

Read More

Twitter’s new prototype app ‘twttr’ launches today

Posted by on Mar 11, 2019 in Apps, conversations, iOS, Mobile, Social, TC, Twitter, twttr | 0 comments

Twitter’s new prototype application is rolling out to the first group of testers starting today, the company announced this afternoon by way of a tweet. The app, which Twitter is calling “twttr” as a throwback to its original name, was first introduced at the CES conference this January. It aims to offer Twitter a more experimental testing space where the company can try out new ideas outside of its existing public network, gain feedback from testers, then develop new features as a result of what it learns.

Initially, the new twttr app will focus on testing new designs for conversations. As the company demonstrated at CES, the prototype app will show a different format for replies, where conversations themselves have a more rounded chat-like shape and are indented so they’re easier to follow. Engagements, sharing options and other tweet details are hidden from view in order to simplify reading through longer threads.

And, most notably, the different types of replies are color-coded to designate those from the original poster as well as those Twitter users you personally follow. This is meant to offer better visual cues to readers who are trying to follow a lengthier thread where, often, side conversations take place, or the original poster jumps in to clarify things or respond to individual tweets.

Over time, Twitter may use the prototype app to test out other changes it wants to make to the product. For instance, the company has experimented with ideas around status update fields and icebreakers as your pinned tweet to encourage conversations.

Twitter has said not everyone will be accepted to the prototype-app testing program. Only a couple of thousand of English and Japanese speakers will be invited, provided they follow Twitter’s rules. However, no one is under NDA, so testers will be able to discuss what they’re seeing on Twitter itself, which opens up the ideas to more feedback.

Twitter says the first group of testers will receive an email invite sometime over the next few days. Once received, users must click a link to confirm their participation, then await another email invite from Apple’s TestFlight.

They can then download the new twttr app and use it instead of the main Twitter app, while tweeting about the new look using the hashtag #LetsHaveAConvo. Testers also can submit feedback through an online form.

The twttr app was already spotted in the wild before today’s announcement, but it hadn’t rolled out in large numbers at that time.

After all these years, Twitter is still trying to figure out how to improve conversations on its platform. Not only are they challenging to follow, visually speaking, they often devolve into trolling and abuse. That’s something other changes to the product may try to tackle, from enhanced reporting procedures to Twitter’s latest development of a “hide tweet” button.

The new prototype app isn’t immediately looking to solve the problems around online abuse — though as a side effect of redesigned conversation threads, comments that contribute to instead of detract from an online conversation could be better highlighted, perhaps.

But largely the app will focus on product changes where user feedback is critical, as in the redesign of conversations.

“The spirit of the [prototype testing program] is: can we just develop more in the public and bring people in earlier?,” explained Sara Haider, Twitter’s director of product management, in January. “We need more signal in the development process.”

As Twitter’s email to testers explains, the app will be “very much a work in progress.”

“These test builds will not always have all the functionality you’re used to, and you’ll see some things appear — and maybe disappear,” it notes. A further FAQ about the program is here.

Twitter says those who haven’t yet applied to test the new app can still do so. Applications opened last month, and remain open today.


Source: The Tech Crunch

Read More

iOS developers will soon be able to offer discounts to their existing and lapsed subscribers

Posted by on Feb 25, 2019 in Apple, Apps, developers, iOS, iOS apps, Mobile, mobile app developers, subscriptions, tvos | 0 comments

As subscriptions continue to grow into a sizable revenue stream for mobile app developers, Apple has had to make adjustments to its guidelines, rules and even its tools for subscription management in recent weeks. It issued stricter guidelines around how subscriptions are to be presented to consumers, and it made the setting for canceling existing subscriptions more accessible. Now, Apple is rolling out new tools for developers that will help them retain their current customers and win back lapsed subscribers.

The company announced on Friday that apps with auto-renewable subscriptions will soon be able to offer their subscriptions at a discounted price for a specific period, as a means of growing and retaining their customer base. This will give the developers more control over their subscription pricing than was available before.

Until the change, developers could only make introductory offers to entice consumers to sign up for the first time. For example, developers could lure customers with a one-time introductory price, offer a free trial or offer a discounted rate for a specific period of time before the subscription converted to the full price.

But these offers could only be made to first-time customers. The new promotional offers will allow developers to cut similar deals for existing subscribers or to win back the business from those who used to pay for the subscription but had canceled.

While the new promotional offers allow for the same sort of discounts as introductory offers, they’re more flexible in terms of how they’re used.

With introductory offers, developers were allowed one offer per subscription, per territory. With promotional offers, developers can activate up to 10 offers per subscription. This allows them to test which ones work best for their customers, instead of having to pick just one.

And developers are in control of when an offer displays to a customer, in which territories and how many offers a customer can redeem.

In addition, while introductory offers may display in the App Store when promoted, the promotional offers will not. That means developers can use business logic that targets winning back their most valuable customers with offers that may be better from those shown to others — and no one would be the wiser. It also means developers can offer different deals to lapsed customers — like maybe a discounted subscription — compared with promos meant to retain current subscribers.

Developers will also be able to use receipt validation tools to find subscribers who turned off auto-renewal, which allows them to target those customers with new offers before their subscription lapses. They may also decide to target those who cancel during the free trial with different offers than those who cancel after using a paid subscription for a time.

As an end-user looking to save money, these changes mean it may be worth toggling off your subscriptions from time to time to see if you’re offered a better deal to resubscribe.

Developers were alerted to the new features last week, but the offers themselves aren’t yet publicly available.

To create the offers, developers have to download the latest Xcode 10.2 beta and will need to implement the new StoreKit APIs. They can then test their offers on the latest beta version of iOS 12.2, macOS 10.14.4 and tvOS 12.2. Apple said the offers will be made available to the public “soon.”


Source: The Tech Crunch

Read More

Apple tells app developers to disclose or remove screen recording code

Posted by on Feb 7, 2019 in app developer, app developers, app-store, apple inc, Apps, E-Commerce, Google Play, iOS, iPhone, iTunes, mobile app, online marketplaces, operating systems, Privacy, Security, Smartphones, Software | 0 comments

Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store, TechCrunch can confirm.

In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.

It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user’s app activity.

Even though sensitive data is supposed to be masked, some data — like passport numbers and credit card numbers — was leaking.

Glassbox is a cross-platform analytics tool that specializes in session replay technology. It allows companies to integrate its screen recording technology into their apps to replay how a user interacts with the apps. Glassbox says it provides the technology, among many reasons, to help reduce app error rates. But the company “doesn’t enforce its customers” to mention that they use Glassbox’s screen recording tools in their privacy policies.

But Apple expressly forbids apps that covertly collect data without a user’s permission.

TechCrunch began hearing on Thursday that app developers had already been notified that their apps had fallen afoul of Apple’s rules. One app developer was told by Apple to remove code that recorded app activities, citing the company’s app store guidelines.

“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” Apple said in the email.

Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store, the email said.

When asked if Glassbox was aware of the app store removals, a spokesperson for Glassbox said that “the communication with Apple is through our customers.”

Glassbox is also available to Android app developers. Google did not immediately comment if it would also ban the screen recording code. Google Play also expressly prohibits apps from secretly collecting device usage. “Apps must not hide or cloak tracking behavior or attempt to mislead users about such functionality,” the developer rules state. We’ll update if and when we hear back.

It’s the latest privacy debacle that has forced Apple to wade in to protect its customers after apps were caught misbehaving.

Last week, TechCrunch reported that Apple banned Facebook’s “research” app that the social media giant paid teenagers to collect all of their data.

It followed another investigation by TechCrunch that revealed Facebook misused its Apple-issued enterprise developer certificate to build and provide apps for consumers outside Apple’s App Store. Apple temporarily revoked Facebook’s enterprise developer certificate, knocking all of the company’s internal iOS apps offline for close to a day.


Source: The Tech Crunch

Read More

Apple to compensate teenager who found Group FaceTime eavesdrop bug

Posted by on Feb 7, 2019 in Apps, FaceTime, iOS, iOS 12, ipad, ipad air, iPhone, operating systems, Privacy, Security, tablet computers, Technology | 0 comments

Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up.

The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the company before the bug was discovered elsewhere and went viral on social media.

The payout will fall under Apple’s bug bounty, which incentivizes security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company. Apple will also offer an unspecified additional gift to Thompson’s education.

“In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security, an Apple spokesperson told TechCrunch. “This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime.”

“To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS,” said Apple.

Apple rolled out iOS 12.4.1 on Thursday, which Apple says “provides important security updates and is recommended for all users.” The company’s separate security advisory also credited Thompson with finding the bug.


Source: The Tech Crunch

Read More

Many popular iPhone apps secretly record your screen without asking

Posted by on Feb 6, 2019 in analyst, app-store, apple inc, Banking, iOS, iPhone, iTunes, Mobile, mobile app, mobile software, operating systems, Privacy, Security, Smartphones, terms of service, travel sites | 0 comments

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

“This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch.

In the case of Air Canada’s app, although the fields are masked, the masking didn’t always stick (Image: The App Analyst/supplied)

We asked The App Analyst to look at a sample of apps that Glassbox had listed on its website as customers. Using Charles Proxy, a man-in-the-middle tool used to intercept the data sent from the app, the researcher could examine what data was going out of the device.

Not every app was leaking masked data; none of the apps we examined said they were recording a user’s screen — let alone sending them back to each company or directly to Glassbox’s cloud.

That could be a problem if any one of Glassbox’s customers aren’t properly masking data, he said in an email. “Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” he said.

The App Analyst said that while Hollister and Abercrombie & Fitch sent their session replays to Glassbox, others like Expedia and Hotels.com opted to capture and send session replay data back to a server on their own domain. He said that the data was “mostly obfuscated,” but did see in some cases email addresses and postal codes. The researcher said Singapore Airlines also collected session replay data but sent it back to Glassbox’s cloud.

Without analyzing the data for each app, it’s impossible to know if an app is recording a user’s screens of how you’re using the app. We didn’t even find it in the small print of their privacy policies.

Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen. Glassbox doesn’t require any special permission from Apple or from the user, so there’s no way a user would know.

Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either.

We asked all of the companies to point us to exactly where in its privacy policies it permits each app to capture what a user does on their phone.

Only Abercombie responded, confirming that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.” The spokesperson pointing to Abercrombie’s privacy policy makes no mention of session replays, neither does its sister-brand Hollister’s policy.

“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” said The App Analyst.

When asked, Glassbox said it doesn’t enforce its customers to mention its usage in their privacy policy.

“Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app,” the spokesperson said, such as when the system keyboard covers part of the native app, “Glassbox does not have access to it,” the spokesperson said.

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

But for the fact that the app developers don’t publicize it just goes to show how creepy even they know it is.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.


Source: The Tech Crunch

Read More

Coda’s programmable document editor comes out of beta, launches iOS app

Posted by on Feb 5, 2019 in App, Apps, coda, documents, Enterprise, iOS, TC | 0 comments

Coda, which is coming out of its limited beta today, wants to reinvent how you think about documents and spreadsheets. That’s about as tough a challenge as you can set yourself, given how ingrained tools like Word, Excel and their equivalents from the likes of Google, Zoho and others are. Coda’s secret weapon is that it combines text and spreadsheet functionality into a single document, with the ability to build some basic programming into them and add features from third-party services as a bonus.

In addition to opening up the service to anyone, Coda also today launched its new mobile app for iOS (with Android following at some point in the future).

“It’s the best of documents, spreadsheets, presentations, applications — all brought into one new surface,” Coda founder and CEO (and former head of product for YouTube Shishir Mehrotra told me. “But the phrase we like to use is that Coda allows anyone to make a doc as powerful as an app.”

You’re not going to use Coda, which was founded in 2017 and received funding from VC heavyweights like Greylock, Khosla Ventures and NEA, as a full-blown low code/no code service. It’s still a bit too limited for that. But you can use it to build your own custom inventory system, for example, or to build a basic CRM or to-do app that fits your specific needs. Or you could just use it as an online text editor and then slowly add features like third-party integrations with the likes of Slack or Figma as needed. All of that is easy enough for anybody who has ever used a function in Excel or Google Sheets.

So far, about 10,000 people have used the service during its private beta. Mehrotra tells me that about 15 percent of them are from the Bay Area and that a good amount of them simply use the service as a basic document editor.

The new iOS app, unsurprisingly, mostly focuses on consuming content and using the functions that you have built in the web app. It’s unlikely that you’ll want to build a whole new experience on your phone, after all. In the demos I’ve seen, Coda nicely transforms cells and their functions into usable tables and cards on the iPhone.


Source: The Tech Crunch

Read More

Apple restores Google’s internal iOS apps after certificate misuse punishment

Posted by on Jan 31, 2019 in app-store, Apple, Apps, Facebook, Google, Google Maps, instagram, iOS, iPhone, operating systems, Security, Smartphones, Technology | 0 comments

Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates.

“We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

[Update: 7pm pacific: Apple has restored Google’s Enterprise Certificate so its internal apps will now function, TechCrunch has confirmed with a source after Bloomberg’s Mark Bergen noted the development. A Google spokesperson tells they “can confirm that our internal corporate apps have been restored.” Googlers had lost access to employee-only iOS versions of their pre-launch test apps like YouTube, Gmail, and Calendar as well as their food and shuttle apps as well, causing a massive loss of productivity that will surely make it more careful about abiding by Apple’s policies.]

TechCrunch reported Wednesday that Google was using an Apple-issued certificate that allows the company to create and build internal apps for its staff for one of its consumer-facing apps, called Screenwise Meter, in violation of Apple’s rules. The app was designed to collect an extensive amount of data from a person’s iPhone for research, but using the special certificate allowed the company to allow users to bypass Apple’s App Store. Google later apologized, and said that the app “should not have operated under Apple’s developer enterprise program — this was a mistake.”

It followed in the footsteps of Facebook, which we first reported earlier this week was also abusing its internal-only certificates for a research app — which the company used to pay teenagers to vacuum up their phone’s web activity.

Apple invalidating Google’s Enterprise Certificate mean its Screenwise Meter app won’t work for iPhones and nor will any other app for which the search giant relies on the certificate.

The Verge reporter earlier that many internal Google apps have also stopped working. That means many early and pre-release versions of its consumer-facing apps, like Google Maps, Hangouts, Gmail and other employee-only apps, such as its transportation apps, are no longer functioning.

Facebook faced a similar rebuke after Apple stepped in. We reported that after Apple’s ban was handed down, many of Facebook’s pre-launch, test-only versions of Facebook and Instagram stopped working, as well as other employee-only apps for coordinating office collaboration, travel and seeing the company’s daily lunch schedule. Neither block affects apps that consumers download from Apple’s App Store.

Facebook has more than 35,000 employees. Google has more than 94,000 employees.

Now that Googlecand Facebook’s Certificates have been restored and their office mayhem has ceased, attention will likely turn to other abuses of the program and Apple’s power in the industry.

Josh Constine contributed reporting.


Source: The Tech Crunch

Read More

Apple disables group calling in FaceTime in response to eavesdropping bug

Posted by on Jan 29, 2019 in Apple, apple inc, FaceTime, iOS, iOS 10, iPhone, mobile phones, operating systems, Smartphones, spokesperson, TC | 0 comments

Apple has disabled the group calling feature within its FaceTime calling service while it works on a patch to fix a nasty bug that allows eavesdropping.

Apple’s status page shows that group calling via FaceTime is “temporarily unavailable” — that’s a stop-gap move while the company to deliver a more permanent fix to the problem this week. We were unable to set up a group call when we tried, having earlier been able to do and replicate the issue.

All being well, this fix means that users don’t need to completely disable FaceTime due to the bug, but it is understandable if some people are hesitant to switch it on again.

The vulnerability was unearthed on Monday and it is activated when a user initiates a group call but adds themselves as a participant, as we explained in our earlier post:

The bug relies on what appears to be a nasty logic screwup in FaceTime’s group call system. While we’re opting to not outline the steps here, the bug seems to trick the recipient’s phone into thinking a group call is already ongoing. A few quick taps, and FaceTime immediately trips over itself and inexplicably fires up the recipient’s microphone without them actually accepting the call.

Weirder yet: if the recipient presses the volume down button or the power button to try to silence or dismiss the call, their camera turns on as well. Though the recipient’s phone display continues showing the incoming call screen, their microphone/camera are streaming.

Apple told us and other media that it plans to issue a more permanent solution in the coming days.

“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” a spokesperson said.

It’s interesting to note that the group calling feature actually took longer than planned to arrive in iOS follow a hiccup. It was added then removed from the beta version of iOS 12 in August while it took time to roll out to all users. The feature was absent when iOS 12 shipped to all in September and, instead, it arrived with the launch of iOS 12.1 in October. Apple never provided a reason for the delay.

The bug is an embarrassing incident for Apple, which has long emphasized its focus on privacy as a business and within its products. That included a recent banner at CES which triumphantly proclaimed: “What happens on your iPhone, stays on your iPhone.”


Source: The Tech Crunch

Read More

3D-printed heads let hackers – and cops – unlock your phone

Posted by on Dec 16, 2018 in 3d printing, biometrics, Face ID, facial recognition, facial recognition software, Hack, Identification, iOS, iPhone, learning, Mobile, model, Prevention, Privacy, Security, surveillance | 0 comments

There’s a lot you can make with a 3D printer: from prosthetics, corneas, and firearms — even an Olympic-standard luge.

You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.

Bad news if you’re an Android user: only the iPhone X defended against the attack.

Gone, it seems, are the days of the trusty passcode, which many still find cumbersome, fiddly, and inconvenient — especially when you unlock your phone dozens of times a day. Phone makers are taking to the more convenient unlock methods. Even if Google’s latest Pixel 3 shunned facial recognition, many Android models — including popular Samsung devices — are relying more on your facial biometrics. In its latest models, Apple effectively killed its fingerprint-reading Touch ID in favor of its newer Face ID.

But that poses a problem for your data if a mere 3D-printed model can trick your phone into giving up your secrets. That makes life much easier for hackers, who have no rulebook to go from. But what about the police or the feds, who do?

It’s no secret that biometrics — your fingerprints and your face — aren’t protected under the Fifth Amendment. That means police can’t compel you to give up your passcode, but they can forcibly depress your fingerprint to unlock your phone, or hold it to your face while you’re looking at it. And the police know it — it happens more often than you might realize.

But there’s also little in the way of stopping police from 3D printing or replicating a set of biometrics to break into a phone.

“Legally, it’s no different from using fingerprints to unlock a device,” said Orin Kerr, professor at USC Gould School of Law, in an email. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape, he said.

Although a warrant “wouldn’t necessarily be a requirement” to get the biometric data, one would be needed to use the data to unlock a device, he said.

Jake Laperruque, senior counsel at the Project On Government Oversight, said it was doable but isn’t the most practical or cost-effective way for cops to get access to phone data.

“A situation where you couldn’t get the actual person but could use a 3D print model may exist,” he said. “I think the big threat is that a system where anyone — cops or criminals — can get into your phone by holding your face up to it is a system with serious security limits.”

The FBI alone has thousands of devices in its custody — even after admitting the number of encrypted devices is far lower than first reported. With the ubiquitous nature of surveillance, now even more powerful with high-resolution cameras and facial recognition software, it’s easier than ever for police to obtain our biometric data as we go about our everyday lives.

Those cheering on the “death of the password” might want to think again. They’re still the only thing that’s keeping your data safe from the law.


Source: The Tech Crunch

Read More