Free mobile applications sound like a great bargain, but be aware that if you aren’t careful, the price you pay could be significant. While Apple and Google provide some filtering of applications, their requirements are not as strict as you might believe. Most mobile apps are tracking you and gathering information from your device. The most harmless among them use the gathered information to sell to you based on your habits; others carry malware; and the most harmful blatantly steal your data and attempt to steal your money.
Before you are given access to download an app, you have to check the “Agree to Terms & Conditions” box, giving the application owner whatever access they require to your phone. The app owner may ask for access to many things including:
It is wise to assume that any application which asks for one or more specific permissions when you download it is harvesting data from you, data which is valuable to someone. Some “free” apps are tainted with spyware or malware that might be accessing financial account information or credentials stored on your phone. This could allow a thief to steal from one of your accounts and make fraudulent charges.
Applications running in mobile operating systems must sometimes obtain permissions to access certain information in order to work properly. Many apps request permission to do things that have no correlation with what is needed to provide proper functionality to you. Some application owners may not do anything which is blatantly malicious, but they request numerous permissions, permitting them to mine your data. The purpose of this data mining is to market products to you based on your observed activities. Google, Amazon, and many other large companies are already doing this via most of your devices but you can retake control there as well. We’ll save that for another time.
Read what pops up when you ask to download a new app. Most people automatically click yes without reading or understanding the permissions they are granting the app owner.
Too often, users find and accidentally download counterfeit apps that look just like popular apps you may know from Facebook or other sites. You will see this even in the Apple and Google App Stores. Act cautiously and be sure you know and understand what the right app looks like before installing it. Always do your due diligence. Know the app owner, read the app reviews and ratings. Apple and Google are not providing full security reviews of the apps sold or given away there so don’t assume everything there is safe.
The security on a mobile device is often weaker than that on a computer since most of the apps on your computer don’t require access to sensitive information and confidential files in order to function. Use a security container like Good or KNOX so that sensitive data is encrypted and separated from data which you are ok with publicly sharing. The container allows the user to launch a virtual environment where users can more securely access sensitive personal or business files which can include corporate email and other business applications.
Mobile apps that are outside of the container can’t touch anything inside it, and if someone other than you picks up the phone, they won’t be able to access anything inside the container without your credentials. Subscribe to a service or use an application that allows you or your corporation to remotely delete the contents of your phone if it’s lost or stolen. Use reputable mobile security apps that cover many mobile security concerns and is widely trusted by many large organizations.
Assume that everything you do on a mobile app can be easily accessed, viewed, and even controlled by others unless you’ve added extra protections like the encrypted container feature we discussed
Always keep in mind that the safest apps will typically require no special permissions when you go to download them.
All rights reserved 2023