Here’s an interesting Times article that boils down to what was done with the data obtained via a Facebook quiz app. Note that Facebook did not create this app, but a third party consultant. The intent? To distill enough information about a given voting segment to create political messaging designed to influence those voters.
Although the title is quite misleading, it does capture the fact that people willingly gave clues regarding their political-psychological leanings while “taking the quiz”. Seems harmless, right?
However, they didn’t know that the author was also scraping their profile to gather more information about them and that of their friends. The app author was paid more than $800,000 to create the app… so I’m going to go out on a limb and guess that they weren’t simply trying to figure out your hair color.
Unfortunately, this article is behind the Times pay wall so you’ll have to use one of your 5 monthly free reads if you don’t have a subscription.
How Trump Consultants Exploited the Facebook Data of Millions
Full Article: nyti.ms/2GB9dK4
<< sigh >>.
So a while ago I had a REALLY BAD review on one of my apps. I used up an entire weekend (and a bunch of honey-do credits) debugging scenarios I had to guess at and getting it to work *just right*. I published to the store and YES(!) — the author of that bad review came back and gave it a glowing rebuttal! Only to see my number of crashes for that app continue to climb.
I just figured out why that’s happening: It’s because my daily driver (and therefore test device) is running the latest version of the OS, while the app version that’s failing is for the previous version of the OS. As soon as I fired up that version of the app it became very clear what the problem was. Unfortunately.
So that means this weekend I’ll be rewriting the app to cover whatever it is that changed in that previous version of the OS.
The take away? Always remember to re-test your app on every version of the OS your support, even if nothing has changed in that version of the app. Doing so would have saved me a lot of hair-pulling and headaches.
<< sigh >>
… because they are insecure in a fundamental way that currently isn’t defendable or fixable.
UPDATE: I’ve edited the section dealing with alternatives after some further research.
Here’s the background:
Worse yet, you see in Article #2 above that the exploit is IN THE WILD AND FREELY AVAILABLE.
So what are we supposed to do? The alternatives are simple:
- Use Cloud services.
– Such as OneDrive, Dropbox, Box, Google Drive, etc.
– The downside is that you have to be connected and allowed to reach that service to get your files.
- Use other storage media.
– The SD card family (standard, mini, micro, etc).
– The first downside is that SD cards aren’t supported by everything.
– The second downside is that, hands down, USB is the current ruler of connected media.
– The third downside is that SD cards also have a controller chip inside and eventually those might be co-opted like the USB controller chips have.
- Use storage media that has a different physical interface.
– FireWire is a good example.
– Unfortunately, the same issue exists here because drives using this cable standard have controller chips too.
- Use storage media that ha no physical interface.
– WiFi Drives are currently a decent alternative but are not intuitive enough for everybody, and open up a whole different can of worms.
If these things aren’t feasible then you can still purchase brand new drives from “big box” stores (BestBuy, TigerDirect, etc.). Just be aware that you’re potentially in the same boat as if you had an infected USB drive. Infected drives infect the machines they are plugged into, and infected machines infect USB drives that are plugged into them. As of right now there’s simply no “protection” for this type of infection.