![\"beetv-warning\"](\"https:\/\/torrentfreak.com\/images\/beetv-warning.png.webp)
<\/picture><\/center> <\/p>\nWhile the message is clear, Amazon\u2019s alleged crackdown is accompanied by a convenient one-click circumvention option. This is not exactly as some have advertised, and it may, or may not, be the start of a tapered approach..<\/p>\n
For some, that\u2019s still enough to arouse scattered suspicions that \u2018Launch Anyway\u2019 could lead to being flagged by the authorities or reported to anti-piracy groups. Theoretical consequences such as these do give some people pause for thought, but overall deterrent value seems limited, as the disguised Reddit thread below suggests.<\/p>\n
<\/p>\n
![\"reddit\"](\"https:\/\/torrentfreak.com\/images\/reddit.png.webp\")
<\/picture><\/center> <\/p>\nSo does nothing happen, or does nothing appear to happen?<\/p>\n
Something Happens: Free Movies & TV Shows plus Bonus Extras<\/h2>\n
The most popular BeeTV variants appear to be at versions 4.4.4 to 4.4.7, with various MOD versions promising no advertising. We carried out a series of tests on all three versions and can report that many things can happen, but conveniently the user sees nothing.<\/p>\n
Our assessment here is based on what an app like this needs to function. For pragmatic reasons, allowances are made for monetization via ads etc. with additional \u2018functionality\u2019 viewed case-by-case. Declared permissions that go beyond those needed for a regular app to provide the same services are generally unacceptable by default.<\/p>\n
Without granting permission to access the internet, not much will happen, and in the event functionality exists to download a video, denying access to external storage would be an issue too. Let\u2019s assume all permissions are granted, and since many users will also sideload the app onto their cellphones, we will cover some of the main issues across all devices at the same time.<\/p>\n
Permissions Permissions Permissions<\/h2>\n
Here\u2019s just some of what the app can do, beyond what it needs to be able to do. We\u2019ll consider the implications later.<\/p>\n
\u2022\u00a0Location:<\/strong>\u00a0Even with allowances made for access to localized content, identifying the user\u2019s approximate location is not the same as always being able to identify a user\u2019s location accurate to a few feet.<\/p>\n \u2022\u00a0External Storage Read\/Write:<\/strong>\u00a0The app has broad access to external storage, including read\/write permissions. What people store on their devices tends to vary depending on the individual.<\/p>\n \u2022\u00a0Bookmarks\/Browsing History:<\/strong>\u00a0Tests indicate the app not only has permission to\u00a0read bookmarks<\/a>\u00a0and browsing history, it can write to them as well.<\/p>\n \u2022\u00a0SMS\/Call Logs:<\/strong>\u00a0When providing access to a movie or TV show, there\u2019s no reason why the app should obtain the name of the device\u2019s network operator. Being able to query a user\u2019s SMS messages and obtain their content definitely isn\u2019t needed, nor is it acceptable to query a device\u2019s contact list, or access its call logs.<\/p>\n There are also some serious issues on the technical side outside the scope of this article, but one apparent double standard is worth highlighting.<\/p>\n On one hand, the app uses\u00a0SSL certificate pinning<\/a>\u00a0to prevent MITM attacks (eavesdropping) on communications it aims to keep private. On the other, it proactively enables cleartext traffic, which enables eavesdropping (and modification) of transmitted data it presumably wishes to see (and potentially tamper with), without being detected by the user.<\/p>\n Apart from intercepting unencrypted network traffic, potentially including credentials, API keys, and other sensitive information, a potential attacker could track the user\u2019s location in real-time. This could enable anything from stalking to targeted phishing attacks based on known daily routines, augmented by information from contact lists, call logs, and the content of SMS data.<\/p>\n If more data was needed to carry out identity theft, a simulated identity theft warning sent to the user by SMS, claiming to be from the user\u2019s own bank (confirmed by entries in their contact list and SMS), could lead to some people clicking a link to a bogus banking page. They might even be persuaded to hand over the rest of their info.<\/p>\n Of course, savvy users don\u2019t click links in unsolicited messages, it\u2019s too risky. Instead, they visit their own bank with a communication that they themselves initiate; just quickly dig out the bookmark and\u2026\u2026<\/p>\n In summary, then, aside from launching at boot and the ability to install additional software, the app can harvest personal information, obtain information on contacts, and the content of their messages on the device. It can intercept communications, manipulate device behavior, and track movements and activities in real-time, while recording locations (home, workplace, gym) and times.<\/p>\n On the plus side, version 4.4.4 does not appear to have the ability to use a device\u2019s camera to photograph anything it likes, at any time, without the user\u2019s knowledge or permission. It\u2019s an oversight that seems to have been \u2018corrected\u2019 in 4.4.7.<\/p>\n There are the movies and TV shows to consider, of course, accessed from well over 200 pirate site domains embedded in the app. There\u2019s also the superficially\u00a0\u2018clean\u2019 detection reports<\/a>\u00a0on VirusTotal to put any remaining doubts to rest.<\/p>\n A fitness app carrying out 24\/7 monitoring wouldn\u2019t be flagged for being malicious, and there\u2019s not much difference in this case either. The app asked for permission, and without considering intent, permission was granted. There\u2019s not much that can be done about that.<\/p>\n Source: \u00a0Other Security Issues of Concern<\/h2>\n
What Could Possibly Go Wrong?<\/h2>\n
Almost Nothing Happens?<\/h2>\n
![\"TorrentFreak\"](\"http:\/\/worldjusticenews.com\/news\/wp-content\/uploads\/2016\/11\/torrentfreak.png\")
<\/a> TorrentFreak.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"