GPS, social media, photo editing, streaming music, I have an app for that. You probably do, too. We rely on apps of all kinds to accomplish simple everyday tasks.
When you take the time to download an app, you should be able to expect a certain level of privacy and security to come with it. Unfortunately, that’s not always the case.
That’s why you need to know about this app that could be sending your personal data to China. Don’t forget to share this article with family and friends. Your kids and grandkids might actually be using the app.
What are fidget spinners?
Have you gotten in on the fidget spinner craze? If you don’t know what a fidget spinner is, it’s a toy that consists of a ball bearing in the center of a multi-lobed flat structure designed to spin along its axis with a simple flick of the finger. Some people find them calming when they use one.
These toys were extremely popular earlier this year. In fact, they were so popular manufacturers started adding extra features to make them even more desirable. One added feature was the advent of fidget spinners with Bluetooth connectivity.
Yep, you heard me right…Bluetooth connectivity. This made it possible to build speakers for music, as well as LED lights, right into the fidget spinner. The LED lights can sync with music for a special light show.
Image: Example of Bluetooth connected fidget spinner with speakers and LED lights.
How your personal data could be at risk
For the ability to control a Bluetooth connected fidget spinner, users need to download an app. A security researcher recently discovered that one of these apps found in the Google Play Store is collecting data from other apps on the user’s phone and sending it to a server located in China.
I’m talking about the AiTURE app, which was developed by Shenzhen Heaton Technology in China.
The researcher conducted some tests on apps that were installed on his phone to see how they transmit information to the Cloud. He reverse-engineered Bluetooth communications between the fidget spinner and the AiTURE app. He claims that a large portion of data from his phone is being sent to a server in China.
He said that the app transmitted data regarding all of the other apps installed on his phone in clear text, not encrypted. He thinks that the information is being used to provide customers with targeted ads.
However, it is possible that this could result in zero-day exploits being installed on users’ phones. Either way, I suggest deleting the app from your gadget if you or anyone that you know uses it. It’s always better to be safe than sorry.
From webcams, sign-ins, to Alexa, don’t make these mistakes
When our PCs work normally, we sometimes take them for granted. We recklessly fill up our hard drives with data, download files, install applications and browse the web as we please. But of course, all it takes is one installation of a malicious application to ruin your PC and worse, have all your information stolen.