Google has issued a patch for Chrome for Android that takes care of a security security flaw that leaked information about smartphones’ hardware model, firmware version, and indirectly the device’s security patch level. The vulnerability could open up users to exploit targeting and user fingerprinting.
Expert Comments below:
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“The ability to access information via user agent strings will benefit exploit targeting regardless of what browser is used. App developers and browser developers should do a thorough mapping of what user information they gather and share and ensure they’ve obtained user consent for such activities. With GDPR regulators soon to issue penalties and similar privacy laws in the horizon, app developers will have to rely on their own custom string to override user-agent strings that conduct unauthorized data processes. By requiring user consent, these privacy laws will lift the veil on rampant online surveillance activities–whether deliberate or as a result of bugs–that have so far passed largely unnoticed by internet users.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.