The Anti-virus Times

Thursday, May 20, 2021

Recently media outlets have been discussing the new step taken by Facebook and Instagram: after iOS was updated to version 14.5, users of devices running this OS saw in the above-mentioned applications a call from the developers to help keep these social networks free of charge. Thus, the owners of these social networks are encouraging users to allow their personal data to be collected in order to display advertisements. Moreover, refusing personalised ads does not mean they’ll be absent—the ads will just be less targeted. Here are the new windows:

The fact that Facebook and Instagram are free, something to which we have all grown accustomed, is a good thing, but it is also clear that this plausible pretext does not negate the danger of targeted promotions of dubious and downright malicious offers. Not to mention the fact that personal data, even in an anonymous form, getting into the hands of a third party is very unpleasant for many users. The following news post stating that by May 6, 96% of iPhone users had opted out of app tracking looks very telling.

What kind of data are we talking about? The experimental targeted advertising that Signal placed on Instagram clearly demonstrated that. People who viewed that ad saw some information about themselves directly in the ads:

"Companies like Facebook aren’t building technology for you, they’re building technology for your data. They collect everything they can from FB, Instagram, and WhatsApp in order to sell visibility into people and their lives"—this is the conclusion made by Signal’s specialists; you can find more information about their experiment in the results that they published.

So, the companies are selling information, but who’s buying it? Recent practice shows that a buyer could be, roughly speaking, anyone—and with dubious offers that, thanks to the targeting, may seem very appropriate to users.

We don't have to look very far for examples. The video-hosting service YouTube shamelessly demonstrates fraudulent advertising on behalf of "Gazprom", offering a link that goes to a fraudulent site.

Note that despite the rather strict requirements for placing ads (for example, on Facebook, advertising drugs, alcohol, fraud, etc. is prohibited, and YouTube has its own rules, too), fraudsters—to this day—know how to bypass moderation.

Therefore, attackers can not only lure users to fraudulent sites, but they can also prompt users to download fake programs that Dr.Web detects as belonging to the Android.FakeApp family (you can find more information about them in one of our recent "mobile" reviews.

So, getting back to the risks associated with requests from Facebook and Instagram, we’ll note the following. Data transmitted by advertisers helps them promote various and more targeted offers, and, therefore, this increases cybercriminals' chances of successfully promoting fake web resources. Thus, from the user's point of view, urgent requests from large companies to share personal user data look at the very like a dubious and unpleasant step.

#iOS #Android #fraud #location_tracking #personal_data #page_replacement