Category Archives: Mobile

Privacy Violation and security vulnerability with “Verizon Cloud”

Carrier: Verizon Wireless
Product: Verizon Cloud
Device: Samsung Galaxy S3 (SCH-I535)
OS: Android v4.4.2

The default behavior of the “Verizon Cloud” application enables automatic backup of all of the possible items from the mobile device prior to the user pressing accepting the terms and conditions. These item include:
Contacts
Photos
Videos
Music
Documents
Messages
Call Logs

To disable the default behavior, the user must accept the terms and conditions of the application in order to open the application and disable the default behavior.

This default behavior effectively holds the user’s data hostage, forcing the user to accept the terms and conditions under duress and is tantamount to unauthorized data theft. While Verizon may, under some circumstances, already have access to some of the data types inherently as they transit the Verizon Wireless data network, there is a reasonable expectation of privacy for some types of data that originate on the device or are loaded directly on the device such as photos and videos or content loaded via Micro-SD card or Wifi.

Verizon should, at the very least, change the default behavior of the Verizon Cloud application to not backup any data to the cloud prior to the user accepting the terms and conditions. Ideally the application would not begin any data backup operation to the cloud until the user has explicitly opted-in to the backup of each data type after accepting the terms and conditions.

 

Originally published 7/27/2014 via G+