Smartphones have come a long way, and are now an integral part of our lives. It’s not just the touchscreen display, powerful hardware and the operating system doing the trick, but the apps are what make smartphones that they are today. We are so used to interfacing with an app for everything we do, that it’s now difficult to even think of a smartphone without them. But while most of you may not be aware, some apps pose a bigger security threat than you would imagine.
While most of apps we use are free to download and use, a major concern around them is safety. And of course, privacy. Given the recent malware attacks carried using smartphone apps, it is time we should rethink our ignorance when installing apps.
Typical habits – ‘I accept the terms and conditions’
Do you remember how many times you’ve clicked on ‘I agree’ at the bottom of the never-ending pages of terms and conditions? This is prominent when signing up for a service, when installing apps, and also while installing programs on a PC. In fact, the habit of blindly accepting terms and conditions comes from the days when most of us started using Windows PCs, and now the same ignorance continues.
Why? First off, there are like 30-80 pages of terms and conditions, or more. It’s fine if it’s just limited to a single app or service. But when you constantly try out new apps and services, the impatience of rushing through the signup process and actually using the app wins. Secondly, take the example of Facebook. We all want to connect with our family and friends, and even if Facebook wants details such as name, date of birth, address and other personal details, we don’t think twice before confiding in the service. We’ve gone blind to the concerns of data theft. The blame for this loose approach rests on us alone.
Same is the case with Google as well – it logs data of your whereabouts, your searches, and also reads context within your emails. It knows everything that you search for. The next thing you know, you start seeing ads that were part of your conversations not long ago. Some people may take this as a threat, some may think about data privacy, but hey, you gave Google the permission to read the data. And if this is not enough, there’s a bigger concern with app permissions that you grant.
App permissions – think twice before you grant them
Google introduced ‘app permissions’ feature with Android 6.0 Marshmallow OS that allows you to ‘grant’ or ‘deny’ permission that apps want to access. But what really happens when you install an app? You head to the Play Store, search for app, click on install and run it. During the first run, the app shows you the services it needs to access, and majority of users simply click on allow (or accept all), and that is where the real problem begins.
Let’s take an example of a third-party camera app. It needs permission to microphone to record audio, storage to save photos and videos, and location for geo-tagging. But then, there are some third-party camera apps that require you to grant permission to read your contacts and messages, which is where things get fishy.
Now, it is not necessary that the app developer will misuse the data by accessing these services, but what if the app gets compromised? You’re not only putting your data in danger, but also increasing the risk of your contact details and SMS conversations falling in wrong hands.
While that is about misuse, there are banking apps that need access to your SMS, which is logical as it would use that to authenticate the OTP. Some banking apps ask you to grant location access, using which they can locate nearby ATMs. But hey, the access has to be limited to when you are using the app, not all the time, when the app is running in background or when it is not in use.
Last year, Uber app update required location data even when you were not using the app, but after user backlash, the company remove the always on location permission. Sure, it may have helped Uber identify where its users are, and how likely are they to book a ride. But I, for once, wouldn’t want to give Uber the permission to know where I am.
And it all that isn’t enough, earlier today, we learned that smartphone games could be tracking you and your environment. According to a report in the New York Times, few games like Pool 3D, Beer Pong: Trickshot, and Real Bowling Strike 10 Pin access your smartphone’s microphone to scan the ambient noise around you.
NSA whistle-blower Edward Snowden had shed light on how the government could track your details, and also use the web camera on your laptop to spy on you, even when it is not in use. Similarly, these games that have access to your smartphone’s microphone may record your conversations and misuse them as well.
Here’s what you must do to keep your data safe
Now, a few months ago, there were reports that apps from Chinese smartphone makers have their servers in China, and they are constantly sending data there. While top smartphone brands may not misuse the data, small time apps may. This makes it even more important to deny permission to certain services that don’t make sense for the app.
While many apps ask for a host of permissions, the key lies in identifying the app’s nature, and questioning what seems to be unnecessary requests. On your Android smartphone, you can head over to Settings > Apps, select the app and click on permissions. On the right, there is a toggle switch using which you can allow or deny app permission to certain services.
Similarly, Apple’s iOS also allows you to have greater control over the permissions you give to apps. You can either allow full access, only while using the app, or never. You can do this by heading over to Settings, scroll down to select individual app, and then toggle app permissions.