Google collects Android users’ locations even when location services are disabled

I honestly do not know where to begin with this article.  I believe the most logical place to start is I have no doubt similar problems may exist within devices from other mobile operating systems.  I doubt this is exclusively an Android or Google problem.  That said, it is deeply concerning, especially given the data collection and sharing process going on in the absence of even an active SIM card.

I am not advocating for the mass production of tin foil hats, but I will say this.  If you have your smartphone with you, you are most certainly never alone.

https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/

Additional KRACK Vulnerability Related News and Updates

Microsoft updates are published and available.  The iOS fix is in beta and should be released in the next few days.  Android patches are still in the works and may not be available for weeks.  Pixel will receive updates first while other Android devices will be dependent on hardware vendor support.

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/?utm_source=feedly&utm_medium=webfeeds

Twitter-Controlled Android Botnet Discovered

The technical geek side of me finds this innovative command communication technique ingenious.  The IT Security side of me is concerned about this latest evolution in the command/control process and its affect on admins attempting to limit this type of communication.  It can and will hamper filtering efforts at the DNS level.

http://www.infosecurity-magazine.com/news/twittercontrolled-android-botnet/

Prepare for trouble: Pokemon Go sparks privacy issues, malware and muggings

Daniel Suarez and others have written (in fiction) about a world in which reality and virtual reality blend together, creating sub-cultures and super-cultures of people and technology coexisting in a pseudo symbiotic relationship.  As funny as this next statement is going to sound, Nintendo and Pokemon Go may have kicked off this evolution in our very real, non-fiction world.

The security issues discussed in this article are to be taken seriously, though they are also quite easily remedied.  When it comes to the actual acquisition of the app, download it from the Google Play store and take the time to make sure you have the proper version.  This should be the practice for all downloads, not just the hottest new craze on the market.  Concerning Google permissions, a patch is forthcoming.  I would consider other authentication mechanisms in the interim if you are concerned about the access granted to the game.  Though we would like to think all developers and companies have our privacy in mind when they present apps and develop code, frankly, the real world simply does not work that way.  They want to meet deadlines and they want to make money and both practices can be hindered by security common sense from time to time.

http://www.scmagazine.com/pokemon-goes-wrong-with-malware-and-armed-muggings/article/508755/