Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
fs0c131y's profile
Elliot Alderson
Elliot Alderson
Elliot Alderson
@fs0c131y

Tweets

Elliot Alderson

@fs0c131y

French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.

Joined June 2015

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    Elliot Alderson‏ @fs0c131y Jun 12

    The @fingapp is an #android network scanner with network tools including: Wi-Fi scanner, port scanner, DNS lookup, ping and service monitoring. This app has been downloaded more than 10M times. Let me show you how they steal the location of their user without their consentpic.twitter.com/Vzqj2wvbN0

    9:45 AM - 12 Jun 2018
    • 237 Retweets
    • 368 Likes
    • Ramanna Surajit Das Keyur Savaliya Gobi Rajendran Lalit Sahu Lord Mirk Abhishek Sharma Kuldeep Shukla Juan Carlos
    35 replies 237 retweets 368 likes
      1. New conversation
      2. Elliot Alderson‏ @fs0c131y Jun 12

        During the first boot, the app is making a request to http://geoip.fing.io/android.php  With this request, they will retrieve: - city_name_en - country_city - city_geoname - postal_code - country_region - country_name=France - continent_name_en=Europe - latitude - longitude - timezone ...pic.twitter.com/aAuBq4ihbI

        7 replies 20 retweets 59 likes
        Show this thread
      3. Elliot Alderson‏ @fs0c131y Jun 12

        When this request is done: - the app has 0 permission - there is no pop up to ask the consent of the user This is a pure violation of #GDPR. They retrieve the location of the user without his consent cc @CNIL @eugdprcompliant

        2 replies 18 retweets 89 likes
        Show this thread
      4. Elliot Alderson‏ @fs0c131y Jun 12

        .@fingapp: Do you have something to say to justify the fact that you are stealing the location of your users? Do you the penalties for company who are violating #GDPR?

        2 replies 20 retweets 79 likes
        Show this thread
      5. Elliot Alderson‏ @fs0c131y Jun 12

        #Twitter: Feel free to report this app on the @GooglePlay

        5 replies 15 retweets 88 likes
        Show this thread
      6. Elliot Alderson‏ @fs0c131y Jun 12

        Initially, this issue has been found by @crewman976

        2 replies 9 retweets 52 likes
        Show this thread
      7. End of conversation
      1. New conversation
      2. Fing‏ @fingapp Jun 13
        Replying to @fs0c131y

        Hi Elliot! Thank you for reaching out to us with your concern and for allowing us an opportunity to explain how our software works in more detail. Just to warn you, this is going take a few tweets to fit it all on here!

        1 reply 2 retweets 2 likes
      3. Fing‏ @fingapp Jun 13
        Replying to @fingapp @fs0c131y

        The Fing App receives the Public IP address of the originating scanning device from GEOIP, a service that is used by developers worldwide to build their apps and provide their services. This service provides the geolocation of the ISP connection of the user, not their location.

        3 replies 2 retweets 3 likes
      4. Fing‏ @fingapp Jun 13
        Replying to @fingapp @fs0c131y

        In the case of Fing, this information is used to show our users information like their public IP address is, who is their ISP and whether their IP connection is indeed working.

        1 reply 1 retweet 2 likes
      5. Fing‏ @fingapp Jun 13
        Replying to @fingapp @fs0c131y

        The Fing App does not geotag your smartphone, nor do we collect or track your position. Any App incorporating such features should explicitly ask permission for this. Furthermore, we do not need, and do not intend, to collect such information in order to provide our services.

        1 reply 1 retweet 5 likes
      6. Fing‏ @fingapp Jun 13
        Replying to @fingapp @fs0c131y

        We agree completely with you that too many companies have taken advantage of users for their data, which is why we only request information that is relevant to providing our services and do not sell this information on to third parties.

        2 replies 1 retweet 3 likes
      7. Elliot Alderson‏ @fs0c131y Jun 13
        Replying to @fingapp

        Hi @fingapp! UE consider an IP address as a personal data. According to #GDPR, the user have to give his consent to allow you to transfer his personal data. You recognised that you are transferring the IP address of your user without their consent. You are breaking the UE law.

        2 replies 0 retweets 7 likes
      8. Elliot Alderson‏ @fs0c131y Jun 13
        Replying to @fs0c131y @fingapp

        What you are doing is now illegal. End of the story. I will fill a formal complain to the concerned authorities and encourage everybody to do the same.

        2 replies 0 retweets 4 likes
      9. Elliot Alderson‏ @fs0c131y Jun 13
        Replying to @fs0c131y @fingapp

        Instead of trying to downplay your infraction, take down this webpage now and remove this feature from your app. Otherwise, the penalties for your companies will be huge

        1 reply 0 retweets 4 likes
      10. 1 more reply
      1. New conversation
      2. Joel May‏ @JoelAMay Jun 13
        Replying to @fs0c131y @fingapp

        So much misinformation you just posted. Every app that makes a web request can have a silent GeoIP lookup on the server side. This is the server telling your app where it is so you app can operate better. I see no evidence that they store or collect any data.

        5 replies 0 retweets 7 likes
      3. Elliot Alderson‏ @fs0c131y Jun 13
        Replying to @JoelAMay @fingapp

        Every app with Internet permission can do it, yes. However, it doesn't mean they have to. According to UE, the IP address is a personal information so due to GDPR the user must give their consent. This is the law. Before say it's misinformation work your subject boy

        2 replies 4 retweets 37 likes
      4. Joel May‏ @JoelAMay Jun 13
        Replying to @fs0c131y @fingapp

        Are you saying that if an app knows the IP address of the device, it is legally prohibited from using that IP in any way even if it never gets sent to a server?

        2 replies 0 retweets 1 like
      5. Elliot Alderson‏ @fs0c131y Jun 13
        Replying to @JoelAMay @fingapp

        IP address is a personal information. According to GDPR, if your app is distributed in Europe, before sending it to your server you need to have the user consent.

        3 replies 0 retweets 28 likes
      6. Joel May‏ @JoelAMay Jun 13
        Replying to @fs0c131y @fingapp

        It does have consent to send your IP address to the server. And with that logic, every app needs explicit consent before sending any type of web request. Choose a better battle; nearly every web server is logging your IP. Being a GeoIP service doesn't mean it's more dangerous.pic.twitter.com/P7UigqLX3w

        0 replies 1 retweet 2 likes
      7. End of conversation
      1. New conversation
      2. Mark Kosier  ☕️ Coffee Guru‏ @Nerdie_Tech Jun 12
        Replying to @fs0c131y @fingapp

        Is the iOS app ok? Or is it doing bad things also? I personally wouldn’t trust it knowing what the Android app is doing.

        3 replies 0 retweets 0 likes
      3. Elliot Alderson‏ @fs0c131y Jun 12
        Replying to @Nerdie_Tech @fingapp

        I don’t know I didn’t check the iOS app

        1 reply 0 retweets 3 likes
      4. Tweet unavailable
      5. Mark Kosier  ☕️ Coffee Guru‏ @Nerdie_Tech Jun 12
        Replying to @dirtybit1010 @fs0c131y @fingapp

        I emailed them also. Lets see if they respond.

        1 reply 0 retweets 4 likes
      6. Alias Infinitum‏ @AliasInfinitum Jun 13
        Replying to @Nerdie_Tech @dirtybit1010 and

        The iOS app is NOT ok. They still ping home.

        1 reply 0 retweets 0 likes
      7. Alias Infinitum‏ @AliasInfinitum Jun 13
        Replying to @AliasInfinitum @Nerdie_Tech and

        How do I know? I use @The_Pi_Hole to track requests my devices make.

        1 reply 0 retweets 2 likes
      8. Mark Kosier  ☕️ Coffee Guru‏ @Nerdie_Tech Jun 13
        Replying to @AliasInfinitum @dirtybit1010 and

        Do you happen to have any screenshots of the iOS app exhibiting the same behavior?

        1 reply 0 retweets 0 likes
      9. Alias Infinitum‏ @AliasInfinitum Jun 13
        Replying to @Nerdie_Tech @dirtybit1010 and

        Sure. I wasn't seeing it on the query log and so I simply launched the fing app. And there it was!pic.twitter.com/DxLyeIBjac

        2 replies 0 retweets 2 likes
      10. 1 more reply

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2018 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info