Some smartphone apps can be unexpectedly meddling by lurking in our private information. A priori our thoughts are “I don’t care; I have anything to hide”, however, there is a lot in stake. Let’s take a tour on what is in stake, why some mobile apps are lurking on your stuff, and how this information represents a liability for you. Lastly, let’s dive into what you can do to stay safe with minimal effort.
Overall, I’ll use Android apps as examples, but the same principles apply to iOS apps.
What is in stake?
Apps sometimes are really greedy on the permissions they request.
Some video games require access to your contacts and location, otherwise, they won’t work. Why? We want to just play the game. Only some few times location access makes sense (for instance when playing Pokemon Go).
Some other apps ask to run at startup and to prevent phone from sleeping. An example of this is NerdWallet. This combo entitles them to run in the background as long as they want, anytime. What are they doing in the background? Why do they need that? They don't explain why and there is no reasonable explanation.
United Airlines asks a handful of privileges: monitor your calls, access bluetooth, access your storage, use NFC, use your location and prevent device from sleeping. But United doesn't explain why they need access to Bluetooth neither NFC. Also, they ask for your location so they are entitled to track you all the time for the small benefit of getting an airport map handy -- not really worth the risk on my opinion. They also ask to make phone calls directly from their app, but there is no need for such a requirement. The United app can trigger a phone call from the phone app without asking for this privilege.
Another strong permission that I've seen apps request is "Device & app history". This allows them to read sensitive data, like your browsing history and what apps you use. With this, developers are getting to know you a lot. A web browser or an anti-virus will certainly require "device & app and history”. However, those permissions should not be required by a game or an app to check your credit score. NerdWallet used to request this permission and I filed a claim about this. Fortunately, they fixed it some few months ago.
Sometimes is not about what they know, but why they need that and what are they going to do with your information. Are they going to store it safely? Will they sell it to third parties? Will they use it to influence an electoral campaign?
Personally, I would never install an app that require permissions without a clear need or explanation.
Why they lurk?
There are three main reasons why app developers want your data.
No comments:
Post a Comment