Tag: mobile app data theft

stealing your personal data

Are apps stealing your personal data? Part Three

In the last two posts, we explored how some mobile apps were malicious in nature and indulged in stealing your personal data for their gains. We also looked at a few steps that mobile app developers can undertake to bring stronger, more resilient mobile apps that don’t support dangerous activities of hackers.

In this final part, we will understand what you as an end user can do to stay vigilant and prevent mobile apps from stealing your personal data.

Note to end users – How to hackproof your smartphone

Fingerprints can be lifted. Use passcode

One of the biggest nightmares for an individual these days is losing their phone. While the hardware must have cost big bucks, what’s more vital is the loss of personal data that’s present – think emails containing sensitive information, photos, videos and more. While most of us secure our phones with fingerprints, it is not always safe as it is easy to lift prints. It is better to use strong passcodes. And if you have an evil twin, it is time to say goodbye to facial recognition as an unlocking medium as well.

Also, while smart unlock features such as unlocking phone when you reach home/office is cool, it is dangerous when your phone is in the wrong hands.

 

Activate Find My Device feature so that even if physically lost, phone can be locked or wiped

Another way to proof your data in the event you have lost your device is to track it online and lock it. You can even wipe it fully so that the hackers cannot glean anything from it. In Android, Find My Device helps to locate the device as well as lock it or wipe it. iPhone users can use Find my iPhone feature to locate their devices and even switch on Lost Mode.

stealing your personal data

Don’t reveal sensitive data while on Public WiFi

Never use Public WiFi to perform financial or business transactions as hackers can position themselves between you and the connection point and intercept sensitive personal and corporate data. Always use secure connections while performing such activities. According to a Kaspersky Lab report, one in five persons has been a target of cybercrime while abroad and a third (31 per cent) of them are senior business managers.

stealing your personal data

 

Review app permissions and EULA before installing

It is important to review what all permissions an app is requesting before completing installation. As said before some apps seek permissions for internet and location just to send targeted ads and make money. And before you know it, your phone is filled with unwanted ads.

 

While mobile apps have been a boon to smartphone users around the world, the security risks associated with them cannot be denied. It is in your own personal interest that you monitor your apps and eliminate those that you think might compromise your data’s safety. Also, lesser the number of apps and lesser the number of distractions, the more organized your phone and well-spent is your time.

apps stealing your personal data

Are apps stealing your personal data? Part Two

In the previous post, we looked at how some mobile apps can be malicious and attempt to take advantage by stealing your personal data for monetary gains. In this part, we will explore the measures that mobile app developers can take while building apps to make them more secure and prevent critical personal data loss.

Note to developers – Building secure mobile apps

Ensure libraries are free of vulnerabilities

Developers must be cautious while using third-party libraries as they could contain malicious code or could possess security flaws. Ensure that the code is tested thoroughly before being used in the app development.

Application sandboxing against malware

While building and testing apps, it is a good practice to follow sandboxing. This helps to isolate application data and code execution from other apps. A sandboxing approach helps execute untested or untrusted programs or code, possibly from unverified or untrusted third parties or websites, without risking harm to the host machine or operating system.

stealing your personal data

Don’t ask too many permissions to sensitive information

A simple app such as a flashlight does not require permission to access internet and location. These days users are concerned about data privacy issues and hence do not prefer apps that need permissions which they find unnecessary. Therefore, tuning down on number of permissions might help increase user adoption. In fact, one of the flashlight apps has put up a permission comparison screenshot to showcase less permissions as a USP:

stealing your personal data

Validate input fields to prevent SQL injection attacks

SQL injection is an attack technique that takes advantage of applications that don’t correctly validate user-supplied requests before passing them to the associated backend database. Using normal request channels such as form data, scripts and URLs, hackers can pass malicious SQL queries and commands to a database if they are not thoroughly checked first. By validating input fields and sanitizing data inputs regularly and monitoring input logs, threats like SQL injections can be thwarted.

GDPR regulations and what it means for mobile apps

From May 25 2018 onwards, GDPR will be applicable to all websites and mobile apps which serve users who are citizens of EU. Developers must ensure that they adhere to the EU guidelines and ensure greater data protection for app users. Some of the guidelines are to collect only vital information, encrypt that data and allow users to delete/modify said data at any point of time.

We have looked at some steps the developers can undertake to embed security in mobile apps right from design and development stages. In the next post we will explore how you as a user can protect yourselves from malicious mobile apps and prevent them from stealing your personal data.

Close Bitnami banner
Bitnami