A sampling of stories from the past week that affect privacy and security and should be on your radar.

More than half App Store privacy labels false in small-scale Washington Post spot checks

This was not a well-conducted study, and the article admits that, but it is worth noting. A Washington Post reporter randomly picked about two dozen apps from the App Store and noted that over a dozen of them were lying on their privacy labels. A more robust study is needed, but this initial finding would suggest that the new privacy labels can’t be fully trusted unfortunately. Don’t depend solely on those.

Security News This Week: Update Your iPhone and iPad Now If You Haven't Recently

This week iOS 14.4 patched three severe exploits that were being used in the wild. One allowed attackers to gain root access and two affected Safari (and, from what I understand, every other possible iOS browser by extension). Update if you’re an iPhone user.

Recent root-giving Sudo bug also impacts macOS

In late January a researcher discovered a potential flaw in Linux’s Sudo program allowing an attacker to escalate even a non-admin user to admin status and attack a machine. It turns out that Macs also have Sudo installed, meaning this vulnerability affects them. At the time of this writing, the patch is being developed so be sure to check for updates frequently if you’re a Mac user.

Apple will invest $3.6 billion in Kia Motors to build an Apple Car, report says

I found this story interesting because it highlights how vehicle data is the next big thing. Microsoft is already in on it, Google just recently got into it, and now Apple is next. It should be noted that Google and Apple already had a slight handle in this industry as some systems come with or support integration with Apple Maps or Google Maps.

Amazon’s Ring now reportedly partners with more than 2,000 US police and fire departments

Another “worth knowing” story, Ring doorbells are popular for police because they can be used as no-cost (to them) surveillance cameras. In some cases in real time, but more often after-the-fact. This practice is growing.

Amazon says government demands for user data spiked by 800% in 2020

Related to the previous story, government requests for user data from Amazon spiked. Most requests were for “non-user data,” aka metadata (not the actual content). Startling figures worth noting.

Amazon founder Bezos will give CEO role to AWS leader Andy Jassy, become executive chairman

Another “worth knowing” story. Jeff Bezos is finally stepping down as Amazon CEO, however he will still be around and closely involved.

Microsoft repo installed on all Raspberry Pi’s

A slightly misleading title, a Redditor noticed that Raspbian – the “official” operating system for Raspberry Pis – secretly added a Microsoft repo to all their latest versions. That means every time you check for updates, you ping Microsoft’s servers even if you aren’t using any Microsoft offerings. This of course, is a privacy concern as now Microsoft can see who uses Raspbian even if they have no reason to know that. If you use Rasbian, be sure to delete this repo or redirect it to localhost (127.0.0.1)

No Secret Evidence in Our Courts

EFF successfully won a case in New Jersey (USA) that a defendant has the right to see source code in cases where an algorithm or program helped to implicate a person. In this specific case, a man was implicated in a crime due to his DNA being identified by TrueAllele DNA analysis software. Because the software is the one making this allegation, the courts ruled that the man and his legal team had a right to have to the proprietary source code to check the algorithms and see how it came to that conclusion. This is a win for transparency.

Concourt bans bulk Internet surveillance in South Africa

South Africa’s highest court has ruled that “bulk surveillance” of online communication is illegal, preventing South Africa from legally scooping up all digital information NSA/GCHQ-style. The article goes into greater detail about how South African surveillance laws work and how the court interpreted all this, but the important thing is that mass surveillance is legally not okay in the country. A victory for privacy.

Spy planes grounded in US following privacy battle

A highly controversial program in Baltimore had been grounded pending a lawsuit. Baltimore police were using spy plans for up to 11 hours per day to monitor the city from the air and identify criminals and other leads in crimes. The police claim they were retiring the program of their own accord because it had proven ineffective, not because of the lawsuit. Either way, the program is currently over and looks to stay that way. Another victory for privacy.

If you would like to know more about these stories and other privacy news, be sure to check out my weekly current events podcast with Techlore.