#androidprivacy

@bryanking71.bsky.social

1 month ago

How Meta Connected Browsing Activity to Real People on Android Discover how Meta tracked Android users without cookies or incognito mode. Learn how browsing patterns and app interactions reveal your digital identity, why privacy tools aren’t foolproof, and practical steps everyday users can take to protect themselves while navigating Android safely.

Think you’re invisible in incognito mode? Think again. Meta found ways to track Android users through browsing patterns and app interactions 📱🔍 Learn how it works and protect your privacy. #AndroidPrivacy #MetaTracking #DigitalSecurity

Tuta

@tuta.com

2 months ago

Make your Android more private: Disable Gemini Turn off AI mode in Google search Turn off history settings & personalized ads Turn off location tracking Turn off camera & microphone access Don’t use Chrome Turn off Google Password Manager

Your Android knows everything about you 👉

❗ Where you go

❗ When you go to sleep

❗ What you search for 

❗ Your habits

... and more! 🙈

Take back your privacy & change your Android settings!

Find out how: tuta.com/blog/android...

#Android #AndroidPrivacy #AndroidSettings

TechNadu

@technadu.com

7 months ago

NordVPN Introduces Scam Call Protection for U.S. Android Users

📱 Nord VPN launches Scam Call Protection for U.S. Android users.

🚫 Flags shady numbers
🔒 Doesn’t analyze call content
📊 $16.6B lost to scam calls in 2024
Read: ⬇️
www.technadu.com/nordvpn-intr...

#ScamCalls #Cybersecurity #NordVPN #AndroidPrivacy

Ryan Perry

@sbs707.bsky.social

8 months ago

Android alert: Gemini AI accessing 3rd-party apps by default

Google's new update allows Gemini to interact with apps like WhatsApp, even if previously blocked. Users must take action to maintain privacy settings.

Is AI integration a concern for you? 🤔

#AndroidPrivacy #AITech

Approov Mobile Security

@approov.bsky.social

9 months ago

Caught Red-Handed: Meta & Yandex's Covert Android Surveillance! Episode Notes: Dive deep into the shocking revelations about covert web-to-app tracking affecting billions of Android users! This episode uncovers a novel tracking method employed by tech giants Meta (Facebook Pixel) and Yandex (Yandex Metrica), which silently links your mobile browsing sessions to your long-lived native app identities. Key Discoveries: • The Localhost Loophole: Learn how Meta and Yandex exploit unrestricted access to localhost sockets on the Android platform. Native apps like Facebook, Instagram, Yandex Maps, Navigator, Browser, and Search listen on fixed local ports (e.g., Meta uses UDP ports 12580-12585; Yandex uses TCP ports 29009, 29010, 30102, 30103) to receive browser metadata, cookies, and commands from scripts embedded on thousands of websites1.... • Bypassing Privacy Protections: This method bypasses typical privacy controls such as clearing cookies, using Incognito Mode, and Android's permission controls4.... It effectively de-anonymises users by linking ephemeral web identifiers (like the _fbp cookie or Android Advertising ID (AAID)) to persistent mobile app IDs, even when users are not logged into the browsers2.... • Meta's Evolution: Discover how Meta Pixel has evolved its techniques, initially using HTTP, then WebSocket, and more recently, WebRTC STUN with SDP Munging to transmit the _fbp cookie. Following disclosure, Meta shifted to WebRTC TURN, and as of early June 2025, the script was no longer sending packets to localhost, with the code responsible for the _fbp cookie almost completely removed. • Yandex's Persistent Method: Yandex Metrica has been using localhost communications since February 2017 via HTTP and HTTPS requests, where their native apps act as a proxy to collect Android-specific identifiers like the AAID and Google's advertising ID, transferring them to the browser context. • Scale of Impact: These trackers are embedded on millions of websites globally. Meta Pixel is present on over 5.8 million websites (2.4 million according to HTTP Archive) and Yandex Metrica on close to 3 million sites (575,448 according to HTTP Archive)2122. Our research found that in a crawl of the top 100k sites, a significant number of sites (over 75% for Meta Pixel, 83-84% for Yandex Metrica) were attempting localhost communications potentially without user consent. • Browsing History Leakage: Yandex's use of HTTP requests for web-to-native ID sharing can expose users' browsing history to malicious third-party apps also listening on the same ports. Browsers like Chrome, Firefox, and Edge were found to be susceptible to this leakage, even in private browsing modes. • Industry Response: While some browsers like Brave and DuckDuckGo were already blocking these practices due to blocklists and existing consent requirements, others like Chrome and Firefox have implemented countermeasures or are actively investigating. Google has stated this behaviour violates Play marketplace terms of service and user privacy expectations, and Meta has paused the feature while discussing with Google. • Lack of Awareness: Neither Meta nor Yandex publicly documented this specific localhost-based communication technique, and website owners and end-users were largely unaware of this covert tracking. Why This Matters: This research highlights a critical vulnerability in Android's design, where unvetted access to localhost sockets breaks the fundamental sandboxing principle between mobile and web contexts10.... Current "fixes" are often specific blocklists, which are temporary solutions in an ongoing "arms race" with trackers. A more comprehensive, long-term solution requires stricter platform policies and user-facing controls on Android to limit this type of access at a fundamental level40.... -------------------------------------------------------------------------------- Special Thanks to our Sponsor: This episode is brought to you by Approov. Approov helps protect your mobile apps and APIs by enforcing trust boundaries between mobile clients and backend services. While it cannot control intentionally collected data, Approov significantly raises the bar for malicious or unauthorized data harvesting by others, mitigating ecosystem-level risks associated with identifier misuse44. Learn more about securing your mobile ecosystem at approov.io. -------------------------------------------------------------------------------- Relevant Links: • Read the full research paper: Link to the research paper "Covert Web-to-App Tracking via Localhost on Android" • Explore the Ars Technica article: Link to the Ars Technica article "Meta and Yandex are de-anonymizing Android users’ web browsing identifiers" • Learn more about mobile security: Link to the "Approov: Mobile Security and Data Protection" source. -------------------------------------------------------------------------------- Keywords: Android tracking, mobile privacy, web-to-app tracking, localhost abuse, Meta Pixel, Yandex Metrica, data de-anonymization, user identity, mobile security, browser privacy, Android security, covert tracking, digital privacy, online tracking, bypass privacy, _fbp cookie, AAID, WebRTC, SDP Munging, STUN, TURN, data protection.

📣 New Podcast! "Caught Red-Handed: Meta & Yandex's Covert Android Surveillance!" on @Spreaker #androidprivacy #androidvulnerability #approov #appsecurity #cybersecurity #dataprotection #facebook #instagram #metapixel #mobilesecurity #onlinetracking #privacybreach #userprivacy #webtracking

Hacker News Companion

@hncompanion.com

9 months ago

Alternative OS solutions: Some users suggest using privacy-focused Android distributions like GrapheneOS or de-Googled versions. These offer more control over network access and app permissions, potentially mitigating this type of tracking. #AndroidPrivacy 6/6

AndroBranch

@androbranch.bsky.social

10 months ago

Top 5 Dangerous Android Permissions You Should Never Allow Discover the top 5 most dangerous Android permissions you should never allow. Learn how apps misuse these permissions and how to protect your privacy with expert tips and best practices.

🚨 Think Before You Tap!
These 5 Android permissions can put your privacy at risk.
📲 Plus, learn how modded apps make it worse.
Read the full guide on AndroBranch now!
www.androbranch.in/post/top-5-d...
#AndroidPrivacy #AppPermissions #AndroBranch

martechnewser

@cheinyeanlim.bsky.social

10 months ago

Is Your Android Phone Secretly Sharing Your Data? Here's How to Stop It Now! - PUPUWEB Which Hidden Android Setting Could Be Risking Your Privacy? Fix It Today! Let me tell you something straight—your phone might be sharing your private data

📱 Is your Android spying on you? Hidden settings might be leaking your data without you knowing. 😱 Learn how to lock it down and take control of your privacy in minutes. Don’t wait. Protect yourself now #AndroidPrivacy

pupuweb.com/is-your-andr...

BizPulse360

@bizpulse360.bsky.social

1 year ago

🔒 Android 15's game-changing Private Space: Your digital vault for sensitive apps! 🚀 Secure isolated environment, extra authentication, hidden from prying eyes. Keep work & personal life totally separate. Privacy just got a serious upgrade! #AndroidPrivacy #Tech

martechnewser

@cheinyeanlim.bsky.social

1 year ago

Activate Google Maps Incognito Mode on Android to Avoid Being Tracked - PUPUWEB Are you on a covert mission or simply value your privacy? Google Maps has a handy feature that lets you go incognito. Follow these steps to keep your

Protect Your Privacy! Learn How to Activate Google Maps Incognito Mode on Android to Safeguard Your Location Privacy and Avoid Being Tracked. Stay anonymous while navigating! #GoogleMaps #IncognitoMode #AndroidPrivacy pupuweb.com/activate-goo...