Data Collection by Software
User data is collected by programs installed on both mobile devices and desktop computers, and in some cases, developer abuses can turn an application into a genuine cyber spy.
In this article, I would like to address this issue using one program as an example, showing you in detail what information is collected, how, and why, while also introducing you to examples of data collection abuse.
I will analyze the Panic Button (as of 2021 - the project is closed.) – our program, which does not have cyber spying functionality, nor tools for constant monitoring of your system and collecting data about the programs you use. We will consider the latter in the chapter on telemetry – a phenomenon bordering on cyber spying.
You might be surprised by the phrase about collecting information on other programs – do not be surprised, some applications collect this data, usually to combat competitors. For example, recently in the Russian taxi aggregator segment, a scandal erupted: one of the market veterans, Gett, suspected Yandex.Taxi of unfair competition.
According to representatives of Gett, the Yandex.Taxi application has hidden functionality that checks whether there are competitor applications on the user's device, and if such applications are present, it changes its pricing policy, undercutting their offers. Representatives of Yandex.Taxi predictably rejected all accusations.
Panic Button does not secretly collect any information, however, some programs can indeed do this. For example, the Uber application was caught spying on passengers, tracking their movements even after the ride was completed.
Unfortunately, we cannot teach you how to check what data applications are sending, as most of the time it is encrypted, but we will teach you how to check which applications and programs, how often, how much, and where they are sending data within the framework of this course.
What Data Does Panic Button Collect About the User and Why
IP Address
The IP address is collected during any data exchange between the program and the server. I cannot say that this is an important parameter for the developer; the country can only be determined with a large margin of error, it is not static, and most users' IP addresses change constantly.
More important than IP addresses are anti-DDoS and IPS (Intrusion Prevention System): for example, if you start scanning our servers for vulnerabilities, the intrusion prevention system will detect this and temporarily...