PayPal seems to collect a lot of information about its users and we are entitled to ask for what reasons?
We will not hide it, this week we relayed a lot of information concerning the collection of personal data by some companies of the Tech. These include the charges against Wiko and OnePlus.
But behind these two “cases”, it is always the same person who has laid the foundation stone: a developer specializing in computer security that hides behind the pseudonym “Elliot Alderson”. And the latter is still at the origin of a new discovery on this subject of data collection which is very dear to him. This time, he is attacking PayPal.
Elliot Alderson searched the code of the Android application of the famous online payment service and what he found did not please him at all.
First, he realized an incongruity within anti-fraud tools. All of PayPal’s SDK is perfectly open source – and so it’s easy to dig into it – except for the entire metadata part of the app that’s still obfuscated (impenetrable) and not available on GitHub, unlike the rest of the code. It’s like PayPal wants to hide this information.
The measure is however quite useless since by pushing the research a little further, Elliot Alderson could have an overview of all the data collected.
In the screenshots above, we can see that the SDK PayPal is thought to collect a lot of information including, among others, the following:
the IP address;
the SSID of the Wi-Fi network;
relay antenna data;
the time since the device is turned on;
the telephone operator;
Why collect this data?
Do not cry immediately espionage. But as the developer points out, we are left wondering why PayPal needs all this information and why the service has lacked transparency.
Another developer responds to Elliot Alderson by saying that this SDK does not even really use to put anti-fraud tools in place.