Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.

Officially, apps generally interact with Android through software hooks known as APIs, giving the operating system the ability to manage their access. “While the Android APIs are protected by the permission system, the file system often is not,” said Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute. “There are apps that can be denied access to the data, but then they find it in various parts of the file system.”

Facebook's currency Libra faces financial, privacy pushback
June 19, 2019 | Mae Anderson, Frank Bajak, Macy Gordon,Angela Charlton

Still, Facebook is sure to face an onslaught of liability concerns when it comes to anti-money laundering and identity verification, said Nicholas Weaver, a senior researcher at the International Computer Science Institute.

NSA warns Microsoft Windows users of cyber-attack risk
June 5, 2019 | Tara McKelvey, BBC News

The vulnerability in the older versions of Microsoft Windows, wrote the International Computer Science Institute's Nicholas Weaver, means that bad actors could "gain complete control of the remote system".

Startup Cuts Network Clutter With 'Lean NFV'
May 30, 2019 | Mitch Wagner, Light Reading

Nefeli, launched in 2017 with a $10 million series A funding round, is co-founded by company chairman Scott Shenker, who was previously the initial CEO of Nicira, an early software-defined networking company that sold to VMware for $1.26 billion in 2012. Another co-founder is CTO Sylvia Ratnasamy, an associate professor of computer science at the University of California, Berkeley, where her work focuses on the design and implementation of networked systems.

Facebook wants your data: 5 ways to keep it safe
May 17, 2019 | Laura Hautala, CNET

"The funny thing -- well, funny in a perverse way -- is that the truth is a lot scarier than the myth," said Serge Egelman, a privacy researcher at the International Computer Science Institute.

The Improbable Rise of Huawei
March 25, 2019 | Keith Johnson, Elias Groll

To satisfy the demands of law enforcement, telecommunications networks are typically built to enable some type of wiretapping function. Such abilities have in the past been subverted by intelligence agencies to snoop on calls and scoop up data, so using Chinese-designed equipment for such networks practically represents an invitation to Beijing to spy, “since the infrastructure itself is designed to support such meddling,” argued Nicholas Weaver, a senior researcher at the International Computer Science Institute.

The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.

Is Huawei a security threat? Seven experts weigh in​
March 17, 2018 | Colin Lecher and Russell Brandom, The Verge

Nicholas Weaver notes that "Sabotage can be really, really subtle. There are entire contests around how you make sabotage almost undetectable, such as the “underhanded C contest.” It is even more so in hardware. For example, you could sabotage the cryptographic random number generator so that if you knew the secret you could predict it, but if not, you can’t."

Your phone and TV are tracking you, and political campaigns are listening in
February 20, 2019 | Evan Halper, Los Angeles Times

Serge Egelman, research director of the Usable Security & Privacy Group at UC Berkeley’s International Computer Science Institute, said his team can unearth which opaque data brokerages are amassing information, but not which political campaigns or interest groups buy it from them. “There are a lot of industries buying this data for things that most people are not expecting,” Egelman said. Some might be trying to get you to purchase a Volvo, while others aim to manipulate your vote. But none disclose what they know about you and how. “That is the fundamental problem,” Egelman said. “People can’t find that out.”