Why You Should Be Worried About Smartphone Apps Stealing Your Data

This past July, photo-editing app FaceApp went viral as people went gaga for the chance to see what they’ll look like when they’re old, bearded, and wrinkly. The app, which was released in 2017, suddenly gained traction and over 12 million new users in the span of a few weeks this past July.

The good times quickly darkened, however, when users learned that the terms of service they agreed to gave FaceApp “irrevocable” access to “use, reproduce, modify, adapt, publish” any name or likeness provided. Users’ fears were compounded when it was made public that the app’s developer, Wireless Lab, is based in St. Petersburg, Russia. Users are now left to worry that they handed over the keys to sensitive personal data in exchange for a goofy selfie. Are FaceApp users’ fears well-founded?

The big dilemma with apps having access to data

“This is most likely to become the problem of the century—that’s how big it is,” says Mihai Corbu, Senior IT Consultant at Lentiq. “App makers can access your camera, microphone, location and files, basically almost every piece of information that is sensitive for any end-user.”

Dennis Hirsch from The Risk Institute at Ohio State University says that the real problem is the fact that FaceApp didn’t actually steal anybody’s data: “People voluntarily gave it to them. That is the problem. People do not understand who is behind the apps and what they can do with people’s data, and so they voluntarily give their data to such apps even when they shouldn’t.” That’s just one of the tricks hackers use to scam you.

What users need to consider

“As with any application or service, privacy should always be a consideration for a user,” explains James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. “FaceApp, like many other apps, published a privacy policy and in keeping with many other ‘free’ services, they have a relaxed policy to what might eventually happen to any data that is uploaded. People feeling uncomfortable about it is a good thing, and that’s exactly the approach that we should always take when interacting with any application.”

It’s not just FaceApp, though. Bryan Osima, CEO of Uvietech Software Solutions Inc., notes that profit is a powerful motive. “The companies who make these free apps are in the business of making a profit, and as such, they look to find alternative ways of making money,” he says. “So users trade their privacy and data (knowingly or unknowingly ) for use of the free app or service. This is the case with tools like Facebook, Google, Instagram, etc. These are just some of the big free platforms out there that provide free tools and services and get their pay off from mining the user’s data and selling that data to advertisers.” That means that if you have an account with any of these online companies, your privacy may be at risk.

What companies do with your data

What can companies, scrupulous or otherwise, do with our data? The answer is almost anything, according to Joshua Kail, Director of Public Relations at Press Pass LA, “from highly targeted consumer or political advertising to identity fraud, financial hacking, and corporate espionage.”

The sky is the limit when total access is given

Total access is something of a Pandora’s box. “When an app has access to your smartphone or tablet, they can access photos, contact information, browser history, your GPS location, and even the camera and microphone on the device,” warns Burton Kelso, Technology Expert at Integral Computer Consultants. “Your data can be sold to advertisers, people who are looking to get information and background checks on individuals. The worst-case scenario is if this information winds up in the hands of a criminal via a data breach.”

Developers need to take responsibility

App developers are not developing apps with security in mind, and they should, according to Timur Kovalev, Chief Technology Officer at Untangle. “Financial apps, for example, have access to people’s social security numbers, bank accounts, addresses, and more, making them more appealing for hackers to find a vulnerability to breach,” he explains. “Lack of encryption methods and app data sharing leaves the door open for hackers to gain access to personal data.” He’d like to see developers start taking app security seriously and see apps stores, such as Google Play Store and Apple App Store, enforce stricter security standards for apps with access to such sensitive data.

Get serious about your data

In the meantime, the onus is on users to protect ourselves. As Kail, of Press Pass LA, says, “We need to treat our personal data as an extension of our net worth. We can demand better compensation for our digital gold, as it were. One way to do that is to read through the user agreements before we download, or simply be more discerning in what we download.” Here are more expert-approved ways to protect yourself online and details on what secure messaging app you can download on your phone.

Steps you can take to protect yourself

Uninstall toolbars from your browser and only install mobile apps that don’t ask for extensive permissions, recommends Mike Catania, CTO of Promotion Code. “Yes, it might mean missing out on the next FaceApp, but that’s a small price to pay.”

Understanding the permissions minefield

If it seems like a whole lot of fine print, it is. “Unfortunately, it is a challenge for a typical user to understand the implications and intent of a mobile app,” explains Carl Leonard, Principal IT Security Analyst at Forcepoint. “The many permissions that an app asks for upon install can be a minefield—and very often legitimate apps also ask for a laundry list of permissions too.” What’s a user to do? Leonard recommends considering the end-goal of the app: Is it to capture a certain piece of information or build a network? “Think carefully about whether you want to be a part of that or are willing to give up something (security, privacy, peace of mind) in return,” he says.

Some red flags to watch for before downloading an app

Osima offers this checklist:

• Read the fine print, terms, and conditions. These are usually long, boring and in all uppercase and hard to decipher but usually, you will see what you might be trading in exchange for use of the software.

• Read reviews from others who have download the software.

• If you have doubts, research the company on the internet and see if they seem legit. (This is not always a guarantee, but it helps.)

• Before installing, see what exactly the app will have access to on your device. Contacts, photos, storage, microphone, camera, etc? Ask if it really is necessary for it to have access to certain device features.

• Look out how many downloads of the app there are, how long the app has been in the app store for?

• Look to see if the app is actively maintained, etc.

Despite these warnings, your personal security wall is still too easily breached. Don’t miss the 16 signs you’re about to be hacked.