{"id":85793,"date":"2020-10-09T16:11:14","date_gmt":"2020-10-09T13:11:14","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/private-apps-shared-on-the-fitbit-gallery-arent-scanned-for-malicious-code-review-geek\/"},"modified":"2020-10-09T16:11:14","modified_gmt":"2020-10-09T13:11:14","slug":"private-apps-shared-on-the-fitbit-gallery-arent-scanned-for-malicious-code-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/private-apps-shared-on-the-fitbit-gallery-arent-scanned-for-malicious-code-review-geek\/","title":{"rendered":"#Private Apps Shared on the Fitbit Gallery Aren\u2019t Scanned for Malicious Code \u2013 Review Geek"},"content":{"rendered":"<p><strong>&#8220;#Private <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>s Shared on the Fitbit Gallery Aren\u2019t Scanned for Malicious Code \u2013 Review Geek&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-56632\" src=\"https:\/\/www.reviewgeek.com\/thumbcache\/0\/0\/6fcdeea701eb93b501c1354a13ee69c8\/p\/uploads\/2020\/10\/x9eb60bc8.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.-hzRQ9muim.jpg\" alt=\"\" width=\"1920\" height=\"1080\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>The <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/gallery.fitbit.com\/\">Fitbit Gallery<\/a> is a one-stop shop for approved Fitbit apps, like <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/gallery.fitbit.com\/details\/dc411695-8f1e-4643-9881-b19d053fbc33\">Spotify<\/a> or <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/gallery.fitbit.com\/details\/00001401-0000-4000-8000-000000f17b17\">Starbucks Card<\/a>. And while Fitbit manually scans all published Gallery apps for malware, shareable \u201cprivate\u201d apps don\u2019t get the same treatment. If someone emails you a download link for a Fitbit app, ignore it!<\/p>\n<p>Fitbit lets developers upload \u201cprivate\u201d apps to the Gallery to aide in testing. Unfortunately, anyone with a download link can install a private app. Bad actors can share a private download link <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fitbit-gallery-can-be-used-to-distribute-malicious-apps\/\">to spread data-collecting malware<\/a>, a threat identified by Kevin Breen and publicized by <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fitbit-gallery-can-be-used-to-distribute-malicious-apps\/\">BleepingComputer<\/a>.<\/p>\n<p>Kevin Breen, threat research director at <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.immersivelabs.com\/\">Immersive Labs<\/a>, successfully uploaded a malicious private app to the Gallery and used it to steal GPS location, heart rate, height, and age data from test devices. On Android, the malicious app could also read any calendars connected to the Fitbit. Breen could even configure the app to scan and access network tools like routers and firewalls, thanks to the Fitbit fetch API.<\/p>\n<p>Thankfully, Kevin Breen submitted his research to the Fitbit company, which responded by adding warnings to private app downloads. Fitbit also plans to opt-out private app permissions by default, giving users the choice to manually provide access to their age, contacts, and other information. As always, Fitbit scans Gallery apps for malicious code before they\u2019re published to the public Gallery page.<\/p>\n<p><small>Source: Kevin Breen via <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fitbit-gallery-can-be-used-to-distribute-malicious-apps\/\">BleepingComputer<\/a><\/small>\n<\/div>\n<p><script>setTimeout(function(){!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,'script','https:\/\/connect.facebook.net\/en_US\/fbevents.js');fbq('init','1137093656460433');fbq('track','PageView');},3000);<\/script><\/p>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/56613\/private-apps-shared-on-the-fitbit-gallery-arent-scanned-for-malicious-code\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Private Apps Shared on the Fitbit Gallery Aren\u2019t Scanned for Malicious Code \u2013 Review Geek&#8221; The Fitbit Gallery is a one-stop shop for approved Fitbit apps, like Spotify or Starbucks Card. And while Fitbit manually scans all published Gallery apps for malware, shareable \u201cprivate\u201d apps don\u2019t get the same treatment. If someone emails you a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":85794,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2020\/10\/9eb60bc8.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-85793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/85793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=85793"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/85793\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/85794"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=85793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=85793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=85793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}