contador web Saltar al contenido

Your privacy may be at risk with Vlingo

For those who do not know the VlingoHere's a short introduction: According to the Wall Street Journal, an app that does everything you say. as if it were your virtual assistant. Speak "Send a text to Felipe; what's up, all right?" it's the Vlingo answer your request promptly and smoothly. Ask him to find some good Italian restaurant in the vicinity of his current location and he will too. In fact, from those apps that get the attention of those who like to challenge the machines' "cognition" ability, in this case, android smartphones.

The problem that Jrg V., a member of AndroidPIT, resolved to monitor Vlingo's output control using a program called Logcat. This allows users to view the internal log of the Android system. After erasing some data from Vlingo, the app initiated a connection to several servers in the United States and, once established, started sending them personal data, such as the phone's identification number and its location at that time.

Personal data is sent to servers in the U.S.

It is quite obvious that Vlingo needs this data to be able to operate effectively. Until then we see no problem. After all, how would a voice application work that gives spatial coordinates to its users without knowing their actual location? The big problem is that the steps that must be taken to ensure that such important information, such as the current location of a user, reach these servers that did not sound very good to us: such data was sent in the form of an encrypted URL without the user purchased Vlingo has received any request for authorization to send such data. Jrg V. had never confirmed and accepted any terms and conditions of use of the application …

To the techies So here is an example of the type of data packet that the app sends to servers in the US:

/ VLServiceUtil: BackgroundHttpManager1 (25106): VLG _ ** vlclient: DeviceMake = samsung; DeviceOSName = Android; DeviceModel = GT-N7000; DeviceOS = 2.3.6; Language = de-DE; ConnectionType = DirectTCP; Carrier = T-Mobile A; CarrierCountry = AT; DeviceID = 359532540167434; AudioDevice = Android

vllocation = Lat = 46.178338204999932; Long = 14.362434382504343; Alt = 0.0; GSM_MCC = 232; GSM_MNC = 03; CID = 2107021; LAC = 58400;

And even without confirming any terms and conditions of use of personal data, Vlingo sends the user's personal contacts to an encrypted server:

D / HttpRequest: BackgroundHttpManager1 (24,427): WGKK fn> 10/1 ln> s> information fn> 118 676 ln> c> e> taxi fn> 60 ln> c> s >……..

And even the music data is included in this "transport":

D / HttpRequest: BackgroundHttpManager2 (24,427): …….. I / LMTTDBUtil-BackgroundHttpManager2 (24 427): DB VLG_opened. Got android.database.sqlite.SQLiteDatabase @ 405e39f8 I / LMTTChunkUpdate-BackgroundHttpManager2 (24 427): VLG_LMTTChunkUpdate: _ !! SUCCESSFUL TRANSFER CHUNK !! I / LMTTChunkUpdate-BackgroundHttpManager2 (24 427): VLG_LMTTChunkUpdate: _ chunk lmtt had 52 items _HttpResponse () 'type =' song, playlist "count =" 52.0 "" 'from I / LMTTChunkUpdate-BackgroundHttpManager2 (24 427): VLG_LMTTChunkUpdate: _ALL DONE LMTT UPDATE – SUCCESS I / LMTTChunkUpdate-VTH: 24H @ reply is com.vlingo.client.core.http.HttpResponse 40527cb0

Vlingo founder confirms data submission

AndroidPIT contacted the Vlingo representative and founder, John Nguyen. The conversation was very interesting and we got a lot of useful information about the app. Nguyen has categorically stated that Vlingo is not making any use of its users' personal data in any way other than to provide them with the service they have acquired. This is not even in the case that the application takes over such private and expensive information from any user even before their prior consent. According to Vlingo technicians, this is because there are problems synchronizing with the processes that normally run in the background.

The company has pledged to bring a solution to this problem and to issue an official statement in the next few hours.

It should be made very clear that the subject of "privacy in the virtual world" is taken very seriously here on the Old Continent. If you are more interested in the topic, read our colleague Steven Blum's beautiful article on the new legislation that prepares the European Commission for issues that concern the total protection of personal data used by companies such as Facebook, Google or Amazon. One of the most interesting aspects of his text is the comparison he makes in terms of cultural differences between the United States and Europe to conclude that the importance of individual privacy, including in the virtual sphere, is something that Europeans value far more than anything. the Yankees. Or at least that is different in these two parts of the globe. The question: how has this been dealt with in Brazil by the legislature and also by public opinion? Interesting question to be addressed.

. (tagsToTranslate) Vlingo (t) network privacy (t) Android smartphones and privacy