Your mobile phone is going shopping without you

Gal Ringel
6
min read

<hl>7 reasons why mobile apps put your personal data at greater risk<hl>

On August 27th, online security company Kaspersky announced that its researchers have discovered a malicious code in the Android version of the popular mobile app CamScanner. This code enabled a series of dangerous actions, from unauthorized ad content to actual online registrations and payments. The app, which was installed by more than 100 million users worldwide before Google removed it from the Google Play store, is not the first app to demonstrate the data-related dangers that accompany our beloved mobile devices. In fact, more than 1,000 different Android apps completely disregarded Google’s permission restrictions and harvested user data without consent.

Mobile Phone

For Android users, the mobile security problem doesn’t begin when downloading apps from the app store. Long before that, when choosing their mobile device, users might be compromising their data’s safety. In fact, devices manufactured by the Chinese telecom company Huawei were officially banned by the US, Japanese and Australian governments out of fear that their devices will be used to spy on countries and businesses. iPhones aren’t completely safe either and software flaws have led to iPhone security breaches for years, according to researchers.

So, what it is that makes mobile devices so dangerous? The followings are seven alarming reasons that should make you think twice before hitting “install”.

1. Bigger data

Every online activity involves and therefore risks users’ personal data, but no device has access to information like our smartphone. Our phones know all about our GPS coordinates, contact lists, phone calls, text messages, emails, photos, and everything else. This obviously makes mobile apps a more attractive target for hackers, and when combined with the security vulnerabilities we’ll discuss next, a ticking data bomb is created.

2. Smaller teams

The startup fairytale includes three programmers working together from a garage somewhere, and when it comes to mobile apps, sometimes even that might be considered an overkill. Many apps out there start their way with a tiny team, and sometimes no team at all. Because the teams are so small, they have to prioritize and unfortunately, releasing new features still tops security issues for most. When these vulnerable apps start to succeed and build an audience for themselves, the team again must focus on growth and infrastructure issues, neglecting to solve any early data protection needs. That’s how super successful apps that put millions of users in danger are born.

3. Monetization struggles

Mobile users are used to getting everything for free, which creates a huge monetization challenge for app makers. This means that an app might have millions of active users and still struggle to make a profit. Apps with a small pool of paying users are often forced to make risky and painful compromises at users’ expense. They don’t hire security specialists, agree to collaborate with questionable partners, and use their users’ data without permission. The old saying of “If the product is free, you are the product” is very much true here.  

4. SDK usage

Perhaps because their teams and budgets are smaller, app builders need a lot of external technical help. That’s where the mobile Software Development Kit (SDK) comes into play. These kits, which are installed by developers within the app, are extremely helpful and provide countless services, including analytics, advertising, customization, marketing, and more. The problem is that if the SDK is malicious or vulnerable, the main app and all of its users are equally exposed. An SDK can cause the app to crash, show inappropriate content or ads, and harvest or leak user data.

5. Lack of ownership

Apple and Google’s app stores invite developers to create and offer their apps following a structured vetting process, but even though Apple is known to be quite strict and Google has been working hard to improve its security levels (to the point of blocking a million unsafe apps in 2018 alone), there’s still a long way to go. In Google’s case, this includes not only the apps but also the many Android devices offered to users.

The apps may be downloaded from official app stores, but we know very little, if anything, about the people and companies behind them. This lack of clear ownership turns the app stores into a wild mobile west. If you work in the tech industry, this is hardly news, but users of different age groups and backgrounds aren’t necessarily aware that the mega companies themselves are not directly responsible for building and protecting these products.

reasons why mobile apps put your personal data at risk

6. Ask for forgiveness, not permission

Even though both Apple and Google require that apps ask for specific, detailed and justified permissions to access users’ data, the process is still incredibly problematic, particularly on Android devices. Most users treat the permissions screen as an annoyance that stands in their way when installing a new app, and the rare users who read this information would likely fail to understand it. Not only that, but as we’ve mentioned before, app creators have their own ways of bypassing Google’s restrictions and accessing data they were never granted permission to use.

7. Forget about it

Once these permissions are granted, changing and managing them is something users will never bother doing. In the early days of the mobile revolution, when many devices lacked a built-in flashlight feature, dedicated flashlight apps were infamous for asking access to excessive and irrelevant data and collecting it silently in the background for years. Our new devices have their own flashlight capabilities, but they also come with far more storage space, which makes users even less aware of the apps they never use, but also never delete. This sort of behavior adds to the attractiveness of apps as a data harvesting tool.  

Don’t throw your mobile phone away just yet (as if you were ever going to) but do go over the apps you’ve installed and see which ones might be redundant and what information you share with the ones you choose to keep. Consider replacing free, invasive apps with more secure ones that charge a small fee. You will not be anyone’s product as long as you refuse to be treated as such.