Apps on your phone could be stealing your data

How many apps do you have? On an average, on any given smartphone or tablet you will be sure to find at least six to seven apps, and it wouldn’t be a surprise if you were to find even more than twenty apps. Whether it’s a smartphone you are using or a tablet, your experience would be quite limiting without the presence of apps. You have apps as diverse and varied as you could possibly think. Whether it’s the information you are seeking or simply looking to kill some time, there is an app that will help you do just that.

But it’s not all hunky-dory as there is a price you pay. For every app you download, you allow it access to your private information – right from your address book to messages, calendar, photo gallery and much more. Much of your data from your device, thanks to these apps, is being saved on servers belonging either to the app developer, advertisers, app stores and quite likely, data harvesters or even hackers. An innocent looking app that promises you one good joke a day may actually be a tool to just gather data. Simply put, your privacy and security is at stake. Since we use our smartphone for more than just communicating – from social networking and e-commerce to even banking, the device holds sensitive data, which the miscreants can use to cause irrevocable damage.2012 Cisco Connected World Technology Report highlighted the increasing prominence of apps

2012 Cisco Connected World Technology Report highlighted the increasing prominence of apps

Elaborating on the threats that users face, David Hall, Regional Consumer Product Marketing Manager, Asia Pacific, Norton by Symantec, says, “Smartphone and tablet sales are set to soar, and more users than ever will have their virtual lives and sensitive data with them at all times. Threats arising out of apps would become a serious concern, as a user’s rising dependence on the functionality of personal or professional apps would leave them vulnerable to a myriad range of online threats. Lack of proper protection against such threats is equivalent to serving crucial data like contacts, confidential mails, passwords and other personal information on a platter and letting the cyber vultures feast on them. With more and more features being added to applications to enhance the functionality of the apps, one of Norton’s predictions for 2013 is the rise in mobile adware, commonly also called ‘madware’.”

He states further, “Madware disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals. Madware—which sneaks onto a user device when they download an app—often sends pop-up alerts to the notification bar, adds icons, changes browser settings, and gathers personal information.Because location and device information can be legitimately collected by advertising networks—as it helps them target users with appropriate advertising—we expect increased use in madware as more companies seek to drive revenue growth through mobile ads. This includes a more aggressive and potentially malicious approach towards the monetization of ‘free’ mobile apps.”

The big data
Every app that you download requires access to certain data to function, and the permission for the same will be sought. Unfortunately, when we grant apps the permission to access our data by agreeing to the end-user agreement, none of us takes the pain to go through what information the app is accessing. Hence, many of the apps get away with access to information that they do not require to function. On the other hand, there are also several apps that clandestinely access information without seeking prior permission from the user.

Over the years, several instances have come forth about apps accessing user information without their permission. Apart from your contact book, apps can also access/send messages, location, initiate calls, use camera and even transfer keystrokes information back to the developers. One incident that caused quite a furore was when it was discovered that a private social networking app, Path, was not only accessing users’ contact book information, but was also sending the same to Path’s servers. While the Android version of the app had the option wherein users could opt-in for the same, no such permission was sought from iOS users. For a social networking app wanting to access the said data wasn’t uncalled for, what backfired was that it did so without seeking permission from the users. The users were aghast to know that the content of their phonebook was accessed and stored without their consent. This was seen as a heinous breach of privacy and a security threat. The latest app to come under scanner is WhatsApp, which is amongst the top five instant messaging app. Canadian and Dutch data protection authorities recently rebuked the app as they discovered that the app forced the users to part with their entire address book instead of limiting only to the users of the app, and thus violates privacy laws.

There is app for everything

There is an app for everything (Image Credit: Getty Images)

However, Siddhartha Banerjee, who started with developing apps for the Apple platform, and more recently for the Windows 8 platform, presents an interesting viewpoint. He points out to the fact that collecting user data is common practice, and what we need to focus on instead is what is being done with the data. He says, “More than whether there is a security threat, for me the more relevant question is whether collecting data is ethical or not. In my opinion as long as it doesn’t violate the users privacy then it’s fine. If you look then in today’s world almost everybody is collecting data, right from Facebook to any kind of website, someway or the other people are collecting data. And to be very honest, it’s not that the user doesn’t know about it. When as a developer we upload an app on say the Apple platform or the Windows platform, there is a standard End User License Agreement which a developer needs to tick mark to go with their app. Most of the times what happens is that the users don’t actually read all those terms and conditions where it’s stated what kind of information will the app be accessing. And when the users give their consent without reading those, it means that the user is giving the permission to the app to collect the data.”

He explains that many a times apps collect certain information as they need it to provide better features. He says, “There are certain apps, like even our app collects certain analytic data, it is third party analytic site and we embed the code for it inside our app. It is purely from the technical point of view. For instance, because we collect certain data, we will know say that your favorite coffee shop is ten minutes away. Or you follow certain people on Twitter because you are like minded, so we will provide recommendation of people to follow. So those to me are enhancing user experience. However, having said that if there is a wallpaper app asking for contact information, now unless the app is designed in such a way that after collecting the contact details, it will on their birthday automatically send a postcard or a greeting card on your behalf, then it is a different story. But the app should mention the same in their description. However, unnecessarily collecting data is absolutely unethical.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,842 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: