Tag: deletion | SpinSafe

Google follows Apple by introducing account deletion policy for Android apps

April 5, 2023/in Mobile Security

Image Credits: Anadolu Agency / Contributor / Getty Images

Google announced a new account deletion policy for Android apps today, which means that apps that offer account creation must have an easy way to delete the account as well. The company said that it will start enforcing this policy sometime early next year. This move follows Apple, which implemented a similar policy on June 30, 2022 for apps on the App Store.

The company said that it will ask developers to answer questions regarding their app’s data deletion in the Data Safety form by December 7. The developer responses in the form are reflected in Google Play’s Data Safety section, which provides users with information about an app’s data collection practices in the form of labels.

Google mentioned that with this new policy, the company will tweak the Data Safety section on the Play Store to better reflect the data controls available to them. The search giants said that sometime early next year users will start seeing data deletion badges on Google Play on apps that have completed their forms and modified their code to allow account deletion.

Image Credits: Google

The search giant said that apps must provide “an option to initiate account and data deletion from within the app and online” and the feature should be easily discoverable. Plus, the policy also requires developers to delete the user data from their servers on account deletion. If a developer needs to keep user data for specific reasons, they must specify that in the app.

“As the new policy states, when you fulfill a request to delete an account, you must also delete the data associated with that account. The feature also gives developers a way to provide more choice: users who may not want to delete their account entirely can choose to delete other data only where applicable (such as activity history, images, or videos). For developers that need to retain certain data for legitimate reasons such as security, fraud prevention, or regulatory compliance, you must disclose those data retention practices,” Google said in its announcement.

The company will provide an extended grace period until May 31, 2024, for developers who might…

Source…

Not-So-Secret Service: Text Retention and Deletion Policies

July 28, 2022/in Mobile Security

Recent news reports indicate that the United States Secret Service, as part of a hardware replacement policy for agents’ phones, allowed individual agents to wipe all of the data from their devices, and failed to preserve text messages as required both by federal law and pursuant to demands from both Congress and the USSS’s oversight agency, the DHS Office of the Inspector General.

It was reported that, long before the replacement program was implemented, employees were advised of their document retention requirements, and were provided specific procedures about how to restore their old devices to factory settings while preserving the data formerly contained therein. Apparently, nobody got the memo, or — in a more sinister interpretation — they got and deliberately ignored that memo. Generally, I am a fan of not attributing to venality that which mere stupidity can adequately explain, but when the device wiping was systematic and programmatic, that’s an awful lot of stupidity to explain. Many government agencies and private entities have both a hardware and data life cycle. Laptops, hard drives and smartphones are replaced. Emails that are no longer needed for the company, and for which there is no legal retention requirement are purged, as are outdated documents, files, attachments, etc. In fact, from a privacy and data security standpoint, it is important to get rid of data that is no longer needed and to update hardware and software in a way that includes the latest security and privacy protections.

The flip side of this, of course, is that data that is needed for the functioning of the entity—or which is required to be maintained by law—must be preserved in the process of upgrading or migrating.

As such, companies need to have robust document retention and destruction programs to identify data that needs to be deleted and data that needs to be kept. This includes a process for a litigation hold—that is, a suspension of the document destruction program when the data that is to be destroyed is relevant to ongoing or anticipated litigation or investigation. To be subject to a litigation hold, it is not necessary that there actually be litigation and formal…

Source…

Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker

September 29, 2018/in Computer Security

A Taiwanese bug hunter says that he will livestream his attempt to delete Mark Zuckerberg’s Facebook page this weekend.

Read more in my article on the Hot for Security blog.

Graham Cluley

Pop-up Android adware uses social engineering to resist deletion – The Register

June 7, 2017/in Mobile Security

The Register

Pop-up Android adware uses social engineering to resist deletion
The Register
A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns. The dodgy Android utility poses as "Ks Clean", an Android cleaner app. Once installed, the app displays a fake …

and more »

android security – read more

Tag Archive for: deletion