What Your Apps Know About You

• February 23rd, 2016
Mobile Security

Oh, the digitally centered lives we lead.

Want to track your calorie intake? There’s an app for that

How about snagging the best parking spot at the mall? There’s an app for that, too.

With apps for just about everything nowadays, it’s hard to remember a time when we didn’t rely on them for everything.

The Coming App-ocolypse

With each passing year society becomes more dependent on our mobile devices. Phones have evolved from “a good thing to have in case of an emergency” to full-blown mini super-computers that we “cannot live without” in a mere 10 years.

In 2015, 85 percent of millennials (ages 21-34) had smartphones and 21 percent were mobile-only. And according to comscore.com, Americans spend more time accessing the internet through apps and their mobiles than they do via desktops. We are living in what Forrester.com, one of the top research and advisory firms in the world, calls the “app-ocolypse”. Apps and mobiles are everywhere and it seems that we really like it that way.

This is all fine and well. Apps do make our over-complicated lives less complicated – they measure for us, they track stuff for us and even tell us when our steak is ready. But there is a shady side to the app-ocolypse, too. Apps collect information about their users. Developers often say that they collect information to create enhanced functionality in their app or to deliver a better user experience. But more often than not, it’s not easily understood why certain apps need all the information they collect.

Think about it like this – why in the world does your calorie tracker need to access your contacts? And really, why does your flashlight app need to know your location? Recently the FTC called out flashlight apps on both iOS and Android platforms for collecting unnecessary information – both were guilty of being built to track location and access calendars, contacts and unique identifying factors. The settings also allowed them to share all that information with third party ad networks. Yikes – All that, just for a flashlight!

The problems is that even when developers do admit what they are accessing, we don’t pay much attention. Typically, when a mobile user sees an app he or she just can’t live without (seriously, how in the world did we ever manage without Shazam??), we just click “install” without thinking about the privacy issues at stake.

Apps’ Risky Behavior

Appthority, a mobile app security firm, conducted a study in 2014 and found that of the top 200 free apps in both the iOS and Android app stores, 95 percent exhibited behaviors that could be classified as risky. Think you’re okay because you’re an app snob and only install premium (paid) apps? Well, 80 percent of the top 200 paid apps on both platforms also exhibited risky behaviors, demonstrating that paid apps are not much safer when it comes to privacy than are free apps. Risky behaviors include location tracking, accessing contacts, and sharing information with third parties like ad networks and analytic companies, among other behaviors.

In an interview with SCMagazine, Appthority founder Domingo Guerra said  ““Most of permissions requested …are aimed to collect user and device information…As developers realized that they can’t make a living off free or cheap downloads alone, they have turned to Analytics Frameworks (SDKs) to collect data, and Ad Networks and data brokers to monetize the data they collect.”

How to Avoid Risky Apps

Then there are some apps that harbor malware – forget about the subtle art of data collection – These guys pump your device full of rotten code with the intention of flat-out stealing information. Again, apps across both iOS and Android platforms have been found to foist malware onto user’s devices. Apps ranging from Bible quizzes to Chinese versions of Angry Birds have been known to deliver malware to unwitting users.

Does this mean that you should never install another app again? Well, no, not really. Here are some things you can do to use apps safely:

• Look at each app you are thinking of installing and do your research. Go through its company page. Does it seem legit to you? If you can’t answer confidently, stay away.

• Pay careful attention to the privacy settings and see what the app is trying to access. It might not contain malware but do you really want your fitness app giving your information to analytic firms?

• Make sure you have solid mobile protection installed. Zone Alarm’s Capsule Mobile security solution has a built-in app monitor to alert you to apps that request excessive permissions. It also detects and blocks mobile malware in real time, keeping you covered from both data hungry apps and ones that are just flat-out dangerous.

• Read reviews before you install. This might tell you everything you need to know, saving you lots of heartache down the road.

• Conduct an “app audit”. Go through the apps you have already downloaded and really think about whether or not you need them. Keep the ones you need, and the others, toss. Then check out the privacy settings on the ones you want to make sure you feel they are trustworthy.
• Use a mobile security app, like ZoneAlarm Mobile Security, to protect you from threats to your privacy and personal data.

The main takeaway is to think about what you are doing.  Wouldn’t it be great if developers made their wares all with the intention of making the world a better, more functional place? Yeah, it would be nice, but that’s just not the truth. That’s why you need to use your head and make sure you aren’t throwing your privacy out the window. Learn about the apps you have and what they really are capable of doing.