bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

urlAlias

moreOnThisArticles

sponsorType

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Rachel Blundy

Hong Kong’s leader Leung Chun-ying and the city’s No 2 official Carrie Lam Cheng Yuet-ngor are among billions who had their mobile phone numbers leaked by smartphone security apps.
The pair were revealed to be victims of leaks by apps CM Security, Truecaller and Sync.ME, which offer users protection against unwanted incoming calls.
The free apps, which can be downloaded for both Android and iOS devices, have been collating users’ phone address books into a publicly available online database, an investigation by Hong Kong-based news agency Factwire has found.

Other victims included Legislative Council president Andrew Leung Kwan-yuen, former police commissioner Tang King-shing, film director Alfred Cheung Kin-ting, actress Liza Wang Ming-chun and television host Natalis Chan Pak-cheung.
Contact details for more than 60 out of 70 sitting lawmakers were available across CM Security and Truecaller, Factwire found.
Hong Kong’s data privacy pioneer lowers his guard
Users of the apps can trace the names of billions of number holders by inputting their digits into a “reverse look-up feature”. But searching for a contact simply by inputting their name does not tend to produce the relevant contact number. Users agree to share their phone address book with the app companies when they download their products.
They can upgrade their accounts for a fee in order to access more information, but it is not apparent what specific extra details this entitles them to.

Stuart Hargreaves, assistant professor at Chinese University’s faculty of law, said he thought the apps violated two privacy protection laws included in Hong Kong’s Personal Data Privacy Ordinance.
He said it was unlikely users would seek permission from every individual in their phone book before agreeing to share their contact details.
“Not only is this problematic because these privacy policies are the kind of ‘click-wrap’ agreements that people tend to simply click ‘accept’ to rather than actually reading and understanding, given that users often have hundreds or even thousands of contacts in their mobile phone contact lists, it is improbable they would take the time to obtain such consent,” he said.
California Fitness rapped by privacy watchdog over data use
“The apps don’t even seem to contemplate this individualised seeking of consent actually happening, since a user cannot selectively upload parts of their contact list – it’s all or nothing,” Hargreaves said.
Ki Choy, spokesman for campaigners the Progressive Lawyers Group, said those seeking legal compensation over the leaks might face problems.
“It would be difficult to make a civil complaint against a friend, as you don’t know who has shared your details, and it would be difficult to assess the damage caused by that breach of trust,” he said.
The CM Security app is advertised online as “the most trusted and top-rated free anti-virus, mobile security and anti-theft app”.
Sync.ME chief executive and co-founder Ken Vinner told Factwire that all the app’s data was “publicly available”.
Privacy Commissioner Stephen Wong Kai-yi said he was very concerned and asked the public to delete the concerned data.


CY Leung’s mobile phone number among billions ‘leaked’ by smartphone security apps

Chief Executive Leung Chun-ying takes some pictures on his phone at the graduation ceremony for military summer camp for HK youth in San Wai Barracks in Fanling.Photo: David Wong

epa05623382 Carrie Lam, Chief Secretary for Administration, attends a special House Committee at the Legislative Council in Hong Kong, China, 09 November 2016. The special House Committee held a session about the interpretation of Article 104 of the Basic Law of the Hong Kong Special Administrative Region of the People's Republic of China by the Standing Committee of the National People's Congress. The interpretation allowed for the disqualification and stripping of duties of two young pro-independence lawmakers, Leung Chung-hang and Yau Wai-ching. The Chinese government's interpretation, which is also retroactive, states that Hong Kong Legislative Councilors have only one chance to swear in their oaths, and that it must be done solemnly, despite ongoing High Court action in Hong Kong which may have ruled otherwise. EPA/JEROME FAVRE

No Caption Available.

News

Hong Kong

Education

Firms offering protection against unwanted calls said to have publicly disclosed details in database


CY Leung’s mobile phone number among billions ‘leaked’ by smartphone security apps

.css-1c6uqr6{color:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;line-height:inherit;overflow-wrap:break-word;}Firms offering protection against unwanted calls said to have publicly disclosed details in database

Firms offering protection against unwanted calls said to have publicly disclosed details in database