Verizon slammed for installing 'spyware' on phones

Posted Apr 3, 2017 by James Walker
Verizon has been accused of installing "spyware" on new phones. The company has developed an app that's supposed to help people find content from services they don’t have installed. The privacy policy reveals it does more than make recommendations.
A Verizon Wireless store
A Verizon Wireless store
Justin Sullivan, Getty/AFP/File
The app is called AppFlash and it was announced last week. It will be available on Android phones sold by Verizon as a new launcher tab available to the left of the home screen. Once fully operational, it'll include links to nearby restaurants, movies for you to watch and details of news apps to download.
After the announcement, the Electronic Frontier Foundation (EFF) scrutinised the app's privacy policy. The digital rights group then penned a blog post describing the app as "spyware," noting it appears to track downloaded apps and use the information for targeted advertising. By assessing the genre and names of apps you have installed, it could work out which bank you use, the services you're connected to, products in your home and personal health details.
AppFlash's privacy policy also allows it to collect data including your mobile number, information about your device and your usage of the app itself. On top of this, Verizon can see the precise location of your phone and share the whole data package inside its family of companies. Specifically, AOL "may use it to help provide more relevant advertising" on websites external to AppFlash itself.
Given AppFlash was announced in the same week that the FCC repealed its new privacy regulations, the app hasn't been given the reception Verizon was looking for. However, the EFF has since withdrawn its statement after receiving new information from Verizon. The group confirmed it is re-evaluating the app based on Verizon's insistence that AppFlash will be removable and opt-in only.
"As we said earlier this week, we are testing AppFlash to make app discovery better for consumers," Kelly Crummey, Verizon Directory of Corporate Communications, said to the EFF. "The test is on a single phone – LG K20 V – and you have to opt-in to use the app. Or, you can easily disable the app. Nobody is required to use it. Verizon is committed to your privacy."
The EFF's original concerns with AppFlash were centred on the idea it'd create a large and unified target for attackers. If AppFlash came preinstalled on every Verizon phone, cybercriminals could find a bug or backdoor and use it to access the personal data of hundreds of thousands of people. Making the app opt-in should mitigate this problem though.
Beyond being a highly visible attack surface, the EFF also noted that AppFlash advocates the monetisation of the personal data of users. Verizon has strongly contested this claim in a blog post, stating "We don't do it and that's the bottom line." It also explained how its Verizon Select targeted advertising program works, emphasising only aggregate data is exposed to marketers.
Assuming Verizon keeps its pledge and makes AppFlash removable, it's unlikely many people will actually use the app. The entire concept is nothing more than additional bloatware to encumber new carrier handsets. AppFlash is actually a rebranded version of the existing Evie Launcher app and it can't do anything extra over the Google app already included with Android.