Big Privacy Stories Land on the Same Day

On April 8, two very different privacy stories broke at once: Google opened the payout process for a $135 million Android data case, and researchers published a hack-for-hire investigation that mixed Android spyware with fake login pages to break into Apple iCloud accounts. The overlap matters because one story is about platforms paying for old collection practices, while the other is about attackers exploiting phones right now. (cnet.com) (techcrunch.com) The Google case says Android devices sent data back to Google over paid cellular connections even when phones were idle, apps were closed, and users had not agreed to that transfer. Google denied wrongdoing, but it agreed in January 2026 to settle Taylor v. Google LLC for $135 million. (cnet.com) (classaction.org) CNET reported that about 100 million United States Android users could be covered, with payments capped at $100 per person and likely reduced on a prorated basis. The live settlement site now lets eligible users pick a payment method before the court’s final approval hearing on June 23, 2026, and objections are due by May 29, 2026. (cnet.com) (classaction.org) The class is broad in one way and narrow in another: it covers people in the United States who used an Android phone with a cellular plan from November 12, 2017 through final approval, but it excludes California residents because California users were covered by a separate $314.6 million settlement. That split shows how one privacy fight can turn into two different legal tracks depending on where the user lives. (cnet.com) (classaction.org) Google also agreed to change the setup screens and terms around Android data use, including clearer disclosure that some transfers can happen passively and a promise to stop collecting data when the “allow background data usage” control is switched off. In plain terms, the settlement is not just a check; it is a rewrite of the label on the box. (cnet.com 1) (cnet.com 2) The second story came from researchers at Access Now and Lookout, who traced a spying campaign across the Middle East and North Africa to a hack-for-hire operation with ties to Asia. Their report says the targets included Egyptian journalist Mostafa Al-A’sar, Egyptian politician Ahmed Eltantawy, and a Lebanese journalist targeted in 2025. (accessnow.org) (techcrunch.com) The attackers did not rely on one tool. TechCrunch reported that they used phishing pages to steal Apple account credentials for iCloud backups and used Android spyware to take over phones, which gave them two doors into the same person’s life: the device in a pocket and the cloud archive behind it. (techcrunch.com) Access Now said the campaign ran from 2023 to 2024 and used spear phishing, meaning messages tailored to a specific person instead of generic spam blasts. That matters because a custom lure sent to one journalist or one opposition figure is harder to spot than a mass scam sent to 10,000 strangers. (accessnow.org) Put together, the two stories show the same phone from opposite directions. In one case, a court is pricing the cost of background data collection after years of litigation; in the other, investigators are documenting how mercenary hackers still combine mobile malware, fake sign-in pages, and cloud access to extract the most private data people have. (cnet.com) (techcrunch.com)