mobileN

Mobile Privacy! Why Do Apps Need Access to Everything?

Did you know that the average smartphone owner uses 46 apps a month? Most apps will ask you for information about yourself and your device. It might also automatically send your location information or connect to other apps. They may inquire about your name, email address, or physical address.

Some apps will even ask for access to the camera or speaker on the smartphone. Read on to learn how to protect your privacy from excessive app permissions.

You might be shocked by how much personal data some apps can access.

How often do you grant apps access to your name? Do you put your email in to sign up for offers?

Did you know that 30 percent of Android and 15 percent of iOS apps request access to your location?

We all know that companies can sell your data or use it for advertising, but there’s a dark side, too. If that information falls into the wrong hands, attackers can launch a SIM-swapping attack to take over your identity.

Personally Identifiable Information

We analyzed apps and checked how much personally identifiable information (PII) they demand from users.

  • Email Addresses: 40% of iOS and 43% of Android apps.
  • Usernames: 33% of iOS and 30% of Android apps.
  • Phone Numbers: 12% of iOS and 9% of Android apps.
  • Home Address: 5% of iOS and 8% of Android apps.

Your mobile privacy is at risk when you share this information with an app!

Social Media

Many apps interface with social media, allowing users to check in with their social media accounts and have the app post straight to the social media site.

For the user, this means they won’t have to remember passwords for each app, they’ll be willing to welcome friends to play mobile games with them, and they’ll be able to post app information on their timeline.

However, because of this symbiotic relationship, the app can acquire user data from the social media account while the social media service can collect data from the app. Many apps access your critical information, which threatens your mobile privacy.

Which permissions are risky?

Apps need authorization to access numerous capabilities on your mobile device. For example, you’ll need to grant permission to use your camera if you want to snap a picture with Instagram.

Your confidentiality is at stake. An app can request many permissions, but not all are the same.

We took a closer look at what we call “risky permissions,” which we defined as permissions that:

  • Grant access to data or resources
  • Give access to the user’s personal information
  • Affect the user’s stored data or the operation of other apps.

How often are these permissions used?

Access to the user’s location, contacts, SMS messages, phone logs, camera, or calendar are examples of hazardous permissions. These threaten your mobile privacy and provide access to your personal information through mobile apps.

We analyzed apps for these risky permissions. What did we discover?

  • Camera: 46% of Android and 25% of iOS apps.
  • Location Tracking: 45% of Android and 25% of iOS apps.
  • Record Audio: 25% of Android and 9% percent of iOS apps.
  • View SMS Messages: 15% of Android apps. iOS data is not available.
  • Access Call Logs: 10% of Android apps. iOS data is not available.

Surprisingly, several Android apps sought more dangerous permissions than their iOS counterparts in cases when we analyzed both the Android and iOS versions of apps.

Seven Android apps requested SMS message access, but their iOS counterparts did not. One Android software asked for access to call logs, but its iOS counterpart did not. While neither permission is available in iOS, it begs the question of why these are in the Android version but not in the iOS version.

This study raises troubling questions about the permissions apps request.

Are All Permissions Required?

Is it vital for these apps to have all of these permissions? Sometimes. Here’s an example of an app that did need all of these permissions.

Case Study: Smart LED App.

We examined a smart LED home automation app that allows the user to customize the appearance of their LEDs. It asked for permission to view calls and texts.

At first glance, this seemed excessive, but we found the reason once we investigated the app.

When the user receives incoming calls or texts, the app allows the user to flash the lights in a custom pattern or color. It needs access to calls and texts to do so.

The Upshot

Only grant permissions if your use case requires it and you trust the app.

Do Developers Create Apps to Access Your Data?

Is it true that some software developers create apps just to gain access to your data? It’s happened before!

Consider the 2013 “Brightest Flashlight” case. An Android flashlight app called “Brightest Flashlight” siphoned location & device information from users. The app’s developers then sold it to advertisers without user consent. Even the FTC made a statement on this deception!

Smartphone manufacturers have responded to threats like this by making permissions more transparent, but you have only one person in control of your life: you.

It’s up to you to decide whether these extra features are necessary for the app’s operation and whether it’s worth allowing access to features that only bring minor benefits.

At Mobilen, we can see a trend that mobile privacy theft is on the rise.

Privacy Policies have You Perplexed?

When apps offer mobile privacy policies, it can be difficult for users to track what they agree to. There are various complicating aspects, even if each app has its permissions and privacy regulations.

While some apps are self-contained, others require other apps or links to third-party websites to work correctly or provide additional functionality. Some of these are third-party apps that are risks to mobile privacy.

Each successive app may have its mobile privacy policy, and the user should not assume that the privacy policy of the top-level app applies to subsequent app downloads. Thus, beware of mobile apps that access your personal information.

 Most apps will disclaim any responsibility for third-party usage of the data.

Even if you’re sure of one app’s privacy policy, the picture becomes progressively complicated as you add additional connected apps.

40% of Android and 16% of iOS apps with dangerous permissions include links to third-party apps. Either the typical app functioning is interrupted by advertisements, or there are connections to third-party apps that provide the same functionality.

Thus, you must secure your mobile privacy by tracking which apps link to other apps.

Guarding your Mobile Privacy

Before installing an app, make sure to:

  • Examine the app’s required permissions.
  • Make notes of permissions that threaten your mobile privacy.
  • Determine why an app might need specific permissions.
  • Consider whether excessive permissions might solely exist to collect information about you.
  • Read the privacy statement. Only install the program if there is one and you understand where your data will go.

How to Keep Your Personal Data Safe

  • Read each privacy policy before using an app or website.
  • Don’t sign into an app with your social networking accounts. If you do, ensure you know what information the app will get.
  • Limit the amount of information you share in your public profile on social networking sites.

Conclusion

Mobile apps today request a considerable amount of our information. Still, we have to be aware that there are practical actions that we can take to safeguard our mobile privacy in a digitally growing world.

points

Fully decentralized

security

End to end encryption

random

Full randomization

atom

Post quantum cryptology (NIST-NSA Compliant)

server

Network redundant