Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first.
The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out.
“The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday technical briefing. “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.”
To date, independent investigators have relied on records and often short-lived log files that weren’t meant for forensic use, and Amnesty said surveillance groups have grown increasingly aware of those forensic efforts. Intrusion Logging, a feature of Android Advanced Protection Mode, is designed specifically to keep track of possible intrusions for forensic purposes. It keeps records of security incidents like device unlocking, physical access and spyware installation and removal.
Google’s annual security and privacy update for Android phones mentions the feature and its development with Amnesty International, Reporters Without Borders and others. It also touts new protections against banking scam calls, other features for detecting suspicious activity on Android phones, additional privacy safeguards and more.
The firm has been working on the feature since announcing it last year.
“Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” wrote Eugene Liderman, director of Android security and privacy.
Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks like those from commercial spyware, among them Apple’s Lockdown Mode and Memory Integrity Enforcement and WhatsApp’s Strict Account Settings.
Intrusion Logging “promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists,” said Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, “With Intrusion Logging Google is the first major vendor to proactively address to challenge of detecting advanced attacks on device. By making more consensual forensic data available for researchers, we can make life more difficult for attackers and help civil society seek accountability when their devices are unlawfully targeted by spyware and mobile data extraction tools.”
The feature has some limitations, though, Amnesty said in its technical briefing. It requires Android 16 and is only available for now on Pixel devices; the device has to be linked to a Google account, and the logs may include sensitive information, like browser navigation history, so secure sharing of the logs is important.
The logs may also be deletable by attackers, Ó Cearbhaill told CyberScoop, but he said he understands there are plans to strengthen protections against that in future versions. And lots of attacks would be detectable in the logs where attackers wouldn’t necessarily have the root access needed to try to delete logs, he said.
To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect some kind of security incident, they’ll need to export and share the logs with a forensic analyst.
The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop.
A 19-year-old woman is suing the makers of a dating app, alleging they took a video she posted online, repurposed it without her consent into an advertisement for the app, then used geofencing to target that ad to people in her area.
According to the lawsuit filed Apr. 28 in Tennessee and an interview with her lawyer, the company allegedly used geotargeting to serve the ads on platforms like Snapchat to users near her, including men in her own dormitory.
The allegations, if proven, offer another example of how modern technology has made it easier than ever today for bad actors to imitate, objectify, profit off and harass individuals, often women. Recent laws like the Take It Down Act have focused particularly on the use of AI to create sexualized imagery of their victims. In this case, the lawsuit alleges that Meete used not AI, but simple video editing, a voiceover and geofencing to create the same kind of deception.
On the day of her high school graduation, Kaelyn Lunglhofer posted a brief video to TikTok, wearing an orange outfit and saying a few words to her followers over background music. She went on to attend the University of Tennessee in the fall, where she began building a following as a TikTok influencer.
The complaint alleges that the makers behind the dating app Meete took that video without Lunglhofer’s consent, overlayed it with graphics advertising the app, and added a voiceover to make it appear she was saying “Are you looking for a friend with benefits? This app shows you women around you who are looking for some fun. You can video chat with them.”
Abe Pafford, Lunglhofer’s attorney, told CyberScoop that his client had no idea Meete was using her likeness until a male student in her dormitory told her he had repeatedly seen her in ads for the app on his Snapchat shortly after the two had met.
Pafford called it “implausible” that this was a coincidence, pointing to Meete’s premise of connecting users with nearby women and the precision of geofencing technology. Before filing the case, Pafford’s law firm hired an investigative firm to gather additional evidence.
“I think the idea is they want[ed] viewers of these advertisements – and candidly this is pretty clearly targeted at male viewers – to have their eye caught by someone they may know or recognize or think they may have seen around, and that’s part of what makes it so disturbing,” he said.
Pafford said he believes Lunglhofer is far from the only person whose image Meete has misappropriated, and that most victims likely have no idea it’s happening. Lunglhofer herself only had evidence because the student who told her had saved recordings and screenshots of the ads featuring her video.
“The bottom line is we think there are likely others that have been victimized in a similar way, but finding out who they are and landing on tangible proof of that can be challenging,” he said.
After this story was published, Snap told CyberScoop it is investigating.
“Snap’s advertising policies require that advertisers have all necessary rights to the content in their ads, including the rights to any individuals featured,” Snap spokesperson Ahrim Nam said in an email. “Using someone’s likeness without their consent is a violation of our policies. Upon learning of these allegations, we are actively reviewing the matter and will take appropriate action.”
The lawsuit cites alleged violation of multiple federal and state laws, including the Lanham Act, the primary U.S. law governing trademark rights. The suit also alleges violations of Tennessee state law under the ELVIS Act, which prevents the unauthorized use of image or likeness for artists and musicians, and Tennessee common laws for defamation and right of publicity.
Lunglhofer is seeking $750,000 in punitive damages, as well as any revenue tied to the ads featuring her likeness. Pafford said that the advertisements damaged her online brand and reputation while also putting her at risk of harassment or falsely implying she was endorsing a local dating service and was open to casual hookups.
“It’s really kind of grotesque and it’s also kind of dangerous,” he said. “Someone may not be aware that this is happening and they’re targeted in this way, but you can put people at risk in ways that are really troubling if you stop to think about it.”
The suit names Quantum Communications Development Unlimited, based in the Virgin Islands, as well as Chinese companies Starpool Data Limited and Guangzhou Yuedong Interconnection Technology, as defendants. A judge has ordered representatives from all three to appear for depositions in the United States.
Quantum Communications Development Unlimited has a sparse internet footprint: their website consists of a single page with a message written in broken English and an email address that no longer appears to work. Efforts by CyberScoop to reach the company and other defendants for comment were not successful. The company is listed as Meete’s publisher on Apple’s App Store, where it describes the app as “a space where you can be yourself and meet people” and promises “safety and respect first” — adding that “Meete provides a secure environment where your privacy and safety are our top concerns.”
The description also claims the app adheres to Apple’s safety standards, citing a “Zero-Tolerance Policy regarding objectionable content and abusive behavior.” Listed safeguards include “24/7” manual reviews by moderation teams, instant reporting and blocking of other users, and AI filtering “to detect and prevent harassment before it happens.”
On Meete’s Google Play Store page, user reviews accuse the app of failing to match them to nearby users and being largely populated by bots posing as women to sell in-app currency.
Pafford acknowledged that the defendants being based overseas complicates efforts to hold them accountable under U.S. law, but argued that Meete is clearly designed to operate in the United States. The companies behind the app have filed U.S. patents and trademarks, for their business, and distribute their app through the Apple and Google Play Stores while advertising on major U.S. social media platforms like Snapchat.
Apple and Google did not respond to a request for comment.
You can read the full lawsuit below.
5/05/26: This story was updated to include comment from Snap received after publication.
The post A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory appeared first on CyberScoop.
Congress extended a controversial surveillance law for 45 days on Thursday, hours before its latest expiration following an earlier extension.
The Senate passed — then the House cleared — a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act, which authorizes warrantless surveillance of foreign targets. But those targets are sometimes communicating electronically with Americans, and intelligence officials can search the database using their identifying information, which has long given privacy groups and privacy-minded lawmakers heartburn.
The 45-day reprieve gives lawmakers more time to hammer out a lasting deal, and comes after the leaders of the Senate Intelligence Committee agreed to send a letter to the Director of National Intelligence and attorney general, seeking swift declassification of a letter on a classified ruling from the Foreign Intelligence Surveillance Court.
Sen. Ron Wyden, D-Ore., had sought release of that opinion, and had resisted giving unanimous consent for the latest short-term extension to move forward until Senate Intelligence Chairman Tom Cotton, R-Ark., and top panel Democrat Mark Warner of Virginia agreed to send the letter.
A declassification review was already underway, but the Cotton-Warner letter states that “We expect that this declassification review will be completed and the FISC opinion released publicly within 15 days,” according to Wyden, speaking on the Senate floor.
The March 17 opinion reportedly came with annual recertification of the warrantless surveillance program. The Justice Department is appealing that ruling because it blocked them from using certain tools to analyze communications.
“A few weeks ago, the Foreign Intelligence Surveillance Court found major compliance problems related to the surveillance law known as section 702,” Wyden said earlier this month. “These compliance problems are directly related to Americans’ Constitutional rights.”
Senate Majority Leader John Thune, R-S.D., said the extension will give lawmakers additional room to hold “discussion on reforms.”
The House this week had passed a 3-year reauthorization with some changes to the surveillance program, but key to doing so was leadership’s agreement to attach legislative language on a separate matter that would ban a central bank digital currency. Thune had said that language was going nowhere in the Senate.
On Thursday, the House voted 261-111 to extend the law for 45 days. President Donald Trump has sought a “clean” 18-month reauthorization of the surveillance powers.
The extension continues a perennial ritual for the Hill when it comes to Section 702: A deadline looms, and Congress kicks the can down the road repeatedly.
The post Congress kicks the can down the road on surveillance law (again) appeared first on CyberScoop.
Supreme Court justices lobbed sharp questions at both sides about the constitutionality of geofence warrants during oral arguments Monday in a case that could have broader implications for law enforcement collection of Americans’ data.
Chatrie v. The United States stems from the 2019 conviction of Okello Chatrie in a bank robbery, where authorities obtained location data from Google about people within a specific area at a specific time.
In questioning an attorney for the petitioner, Adam Unikowsky, a number of conservative justices — including Chief Justice John Roberts — asked why the government shouldn’t be allowed to access location data taken from a third party given that Chatrie had “opted-in” to share that data.
“I just don’t agree that one should have to flip off one’s location history as well as other cloud services to avoid government surveillance,” Unikowsky answered, raising whether the government was entitled to getting emails or calendar data that are also stored in the cloud. (Google has since moved location data to users’ individual devices.)
Some liberal justices, too, had skeptical questions for Unikowsky. “This identifies a place, a crime — a limited time frame, but a time frame,” Sonia Sotomayor said, referring to protections from open-ended searches under the Fourth Amendment. “So it’s not a general warrant in this historical sense.” But she also said that because location data follows users everywhere: “When the police are searching or asking for a search result, there’s no way to predict whether they’re going to invade your privacy.”
The line of questioning about how far a government request for bulk data can go continued from both conservative and liberal justices when it was the government’s turn to argue its position. Justices probed skeptically about what made emails or calendar data different, and whether the government could do a physical search of all of the lockers in a storage facility to find one gun they believed might be there.
It was an unusually long session for the Supreme Court, going two hours. A ruling could come in June or July. Predicting how a court will decide based on justices’ questions is famously fraught. Only one justice, Samuel Alito, hinted strongly at how he was likely to decide.
“I’m struggling to understand why we are here in this case, other than the fact that at least four of us voted to take it,” he said. He said he didn’t believe anything new of note could come out of the court based on lower court rulings during questioning of Unikowsky. “We are all free to write law review articles on this fascinating subject, but that seems like that’s what you’re asking for.”
Orin Kerr, a Stanford University law professor who filed a friend of the court brief on the government’s side, said he believed based on the oral arguments that the court will say geofence warrants can be drafted lawfully.
“The Justices seem likely to reject the broader argument Chatrie made about the lawfulness of the warrant,” he wrote on social media. “They’ll probably say the geofence warrants have to be limited in time and space.”
Casey Waughn, a privacy lawyer and senior associate at Armstrong Teasdale, was struck by the absence of a major focus on “third-party doctrine,” under which there’s no reasonable expectation of privacy when citizens give their information to an outside party like a bank.
She also honed in on arguments Unikowsky made.
“His argument really gave two lines to go down for the judges, and one was that you have a property interest in your data on the cloud, and the other was that you have a reasonable expectation of privacy for your data on the cloud,” she told CyberScoop. “And historically, both of those avenues have been grounds on which the Court has found that …issue is protected under the Fourth Amendment, and therefore that the actions constituted a search. So I thought it was interesting that he went and kind of argued both of those lanes.”
Alan Butler, executive director of the Electronic Privacy Information Center that filed a friend of the court brief on the side of the petitioner, said the stakes in the case are high.
“Today’s arguments underscored that the Supreme Court is weighing one of the most consequential privacy questions of the digital age: whether the government can use sweeping location data searches to identify a suspect,” he said in a statement after the arguments. “The Court should hold that the Constitution protects our digital data even when it is stored by an app or cloud provider. The Court should ensure that the highly sensitive records generated by our phones cannot be obtained without particularized suspicion and close judicial oversight.”
The post Supreme Court justices skeptically question both sides in geofence surveillance case appeared first on CyberScoop.
The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum.
Two House votes failed last week to extend the spying powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for 18 months without changes, leading to Congress instead passing a 10-day reauthorization. GOP leaders have been scrambling to find a bill they can pass since with the April 30 deadline approaching.
House Speaker Mike Johnson, R-La., introduced a bill Thursday to extend it for three years, with a section stating that government officials can’t use Section 702 to target Americans. Under Section 702, U.S. spies and law enforcement agencies can warrantlessly search electronic communications of foreign targets. But those targets are sometimes communicating with U.S. persons, and officials can search the communications database using their personal information.
But critics of the latest Johnson proposal say the language about targeting Americans is window dressing.
“On the whole, it is an empty-calories bill and nothing more that does not engage in reform,” Jake Laperruque, deputy director of the center’s security and surveillance project at the Center for Democracy and Technology, said in a call with reporters Friday.
Civil liberties groups have long called for a warrant requirement for U.S. person-based searches.
“It doesn’t require a warrant or any kind of court process for U.S. person searches,” said Kia Hamadanchy, senior policy counsel for the American Civil Liberties Union’s political advocacy division. “The main reform just restates existing law… . It’s also completely irrelevant to the issue at hand, because backdoor searches have never been the product of the government intentionally targeting U.S. persons under 702. The problem is that they are incidentally collecting U.S. person communications and searching the communications of Americans.”
Gene Schaerr, general counsel of the conservative Project for Privacy and Surveillance Accountability, called the proposal “smoke and mirrors.”
The legislation did win over at least one key lawmaker, however: Rep. Warren Davidson, who had earlier introduced an amendment to attach a ban on the government buying American’s information from third-party data brokers, and who was a chief co-sponsor of legislation requiring a warrant for U.S. person searches under Section 702.
“Collectively, this set of reforms provides robust privacy protections for American citizens. Congress should bank this win and reauthorize Section 702,” Davidson said on X. “Then, we should swiftly begin gutting the unmitigated surveillance state left growing unchecked during these 702 fights.”
But it doesn’t look like it has yet won over enough conservative House Freedom Caucus members, and few Democrats have been on board with Johnson’s plans.
Rep. Ted Lieu, D-Calif., indicated on X in harsh terms that he doesn’t trust FBI Director Kash Patel with current Section 702 powers.
The post Latest spy power reauthorization bill leaves critics unimpressed appeared first on CyberScoop.
Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack traffic to mobile operator signalling infrastructure.”
The two unknown parties behind the campaigns mimicked the identities of mobile phone operators with customized surveillance tools, and manipulated signaling protocols and steered traffic through network pathways to hide, according to research from the University of Toronto’s Citizen Lab.
“Our findings highlight a systemic issue at the core of global telecommunications: operator infrastructure designed to enable seamless international connectivity is being leveraged to support covert surveillance operations that are difficult to monitor, attribute, and regulate,” a report published Thursday reads.
“Despite repeated public reporting, this activity continues unabated and without consequence,” Gary Miller and Swantje Lange wrote for Citizen Lab. “The continued use of mobile networks, built on a close inter-operator trust model and relied upon by users worldwide, raises broader questions for national regulators, policymakers, and the telecom industry about accountability, oversight, and global security.”
The attackers relied on identifiers and infrastructure associated with operators around the world, including networks based in Cambodia, China, the self-governing Island of Jersey, Israel, Italy, Lesotho, Liechtenstein, Morocco, Mozambique, Namibia, Poland, Rwanda, Sweden, Switzerland, Thailand, Uganda and the United Kingdom.
They shifted between SS7 and Diameter protocols, the signalling protocols known for 3G and 4G/most of 5G, respectively, according to the report. While Diameter was meant to be more secure than SS7, the Federal Communications Commission in 2024 opened a probe into both its vulnerabilities and SS7’s, and Sen. Ron Wyden, D-Ore., has asked for a Cybersecurity and Information Security Agency report about telecommunications vulnerabilities rooted in both protocols.
But identifying the vendors used in the two surveillance campaigns, or who was behind them, was beyond the researchers’ reach.
“The reality is that there are a number of known surveillance vendors and bad actors in this space, but given the opaque nature of telecommunications signalling protocols, those vendors are able to operate without revealing exactly who they really are,” Ron Deibert, director of Citizen Lab, wrote in his newsletter. “Much of the malicious things they are doing blend into the otherwise voluminous flow of billions of normal messages and roaming signals. They are ‘ghost operators’ within the global telecom ecosystem.”
One of the operators mentioned in Citizen Lab’s report, Israel-based 019 Mobile, wrote back that it didn’t recognize the hostnames referenced in the report as 019 Mobile’s network nodes, and couldn’t attribute the signaling activity it represents to 019 Mobile-operated infrastructure.
Another operator, Sure, said it has taken preventative measures to defend against misuse.
“Sure acknowledges that digital services can be misused, which is why we take a number of
steps to mitigate this risk,” CEO Alistair Beak said in a statement to CyberScoop. “Sure has implemented several protective measures to prevent the misuse of signalling services, including monitoring and blocking inappropriate signalling. Any evidence or valid complaint relating to the misuse of Sure’s network results in the service being immediately suspended and, where malicious or inappropriate activity is confirmed following investigation, permanently terminated.”
019 Mobile and a third operator, Tango Networks UK, didn’t respond to requests for comment from CyberScoop. The Citizen Lab report afforded some grace to the operators.
“It is important to note that the operator signalling addresses observed in the attacks do not necessarily imply direct operator involvement,” it states. “In some cases, access to the signalling ecosystem can be obtained through third-party providers, commercial leasing arrangements, or other intermediary services that allow actors to send messages using operator identifiers from legitimate networks.”
Updated 4/24/26: to include quote from Alistair Beak.
The post Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities appeared first on CyberScoop.
Login