2024 Calendar

“Clicking on I Agree”: Cybersecurity, Privacy & Safety Threats Associated with Accepting App Terms of Use 

“Clicking on I Agree”: Cybersecurity, Privacy & Safety Threats Associated with Accepting App Terms of Use 

Ever wonder what you are accepting when you click on “I Agree” to accept the collective terms of use that support popular operating systems (OSs), apps, and social media platforms?

You will be shocked to know that popular OSs, apps, and social media platforms are supported by predatory terms of use enabling all developers concerned, including those from China and Russia, to surveil and data mine their end users for profits 24x7/365 days per year.

The surveillance and data mining comes at the expense of the end user’s privacy, cybersecurity, and safety since most apps and social media platforms are intentionally developed to be highly addictive in order for the developer to exploit the end user for profits according to the Netflix documentary, “The Social Dilemma”.

Cyber-enslavement Agreements - End User Exploitation

In essence, OS, app, and social media end users are accepting “cyber-enslavement agreements”, meaning that once the end user clicks on “I agree” they are accepting the fact that they will be used as “Uncompensated Information Producers” whom are to be exploited for profits by the very tech companies the end user patronizes with their trust, loyalty, and hard-earned money.

According to the Netflix documentary, “The Social Dilemma”, Google, Facebook, plus other intrusive app and social media companies intentionally develop their apps and platforms to be highly addictive even at the expense of the end user’s privacy and safety.

The Facebook/Instagram whistleblower, Francis Haugan, also testified before congress in the fall of 2021 that Meta knew of the harmful affects Facebook and Instagram had on end users, especially teens and children, yet Meta continued to do business as usual in light of some end user’s ultimately committing suicide according the medical reports featured in “The Social Dilemma”.

According to Meta Cofounder, Sean Parker (Axios News), Facebook and Instagram use highly addictive and dangerous technology associated with “brain hijacking” technologies (social validation feedback loops) that support manipulative advertising technologies in order to exploit end users, including teens & children, for profits.

The surveillance and data mining business practices employed by tech giants such as Google, Facebook, ByteDance (TikTok-China), Instagram, and other tech giants pose massive privacy, cybersecurity, and safety threats to end users, including the end user’s employer.

With all of this being said, let me pose a question: “How is it legal for tech giants to intentionally develop highly addictive and dangerous technology in order to lawfully exploit their product users for financial gain at the expense of the user’s civil liberties, privacy, cyber security, and safety?”

Answer: “The collective terms of use that support all OS, apps, & social media platforms concerned give all app developers concerned the ability to lawfully monitor, track, and data-mine the end user for profit.”

Even app developers from adversarial countries such as China and Russia, are enabled by the U.S. Government, Google, Apple, and Microsoft to lawfully monitor, track, and data mine the Android OS, Apple iOS, and Microsoft Windows 8, 10, & 11 OS end user for profits posing massive privacy and cybersecurity threats to end users, including the end user’s employer.

Case Study- Samsung Galaxy Note Supported by The Android OS (Google)

I had purchased a Samsung Galaxy Note, supported by the Android OS, from a T-Mobile Corporate Store in Texas, to use while doing contract work for U.S. defense contractor, Space Data.

After reviewing some of the app permissions that supported the uncontrollable preinstalled (rooted) apps, I became concerned that the Samsung Galaxy Note smartphone was not a secure device to use within a confidential and protected environment such as the defense industry, critical infrastructure, government, and enterprise business.

I did an OS, App, and cloud storage service terms of use analysis on the over 300 preinstalled apps that supported the Samsung Galaxy note.

The collective preinstalled apps were developed by over 15 multinational corporations, including those from China that had partnered with Google the developers of the Android OS.

My findings were shocking and concerning to say the least, especially considering some of the preinstalled apps were developed by multinational companies from China, such as Baidu.

Intrusive OS and Apps- Developer Access to Highly Confidential and Protected Information (Business/Personal)

I was horrified to find out that a single intrusive preinstalled app enabled the developer, including developers from China, to surveil the end user 24x7/365 days a year while data mining over 5,000 highly confidential data points associated with the end user’s personal, business, medical, legal, and employment information to exploit for profits.

The collective personal and business-related information being harvested from the Samsung Galaxy Note product owner by numerous preinstalled app developers included the following:

  • Surveillance data, such as location data, geofence data, motion data, health and fitness data, auto-telematics (a car’s speed), biometric data, audio and video of the user, among others. Note that geofence data includes the specific time a user arrives and departs from specific locations.
  • Sensitive user data, such as the user’s ID, text messages, email attachments, emails, contacts (electronic address book), calendar events, instant messages, and other particulars.
  • Surveillance and sensitive user data acquired from multiple sources (connected to the host device), such as voice-automated products (e.g. Echo powered by Alexa/Amazon), social media accounts, personal accounts (banking, medical, etc.), tablet PCs, TVs, and vehicles.

Forced Participation by Predatory Terms of Use

My findings concluded that most of the preinstalled apps could not be uninstalled or controlled by the Samsung Galaxy Note owner and/or device end user.

Furthermore, if the device owner rejected the terms of use that supported the OS, apps, and cloud storage services, then the product owner could not use the Galaxy Note Smartphone even though the owner paid money for the device.

This meant that the Samsung Galaxy Note owner was forced to be surveilled by numerous multinational corporations, including those from China, who were responsible for the development of the Android OS, Apps, cloud storage servers, and social media platforms.

Additionally, the OS and many of the app developers owned cloud storage services which were also supported by predatory terms of use enabling the cloud storage service provider to access confidential and protected information stored on their servers, this included developers and servers located in China.

Terms of Use Analysis- Transparent & Nontransparent T&Cs

After finding out that some of the preinstalled app developers were from China, I asked myself if I had agreed to be monitored, tracked, and data-mined for profits by all multinational companies concerned when I clicked on “I Agree” to accept the collective terms of use that supported the OS, Apps, social media platforms, and the cloud storage servers. 

Considering I was doing work for a defense contractor at the time, I needed to validate if I had if fact agreed to be surveilled and data mined for profits 24x7/365 days a year for financial gain, so I authored a Samsung Galaxy Note preinstalled app and terms of use analysis and report.

I had uncovered the fact that there are two sets of terms of use that support the OS and apps which include online terms of use and in-device terms of use.

Below is a breakdown of the collective terms of use that supported the Samsung Galaxy Note I had purchased from T-Mobile.

Transparent Terms of Use - Online Privacy Policies, T&Cs, & EULAs

I initially reviewed the online terms of use which were transparent to the end user.

Online terms of use included:

  • Privacy Policies
  • Terms & Conditions
  • End User Licensing Agreements

I couldn’t find anything specific regarding how much surveillance and data mining the OS and app developers could conduct on the end user.

However, privacy polices did state that Google and their app developer partners could share “unidentifiable” personal information with numerous third parties that included advertisers, publishers, partners, and other nebulous entities.

I had a false sense of security that my ID was at least protected, but I would find out that the in-device app permissions stated that numerous third parties could in fact identify me by the information they were collecting which meant that the online terms of use and in-device terms of use were contradictive, confusing, and could not be understood.

The in-device terms of use did reveal how much surveillance and data mining the Android OS developer (Google) and preinstalled app developers could conduct on the Samsung Galaxy Note product owner and/or end user.

Nontransparent Terms of Use - Hidden-in-Device T&Cs

In-device T&Cs such as app permissions are the most important T&Cs because the app permissions state specifically how much surveillance and data mining the OS and preinstalled app developers can conduct on the product owner and/or end user.

In-device T&Cs include:

  • Application Permission Statements Associated with Surveillance & Data Mining Capabilities and Business Practices
  • Application Product Warnings- Many Preinstalled Apps Contain Product Warnings that are Not Published with Online T&Cs
  • Interactive Application Permission Command Strings which Enable Two or More App Developers to Conduct Surveillance & Data Mining on the End User by Way of a Single Intrusive Preinstalled App

My report concluded that the Samsung Galaxy Note product owner accepts over 3,000 pages of complicated legalese written in a torturous manner that enables numerous app developers, including those from China, to surveil, data mine, and exploit the Samsung Galaxy Note product owner for profits at the expense of the device user’s privacy, cybersecurity, civil liberties, and safety by way of highly addictive, dangerous, and intrusive preinstalled apps.

Connected Products Are Not Private or Secure

In closing, we can see that smartphones, tablet PCs, connected products and PCs supported by the Android OS, Apple iOS, and Microsoft Windows 8, 10, & 11 OS are not private, secure, or safe forms of telecommunications and computing due to intrusive pre-installed apps.

Don’t take my word for this claim: T-Mobile and Verizon confirmed to me that all products concerned aren’t private, secure or safe due to pre-installed surveillance and data mining technology developed by Google, Apple, and Microsoft, plus all relevant pre-installed content developers.

T-Mobile’s admission: “We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to our personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.”—T-Mobile Privacy Team (FCC Consumer Complaint #423849 filed by Rex M. Lee/Public Record)

In April, I contacted Verizon to see if I could purchase a private, secure, and safe smartphone, tablet PC, or even a traditional cellular phone. 

While Verizon said they could sell me a private, secure, and safe telecom-related solution, after reviewing the options, I concluded that wasn’t the case.

Verizon agreed with my conclusions that all products concerned aren’t private, secure, or safe telecom-related solutions:

Verizon’s admission: “We have reviewed your request at the highest levels of our organization and have confirmed that the only solutions to make a phone private and secure are available through third-parties, not directly from Verizon. … Additionally, Verizon is not equipped to address preinstalled solutions or applications on any device.” (July 2, 2018)

Below are some examples (including screen shots) of in-device application permission statements, application product warnings, and interactive application permission statements:

  • Android App Permission- Access to your personal ID/App Developers Can Identify App End Users:

 

  • Android App Permission & Product Warning-Access to Social Media Messages & Warning to Censor Speech

 

  • Android App Permission- Access to SMS/Text Messages

 

  • Android App Permission- Access to Contacts/Product Warning: 

  • Android App Permission- Access to Calendar Data, Including Attachments: 

 

  • Access to Microphone and Volume Control/End Users Are Recorded Without Confirmation:

  • Android App Permission- Access to Camera/Video Surveillance Is Conducted on End Users Without Confirmation:

  • Android App Permission- Access to Email, Including Attachments & Instant Messages:

  • Android App Permission- Access to Surveillance Data, Including Location Data: 

 

Note that the above app permissions and product warnings are only a few of numerous permissions that support hundreds of preinstalled apps and 3rd-party apps downloaded from app stores. 

Note that some individual apps can be supported by over 60 intrusive and exploitative permissions.

Question: “If you were enabled to read the enclosed pre-installed app permissions and product warnings prior to making your smartphone purchase, would you have purchased your smartphone?”

I believe that it is illegal to hide application legalese such as product warnings from consumers and businesses which I believe the FTC and State AGs need to investigate.

Hiding product warnings from consumers is tantamount to a cigarette company hiding the product warnings associated with cigarettes within the packaging.

It is important that corporate counsel, CTOs, and CISOs do a complete preinstalled app and terms of use analysis in order to see how much of their corporate confidential and protected information is being exposed to unauthorized 3rd-party app developers, including those from China and Russia.

Bio

Rex M. Lee, Cybersecurity and Privacy Advisor/Tech Journalist.  For more information, please visit CyberTalk TV at: www.CyberTalkTV.com