Monday, 22 February 2016
Are Your Apps Stealing Your Data?
Most of us have some kind of smart device, which is why mobileappstuff.blogspot.com is a great resource for learning about the latest in apps. I appreciate the chance to contribute to the conversation of app security, as privacy is a growing concern. If you’re interested in getting ahead of the curve, check out this article on “What to expect of mobile technology trend in year 2016” when you finish.
Apps perform a nearly endless list of functions. They help us be on time, they entertain us, they do our taxes; I’ve got an app that plays Christmas music to a repeating animation of a fireplace. Whatever it is you need your device to do, someone has (or is going to design) an app for it. The best part? Most of them are free.
But “free” may be an exaggeration. If you’ve looked at the app permissions on an update or new install, you may have noticed some apps have access to an extraordinary amount of functions on your phone or tablet. When you look closely, you might find some oddities, such as a flashlight app requesting permission to view your contacts.
The level of invasion depends on the app and on the type of device. iOS, for instance, allows you to set permissions on a per app basis, as does Windows. Android regrettably does not currently have that function; although, you can manually disable very select features such as your Location.
So this leaves us all with a few questions: what data is being harvested, what is it being used for, and what can you do about it? Let’s take a look.
The vast majority of apps that invade your privacy do so for one sole reason: to monetize. Yes, it’s all about the Benjamin’s, even when we start talking about stealing your data. App developers who provide free apps typically include some types of ads. In order to make those ads effective, they want certain information about you.
The most common information an app takes is probably your specific location. Local ads are considered more relevant and can increase the chances they’ll find something to sell you (and add to revenue). You can combat this by turning off Location, but you’ll naturally lose some functionality of other apps.
However, a few apps will actually use your microphone to help target ads. Watch out for apps that appear to have no voice or microphone functionality, yet still want access to your microphone. This is a bit harder to circumvent (especially for Android), without just not using the app.
Some apps need to use the internet to work—it’s pretty expected if you’re playing a game such as Clash of Clans that you’d need access so you can play with other people. But other apps come up on the short end of the stick explaining exactly what they need access for.
As always, the question you need to ask is “why does this app need that access?” My original example of the flashlight app is actually quite notorious, because recently quite a few flashlight apps have been implicated for invading privacy with unnecessary permissions.
Other apps that shouldn’t be requesting that sort of access might include utility based apps, such as a clock, your desktop background, or other utility tools (I’ve got a leveler installed, for instance).
If you absolutely must have apps with unusual network access, beware that they might use up some of your precious data (unless you’re on an unlimited plan). Using up your plan is a double whammy, because you’re actually paying for the invasion of your privacy.
Modifying Contents of Your Storage
Apps routinely add new features and communicate with servers in remote locations. Sometimes, in order to fully function, they need to save things locally. But can you trust every app you download?
The sheer number of apps available, particularly on Google Play, means not all are verified for their safety. Changing your storage could be anything from saving files to adding malware or leaving room for later exploits. The goal is still likely the same: monetization. After all, identity theft is ultimately a means to take your money.
I’d venture to say your contacts are valuable to you; the same could to be said for certain companies and groups interested in targeting your interests (for profit, of course). This one makes me the least comfortable, because it invades the privacy of more than just you.
Unless the app you’re using is for texting or calling, it earnestly shouldn’t be accessing your contacts. This has been a problem in the past for iOS, which allowed apps to access your contacts in order to make things run more “seamlessly.”
There are a few things for you to do to fight against apps stealing your data. The most basic is to always get apps from an official source and to check their permissions before installing them.
Last year, an exploit in Android allowed hackers to install malware by interrupting the installation process of apps downloaded outside of Google Play, allowing the theft of account information such as passwords and other login details, and eventually financial information.
While this highlights the importance of using official sources, you may also want to consider encrypting your data and hiding your IP address by using a VPN (Virtual Private Network). Stolen information is considerably less useful if it’s encrypted, because it’s unreadable (for all intents and purposes; encryption takes far too long to break to be reasonable).
Minimize Your Risk
Always do some research before jumping on the latest apps? There are some websites which help to check the privacy grade of apps, measures their expected permissions vs. their actual permissions to leverage just how much your privacy is being violated.
Be careful what you’re storing on your device and always assume there is no expectation of privacy. It’s not necessary that you be paranoid, but a healthy amount of suspicion will keep you from giving away more than necessary.