A Smartphone Can Be A Risk To Your Data Privacy And What You Can Do To Stay Safe From Malicious Mobile Apps
Ever given serious thought to your valuable confidential and sensitive, personally identifiable information( PII) stored on your mobile phone? If not, It’s high time to be aware of the extent to which malicious apps can invade one’s privacy and know what safeguards you must take to mitigate the risk of privacy infringement or loss of personal data, talks Sonia Randhawa
Everyone who uses a smartphone knows that using a smartphone can invade their privacy by installing and using known or unknown mobile apps. Around half of them think that their privacy is not in their hands. That’s what the survey by Pew Research Center shows (Refer graph below). However, many users are not fully aware of the intricacies, how apps infringe their data privacy & data security, or how they can manage the privacy of their personal and sensitive information. Let’s see how mobile apps can be malicious and play with the confidentiality, integrity, and availability of information, and can jeopardize the security.
Source: Pew Research
Can Mobile Applications Be Malicious?
In today’s interconnected digital world, mobile apps have become an integral part of everyone’s life. Almost everyone uses a smartphone today, and one can’t imagine using a smartphone without mobile apps. Smartphones come equipped with a range of sensors that keep track of the user’s every activity. Knowingly or unknowingly, they share their vital information with mobile apps installed on their mobile phone. One cannot discount the lurking possibility of rogue mobile app developers misusing it and invading one’s privacy. Technologists and designers have to introduce fool-proof methods to protect against such threats.
How Can Mobile Apps Invade An Individual’s Privacy?
When one downloads a mobile app from the internet, it asks for several access permissions, such as accessing contacts, cameras, geographical locations, etc. Generally, most users grant these permissions without bothering to give it a thought. By misusing these permissions, mobile apps can invade users’ privacy and access private and sensitive data. That is precisely the reason why India banned 59 Chinese apps a week ago. These apps include popular ones like Tik Tok, ShareIt, and ES File Explorer, among others.
The banning of mobile apps by countries is not new. China itself is a prominent example of such actions. It has already banned Facebook, Google, YouTube, WhatsApp, and many other globally popular mobile apps. Sonia Randhawa, a security expert in the area of technology, had recently mentioned in a tweet that China has already banned outsider apps so that they can stay safe in their own space, further adding that both Android and iOS have permission models, and irrespective of what model or brand you use, can be compromised to gather a lot of sensitive and confidential information in an unauthorized way.
She went on to explaining very thoughtfully in another tweet that Chinese apps can spy on key persons such as business tycoons, politically exposed persons, etc. In extreme scenarios, they can drain the bank accounts of millions of customers using mobile banking and cripple the cellular network at will.
Remember, it’s not about any one country. The Chinese apps are recently in the news because of its geopolitical issues with various countries. The invasion of privacy can happen even with non-Chinese apps. In short, any mobile app is capable of invading one’s privacy.
So, What Could Be The Consequences Of Invasion Of Privacy?
Before discussing the remedial steps to be taken to protect one’s privacy, one should know what consequences such privacy invasion by the rogue mobile apps can bring.
- The app developer can track the user’s location as they have allowed the app to do so. Malicious users can use the data to compromise their security or to stalk people.
- Nowadays, people are comfortable using payment wallets and mobile banking apps to transact and transfer money. A careless person may give out the PIN used for accessing bank accounts, thereby introducing a financial risk angle.
- Cybercriminals can access the documents stored in cloud storage such as Google Drive or OneDrive and use them to pursue their malicious intentions.
- There have been cases of burglaries committed by the cybercriminals in situations when no one is available at home. Thus, sharing personal locations with a third-party can prove dangerous.
Now a big question arises – Is the granting permissions to mobile apps the sole reason for the invasion of privacy? Surprisingly, the answer is NO. Even if someone is diligent enough to remove all suspicious apps from one’s mobile, follow the principle of least privileges, give only the necessary minimum permissions, and that too only to trusted apps, there can still be a risk. Motion detectors such as accelerometer and the rotation-sensing gyroscope collect data and share it without the user’s knowledge. It is because these detectors are not permission-protected. They can access your data even if you do not permit mobile apps to access these sensors.
Using these motion detectors, malicious actors can determine how a user taps the smartphone’s touchscreen. It can sense the numbers you type out on the on-screen keypad as your PIN code for accessing your bank accounts. Imagine the consequences if this information falls into the hands of cyber adversaries.
Recently, there have been instances of data breaches through the Zoom app. Millions of students and businesspersons/employees use the Zoom app for communicating with their teachers, business partners, or colleagues. Such data breaches can prove dangerous to all.
How Can The Users Safeguard Their Privacy?
The threats and risks of downloading and using malicious mobile apps are unlimited. Therefore, one should know the steps to take, such as listed below, to safeguard one’s privacy and protect sensitive data from malicious actors.
- Regular updates are critical – Update your software at regular intervals. Usually, all smartphones come with an automatic update option. Activate these settings to ensure that the software updates automatically whenever released by the developer.
- Check out the app reviews – Research the app before you download it. One cannot discount the presence of fake reviews appreciating the app. Therefore, consider also the 1-star or 2-star reviews to get an accurate picture.
- Never give permission mechanically – Check out the permissions the app seeks when you download it. If the app demands unnecessary information, it is a significant warning sign to avoid installing it.
- A password manager can be helpful – Use a password manager’s services to generate and store your encrypted passwords. Cybersecurity experts suggest using strong passwords to access your accounts. However, it can be a challenge to remember such strong passwords. A password manager can come handy under such circumstances.
- Use VPNs if you can– Never access your critical apps like mobile banking on a public Wi-Fi. If you need to do so, use a virtual private network (VPN).
- Social media can prove dangerous – Social media interactions are good, but they can also prove to be channels of sharing critical information. Limit your social media interactions, especially when it comes to sharing private information.
Investing in cybersecurity is a cat and mouse game. Cybersecurity and privacy professionals keep introducing fool-proof solutions to manage cybercrime. However, the cybercriminals are smart enough to devise new ways of committing the crime. The one-upmanship game will keep on continuing. Yet, smartphone app users have the responsibility of safeguarding their personal data. Downloading genuine mobile apps and taking the right precautions can help prevent privacy intrusion through mobile apps.