Phantom Mobile Threats

How secure is your mobile phone?

This is an old bugaboo that folks who sell antivirus software have tried to get us scared about. But the truth is that for the past decade there’s really not much to lose sleep over.

That hasn’t stopped people getting freaked out about it.

A security conference heard that some downloadable applications to phones running the Android operating system would “collect a user’s browsing history, their text messages, the phone’s SIM card number and subscriber identification” and send all this data to a website owned by someone in Shenzhen, China. Some outlets reported that it also transmitted the user’s passwords to their voicemail.

About 700 outlets covered the story, including mainstream publications like the Telegraph and Fortune magazine: “Is your smart phone spying on you?” asked one TV station’s website.

Scary stuff.

Only it isn’t true. It’s not clear who misreported all this—the journalists and others covering the event, or the company releasing the fruits of their research, but it gradually emerged that the applications—downloadable wallpapers—only transmitted a portion of this data. (See a corrected version of a story here.)

Indeed, the whole thing got less suspicious the more you dig.

This is what the developer told me in a text interview earlier today: “The app [recorded’] the phone number [because] Some people complained that when they change the[ir] phone, they will lose the[ir] favorite [settings]. So I [store] the phone number and subscriber ID to try to make sure that when [they] changed the phone, they have the same favorites.”

Needless to say the developer, based in Shenzhen, is somewhat miffed that no one tried to contact him before making the report public; nor had any of the 700 or so outlets that wrote about his applications tried to contact him before writing their stories.

“I am just an Android developer,” he said. “I love wallpapers and I use different wallpaper every day. All I want is to make the greatest Android apps.”

Now of course he could be lying through his teeth, but I see no evidence in the Lookout report or anything that has appeared subsequently that seems to suggest the developer has done anything underhand. (The developer shared with me some screenshots of his app’s download page which show that they do not request permission to access text message content, nor of browsing history.)

In fact, he seemed to be doing a pretty good job: His apps had been downloaded several million times. He declined to give his name, but acknowledged that he was behind both apps provided under the name Jackeey, and under the name iceskysl@1sters!

Not much longer. One website quoted Lookout as saying “We’ve been working with Google to investigate these apps and they’re on top of it.” They have: Google has now removed the apps from their site. So I guess Jackeey, as he asked me to call him, is going to have to look for other ways to spend his time. (He told me that Lookout had contacted him by email but not, apparently, before going public.) 

Seems a shame. Obviously, there is a mobile threat out there, but I’m not sure this is the way to go about addressing it. And I don’t think a guy in Shenzhen doing wallpaper apps is, frankly, worth so much hysterical column ink.

Let’s keep some perspective guys, and not embark on a witch-hunt without some forethought.

Lookout has since been backtracking a bit from its original dramatic findings. “While this sort of data collection from a wallpaper application is certainly suspicious,” it says on its blog, “there’s no evidence of malicious behavior.”

Suspicious? We seem very quick to attribute suspicious behavior to someone we don’t know much about, in some scary far-off place, but less to those we do closer to home: Lookout’s main business, after all, is prominently displayed on their homepage: an application to, in its words, “protect yourself from mobile viruses and malware. Stop hackers in their tracks.”

Conflict of interest, anyone?

Podcast: Hotel Service

The BBC World Service Business Daily version of my column on Hotel Serice  (The Business Daily podcast is here.)

Loose Wireless 100728

To listen to Business Daily on the radio, tune into BBC World Service at the following times, or click here.

Australasia: Mon-Fri 0141*, 0741 
East Asia: Mon-Fri 0041, 1441 
South Asia: Tue-Fri 0141*, Mon-Fri 0741 
East Africa: Mon-Fri 1941 
West Africa: Mon-Fri 1541* 
Middle East: Mon-Fri 0141*, 1141* 
Europe: Mon-Fri 0741, 2132 
Americas: Tue-Fri 0141*, Mon-Fri 0741, 1041, 2132

Thanks to the BBC for allowing me to reproduce it as a podcast.

The Dangers of Faking It

(my weekly column, syndicated to newspapers)

By Jeremy Wagstaff

A 40-ton whale jumped out of the water and crash-landed onto a sailboat the other day. The moment was caught on camera by a tourist, the whale suspended a few meters above the boat before it smashes into mast and deck, leaving behind a mass of barnacle and blubber.

Amazing stuff. So the first question from a TV interviewer to the survivors of this close encounter between man and mammal? “Was this picture Photoshopped?”

Sad, but I have to admit it was my first question too.

Photoshopping—the art of digitally manipulating a photo—has become so commonplace that it probably should be the first question we ask when we see a photo.

After all, it’s understood that every photo in every fashion magazine in the world is Photoshopped—a wrinkle unwrinkled here, eye unbagged there, an inch lost or gained below and above the midriff. We assume, when we look at a flattering photo of a celebrity that it was Photoshopped first (apparently every celebrity has a Photoshopper to do just this.)

But what of news photos? How do we feel about manipulation then?

Take the latest hoo-ha over some BP photos. Turns out that some photos on its website were tweaked to make BP look a bit more on-the-ball about monitoring the Gulf oil spill than it really was. Blank screens at its Houston command center were filled with images copied from other screens, prompting a search of BP’s website for other altered photos.

Another photo showed a helicopter apparently approaching the site of the spill. Upon closer inspection the helicopter was actually on the deck of an aircraft carrier. One can only guess why BP thought it necessary to make the chopper look as if it was flying.

BP, to its credit, has come clean and posted all the photos to a Flickr page “for the sake of transparency.”

But of course, it’s not enough. First off, the explanation is weasel-like: it places the blame on a “contract photographer” and writes vaguely of incidents where “cut-and-paste was also used in the photo-editing process.” It promises to instruct the photographer not to do it again and “to adhere to standard photo journalistic best practices.”

Well, yes and no. I’m willing to bet that a contract photographer did not make these kinds of decisions alone. And to suggest that a photographer contracted by BP to make photos for BP is somehow being asked to perform as a photo journalist is disingenuous.

I’m guessing, for example, that if the contract photographer had snapped some images of dying pelicans or oil-heavy beaches they wouldn’t be posted to the BP website “to adhere to standard photo journalistic best practices.” (In fact it’s quite fun to browse their photo gallery and look at how carefully the photos have been collected and presented. Compare them with others on Flickr, the titles of which sound unfortunately like items on a menu: “Hermit Crabs In BP Oil,” for example.)

Of course, no one expects BP to publish anything that may undermine its position. The problem lies with the fact that someone, somewhere in BP thought it worth tampering with what it did publish to improve its position.

Some have argued, so what? They fiddled with a couple of photos to make themselves seem a bit more industrious than they really were. So what?

Well, I would have thought it obvious, but the fact that people have argued this suggests it requires an answer. First off, it was bloggers who exposed the fraud. Hats off to them. A sign that crowd-sourcing this kind of thing works.

Secondly, while in itself more pathetic than malign, the manipulation proves that manipulation happens. We (well, not we journalists, but we bloggers) checked, and found the photos were faked. What else has BP faked?

Suggesting it’s the work of some rogue contract photographer doesn’t cut it. If BP’s PR crew knew what they were doing, and held themselves to “stand photo journalistic best practices, ” they would have spotted the amateurish Photoshopping and taken action.

Instead they didn’t spot it, or spotted it and didn’t care, or they actually commissioned it. Or did it themselves. Whatever, they didn’t come clean, so to speak, until they’d been had, and then wheeled out the “transparency defense”—a tad too late, I fear, to convince anyone that that’s where their instincts lay.

Photos, you see, are pretty strong stuff.

Since their invention we have granted them special powers. Photographs preserve information and speak to us in a way that words do not—and, perhaps, video. Think of all those photos that have captured not only a moment but a slice of history: 9/11, the Vietnam War, the Spanish Civil War.

The problem is that we’re gradually waking up to the fact that photographs lie. It’s an odd process, this learning about the power of misrepresentation. It’s part technology, part distance, part a growing understanding that we have ascribed photos a power and finality they don’t deserve.

Let me put it more simply through an example: Robert Capa’s famous 1936 photo of the Falling Soldier. This one photo seemed to sum up not only the Spanish Civil War, but war itself. Only, it’s now widely believed the photo was staged, that Capa may have asked the soldier to fake his death. Does it matter?

Capa’s biographer Richard Whelan argues it doesn’t, that “the picture’s greatness actually lies in its symbolic implications, not in its literal accuracy.”

This, is, of course, incorrect. Its symbolic implications lie in its accuracy.

And, of course, this is the problem. We need our photos to say something, to express a view that supplements, that goes beyond, the text that might accompany them, the truth that we need to have illustrated for us. And that’s where the problem begins.

Capa may not have intended his photo to be quite so iconic. After all, he took a bunch of photos that day, most of them unremarkable. An editor decided this was one of those he would publish.

Photographers are now aware they get one shot. So they’re pushed to capture more and more in the frame—more, perhaps, than was ever there. And, it turns out, have been doing so for as long as there have been cameras. One of the first war photographs, of the Crimean War’s Valley of the Shadow of Death by Roger Fenton in 1855, was staged—by physically moving cannonballs to the middle of the road.

Nowadays the cannonballs could have been moved more easily: by Photoshop. A mouse click can add smoke to burning buildings in the Lebanon, to thicken a crowd, darken OJ Simpson’s face, or, in the case of Xinhua photographer Liu Weiqing, add antelope to a photo of a high-speed train.

Just as digitizing makes all this easier, so it makes it easier to spot errors. The problem is that we don’t have time to do this, meaning that it falls to bloggers and others online to do the work for us.

But it’s not as easy as it may look with hindsight, and the fact that we create a distinction between images we expect to be faked—fashion, celebrity, sex—and those we don’t—news, suggests that we either have to get a lot better at spotting fakery or we need to insist that photos contain some watermark to prove they are what they’re purporting to be.

The bottom line is that it’s probably a good thing that the first question we ask of a photo is whether it’s fake. Turns out that we should have been asking that question a long time ago.

But there’s another possibility: that there may come a point where we just don’t trust photos anymore. It’s probably up to us journalists to find a way to stop that from happening.

Media’s Future: Retail

(This is a copy of my weekly newspaper column, distributed by Loose Wire Service)

By Jeremy Wagstaff

As you no doubt know, Rupert Murdoch has decided to put up a front door on the The Times’ website, demanding a modest toll for reading the online content.

Needless to say this has prompted laughter among those who think that content should be free. This is silly: Someone needs to pay for this stuff at some point. And no one else has any better ideas right now, so good luck to them, I say.

Though I would counsel them to be smarter about the way they make folk pay. Demanding a credit card in the age of PayPal, as well as lots of other personal data is old wave. If you want to make light of the pay wall, make scaling it easy and simple.

(Disclosure: I worked, and occasionally work, for another Murdoch company, The Wall Street Journal.)

But what disappoints me elsewhere is the limited range of options being discussed. For most the question is: how do I charge for what we do? This is not the right question—or at least not the only question.

Think about it. We’re in the midst of some of the most exciting viral experiments in the history of the world. Twitter, Facebook, Ning, flickr are all evidence of the extraordinary effects  of high viral coefficients—in other words, the ability to expand users exponentially.

Now we know all about this, especially those loyal readers of this humble column.

But news organizations seem to ignore it.

They have readers. Lots of them. But the only thing that they can think of using that network for is to give them ads, or make ‘em pay.

A better question, then, is to ask: How can we make use of this network?

Well, one way to would be to sell them stuff.

Some news websites do this. The UK’s Guardian website offers books, CDs, gardening tools and holidays to its readers. Not that you’d necessarily know this to look at the website. The “readers offers” link is buried way down on the right hand side of the home page.

image

In fact, I was surprised to find that the Guardian has a dozen self-contained mini websites, called verticals, that try to sell their readers stuff. From mortgages to hand trowels.

But I’m guessing this isn’t making a huge dent in the losses the company has been suffering. I couldn’t find anything in their annual report mentioning any of these websites or their contribution to the bottom line. (My apologies if I missed it.)

To me this is an opportunity lost.

Not least because the Guardian, as many English-language newspapers, are developing huge markets overseas. Of the main British newspapers, for example, more than half their traffic comes from overseas, according to Alexa data. For the Guardian, Telegraph, Times and Independent, a whopping two thirds of their readers are outside the UK.

The Guardian website has a quarter its readers from the U.S. For the Times it’s more than 30%. Even the Daily Mail, not known for its global view, has more than a third of its readers in the U.S.

These foreign-based readers are huge opportunities missed. Not for advertising, but for selling them stuff. After all, if people go there to read stuff, wouldn’t they also be interested in buying stuff?

There are signs that this is the case. The Guardian Bookshop, for example, delivers all over the world, and has more traffic from outside the UK (55%) than from within it, with the United States accounting for 17% of visitors.

But the actual volume of traffic is still tiny for these verticals, suggesting that they’re not really part of the Guardian vision of its future. Still, at least it’s trying. I couldn’t much except wine for sale on the Times’ homepage, and nothing on the Daily Mail’s.

To me it’s obvious that if you’ve got an audience you try to sell them stuff. Especially if you’re not charging them for what they are there to see. And ads aren’t filling the coffers. So somehow you’ve got to sell them something else. And if your audience is overseas then that’s a clue about what they might not be able to get where they’re accessing your site from.

Books is an obvious one. Food is another. More than 10% of Brits live overseas, so it’s fair to assume that a fair few of them miss their PG Tips and bangers. Indeed, there are dozens of websites catering to just that.

But of course it’s expensive. At one website I visited $20 worth of chutney will cost you $60 to ship to Singapore, for example. And many won’t ship to far-flung places that aren’t the U.S.

Which is where we come back to the network thing. Newspapers still don’t really understand that they have a readymade community in front of them—defined by what they want to read. So while I may not be willing to pay twice again to ship the chutney, I might be willing to split the shipping cost with others living nearby.

But whereas I may not be willing to take that risk with people I’ve met on eBay or a porn site, I might be more inclined to do so if they’re the kind of people who read the same paper as I. So it’s both common sense and good business sense for The Guardian, say, to leverage its existing network of readers and to use the data it has to make it easy for that community to make those kinds of connections.

The readers get their chutney at a reasonable cost, the paper gets a cut of the sale.

In short, a newspaper needs to think of itself as a shop. You may go in for one thing, but you may come out having bought something else. Indeed, online shops have already figured this out.

Take Net-a-porter for example. It’s a fashion clothing e-tailer, run by a woman who was a journalist and who wanted to be a magazine editor. Instead Natalie Massenet set up an online shop, but which is also a magazine.

A recent article (in The Guardian, ironically) quotes her as saying: “I hadn’t walked away from being editor-in-chief of a magazine – I’d just created a magazine for the 21st century instead, a hybrid between a store and a magazine that was delivered digitally.”

In other words, Net-a-porter goes at it the other way round: It’s a retailer that also informs. Newspapers could be informers who also retail. Of course fashion is relatively easy, and the road is littered with possible conflicts of interest. But probably fewer than the sponsored editorials we’re starting to see even among serious broadsheets.

There’s nothing wrong with trying to sell your readers something, if you feel that something reflects your brand and your commitment to quality. Indeed, your readers may thank you for it. The power of the network, after all, isn’t just about size: It’s about trust.

Google and Penguin: Bookending a Revolution

By Jeremy Wagstaff

(my syndicated Loose Wire column.)

As I write this two significant events are taking place: Google has said it will tie up with the American Booksellers Association—the U.S. trade group for independent bookstores—to sell ebooks.

And there’s a conference in Bristol celebrating 75 years of the Penguin paperback.

Both are milestones. And both carry with them great innovation in the book industry, though one sees the future and one doesn’t.

Penguin was set up by a guy called Allen Lane in 1935 because he couldn’t find something decent and cheap to read on the train. So he came up with idea of a paperback book—which had been around, but only for trashy fiction, not serious stuff.

He gave them good covers and made them dirt cheap. And sold them by the truckload. Some of them he sold in a dispensing machine in the Charing Cross Road they called the Penguincubator.

Lane died in 1970, not quite sure what he’d created. On the one hand he’d brought reading to the masses—converting, as he put it, book-borrowers into to book-buyers—but he wasn’t overly excited by the kinds of thing these people wanted to read.

So I’m probably wrong, but if he was around today, I’d like to think he would have seen the future and turned all his stock into ebooks.

Now don’t get me wrong. Part of me doesn’t like this. I worked in bookshops for three years of my life and, frankly, unless I was working for the Peak District Promotion Board I couldn’t think of a better job.

But let’s face it, books are dead. They’re a great technology, and will always be a great technology, and we’re not getting rid of them because they don’t work. We need to get rid of them because they don’t fit this new digital world.

I realized this when I went to visit a guy running a second-hand book business in rural England a few years ago. He was working out of an old electricity sub-station and I’d never come across someone so surrounded by books and yet so miserable.

The substation had two rooms. One had shelves to the roof, laden with books. The other was just a mountain of discarded paperbacks—a tip for all the books he knew he’d never sell. “My job,” he said mournfully, “is to move the books from the shelf room to the tip room.”

Some books were sometimes worth something, but if their price went up on Amazon or some secondhand book website, quickly people would find copies in their attic and the price would plummet again. His business, in a word, was dead.

The truth is that we don’t really know what to do with our books. We love to have them around us, and we probably love to wander around second-hand bookshops, but they’re out of place in this digital age, where all the wisdom of the world is a 22 millisecond search away.

What is the point of wandering around Haye-on-Wye looking for a particular tome when we could find the same thing online and download it to our Kindle in a matter of seconds?

Yes, I know, there’s the thrill of the chase. The joy of being among books, their aroma, of feeling their pages crinkle and crisp in our hands. Of its solid comfort as we hold it under our arm or slip it in coat pocket.

But we can’t afford to indulge ourselves anymore. Books are eating up trees, eating up space, and, most importantly, holding back what Allen Lane might have identified as the logical next step in his revolution: making books available to all.

Books, basically, have to be decoupled from this romantic world and plonked into the digital world of knowledge, of accessible information, of blogs, twitter, Facebook and YouTube.

Now we expect our information to be cheap, if not free, and at a finger-tip’s touch. In short, books need to be released from their paper past and converted into something cheap and movable. Into things we can read on trains, on planes, in bed, waiting for friends. Into ebooks.

And this is where Google comes in. If it does it right, it will make Kindles—where you can only read books you bought on Amazon—or iPads—where you can only read books you bought on Apple as absurd as they already sound to my ears.

Google will, I hope, allow you to buy any book you want from any online bookseller you want and read it on any kind of device you want. They’ll give us the same freedom Allen Lane gave our forebears back in 1935.

I hope it ushers in a world where we still peruse physical books in stores, but then we buy a coffee in the bookshop cafe and download the book, all paid on the same bill. The books on the shelves are there just to help us choose.

And, if Allen Lane were on that Exeter station without something decent to read, he could get his books over the air. At a decent price.

It’s not as romantic as the past. But then we’re not in Pride and Prejudice anymore. We’re in a world of digits.

Maybe Mr. Lane wouldn’t have approved of what we were reading, but I’m sure he’d approve of how.

Using LinkedIn to Research Spies Like Us

image

Several of the 11 alleged Russian spies leave interesting imprints on LinkedIn, suggesting rewarding pickings for journalists.

Donald Heathfield, for example, had 74 connections.

His specialities sound like they could equally applied to espionage:

Comprehensive management of Risks and Uncertainties, Anticipatory Leadership, Building of Future Scenarios, Development and Execution of Future Strategies, Capture of Strategic Opportunities, Global Account Management

Amusing to hear the recommendations:

“Refreshing to work with him as he puts complexe initiatives together that always fits with the end goal that was laid out as our objective.” November 3, 2008

Gerard Bridi, President, Accor Services WiredCommute
was with another company when working with Don at Future Map

“Working with Don is very enjoyable. He has a pleasant style, whilst always acting professionally. Very results and solutions focused. He does not get flustered when problems occur, patiently facilitating teams to craft a way through to their end goal.” November 2, 2008

Top qualities: Great Results, Personable, Expert

image

Tracey Foley (Ann Foley), Heathfield’s wife, doesn’t have so many connections (20) but she’s a member of many groups—including four French related one and a Singapore group one. We know that Heathfield had connections in Singapore and Jakarta. Something to explore there?

Michael Zottoli appears to have a LinkedIn account, but only 10 connections and hasn’t updated it since his move from Seattle to Virginia. Patricia Mills, his wife, doesn’t seem to have a LinkedIn account.

Mikhail Semenko had 124 connections, a twitter account (10 followers, 3 tweets) and a blog about China (one post talks about the need for greater Russia China cooperation).

Richard/Cynthia Murphy NJ. Cynthia has 98 connections on LinkedIn and is a member of three groups. Christopher Metsos has no LinkedIn page that I could find.

Anna Chapman’s public profile seems to have been removed. But her main profile is still active, (you can also find it here.) and indeed, her company, PropertyFinder Ltd, has a similar name to Ann Foley’s public LinkedIn profile page: homefinder. A link there, maybe?

Her twitter feed stops abruptly on June 26 at 4.46 am (and yet wasn’t arrested until June 28. I guess she took the weekend off.) She was following a lot more people than were following her (687 vs 277, but she was really only just getting going: After tweeting first on March 13, she didn’t do much until June 16, after which she was tweeting every few hours. Could something have prompted her into more frequent updates?)

She also has a number of recommendations, from Said Abdullaev, a VP of Moscow-based Fortis Investments, who offered this:

“Anna’s entrepreneurial flair does not cease to amaze me, she sees opportunities in places were most would not think to look, and she makes them work.” November 24, 2009

Why Google Needs China?

Playing with the AdMob data on iPhone and Android devices—which is a bit old now, the U.S., a much bigger iPhone/Android market than the rest of the world, reflects the worldwide distribution of iPhone vs Android devices (the blue is iPhone):

image

The pattern seems to be mirrored elsewhere, but not evenly. In Australia, particularly, there seems little room for Android right now. Look at China, though: Almost as many Android devices as there are iPhones:

image

Ironic, really, that Google is so dependent on China to make headway with its phone OS. The third tier of countries follow a similar distribution:

image