Phones are no longer just a mode of communication, with apps quickly becoming their primary use. According to research by Nielsen Media, the average user engages with 28 apps per month on their device.
With the majority of apps on both Google Play and Apple’s App Store collecting some form of personal data, that leaves a large security hole in almost everyone’s wallet.
So, what sort of app behaviours can put you at risk, and what can you do about it?
1. Using your location##
Some apps do require your location to work properly: maps, driving directions and finding nearby restaurants. However, many other apps simply take this information for its own sake – it’s veritable gold for marketing purposes.
If you’re uncomfortable with this default setting, there often isn’t a lot you can do apart from uninstalling the app. If your phone allows you to adjust location services on a per-app basis (for example, iOS), you can disable them one by one, or simply keep your phone’s GPS switched off unless using maps.
The ads gracing many free mobile apps present a mixed-bag of security issues.
App developers use code from ad networks to help support their work, and for the most part this is very secure. It’s generally run by reputable advertising networks with high security standards.
Other ad networks are less than stellar, however, leaving security gaps in this code. They may also serve dicey ads, or become the victims of hijacking. When this happens, the app can create a vulnerability in your device.
To avoid this issue, check reviews of the apps you’re looking to download and listen carefully for reports of annoying ads. Intrusive ads can be a sign that the ad network responsible is less careful about what it serves.
You may even wish to use Ad Blocking apps on your phone, however be sure to whitelist the apps you use regularly, as this helps support the developers.
Great options for Android include Appbrain Ad Detector, which allows you to view app permissions and which ad network the app is using. This way, you can control exactly where your data may be going. (iOS users also have options aplenty).
3. Open Authentication (“OAuth”)##
Using Facebook, Twitter and Google Plus to sign in to apps is convenient, but it’s also an extra point of vulnerability. Should your social account be compromised, thieves will have access to your app accounts, too.
To curb this, set up Two-Factor authentication on all your social media accounts. It might be a bit of a hassle in the short term, but it will make the convenience of OAuth much less likely to cause a chain reaction of account theft.
If your social account (e.g: Twitter or LinkedIn) is ever hacked, be sure log off your official app, too. Account thieves can use the “always on” nature of the official mobile apps to keep themselves logged in to your account, even if you change the password.
4. Access to your address book##
Your address book contains invaluable information for advertisers. Many apps will rifle through your contacts just to collect data that’s easy to onsell.
Like your location, some apps will need to use your contacts to work effectively: messaging and VoIP/Internet phone call apps, like Viber and WhatsApp, are two major examples.
It’s difficult to stop this sort of information collection across the board, however, save for refusing to install apps that use this data unnecessarily.
Use of an Ad Blocker (see above) can help you identify and manage this risk. If you’re concerned, you can also write to app developers and let them know that your privacy is important.
The moral of the story? Awareness is your best defense. Take a second to read through app permissions before you install, and look out for suspicious ones. A mobile game that wants to access your contacts, phone and location? It’s probably not worth your time (or your privacy).