Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

Vendor: Shopify Vendor URL: https://shop.app/ Versions affected: Shop Android 2.19.0-release+307, Shop iOS 2.20.0 Authors: Dan Hastings – dan.hastings[at]nccgroup[dot]com Summary In the Shop app when adding a package, any data that matches a specific format defined by Shopify that is contained on the global pasteboard (iOS) or clipboard (Android) is automatically sent without user interaction to … Continue reading Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

Vendor: ParcelTrack Vendor URL: https://www.parceltrack.de/ Versions affected: ParcelTrack Android Version 3.3, ParcelTrack iOS Version 3.3 Author: Dan Hastings – dan.hastings[at]nccgroup[dot]com Summary Upon start of the ParcelTrack application any data contained on the global pasteboard (iOS) or clipboard (Android) will be sent to Parcel Track’s servers. Impact Sensitive PII such as credit card numbers and passwords … Continue reading Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

Tool Release – Solitude: A privacy analysis tool

Created by Dan Hastings and Emanuel Flores Solitude is an open source privacy analysis tool that enables you to conduct your own privacy investigations into where your private data goes once it leaves your web browser or mobile device. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating an … Continue reading Tool Release – Solitude: A privacy analysis tool