You may fiercely guard your e-privacy by installing anti-virus software and desisting from downloading anything on your smart phone, but someone somewhere may still have access to some of your data.
If a friend or acquaintance has compromised his own privacy while downloading an app, he could have inadvertently put you at risk just because you were in his contacts list. Welcome to the new world of app permissions and malicious software, where increasingly the user is not in command of his own data.
There are two ways in which we expose ourselves: One, by accidentally touching a strategically placed ad on an app; two, by inadvertently authorizing an app to access your data without understanding the permissions it seeks.
As per a 2012 report by a digital security firm, Bit9, more than two-thirds of all Android apps seek at least one high-risk ‘permission’ and one-fourth access your private information like email and contacts.
“Applications ask for a number of permissions which they may not really need. Most of us don’t bother to understand what giving access to an app means to our privacy and we just go ahead and click install,” says cyber forensics expert K Rama Subramaniam.
Virtually every app asks for permission to access your mobile phone data of varying degrees—from location to address book to even text messages.
The Facebook app asks for permission to access almost everything, including your microphone. The Google Plus app takes permission to read your call log, take pictures and videos, and record audio. This does not mean these app developers mine your data, though they can. Fortunately, the big players have behaved responsibly. In 2011, Google took about 50 apps off its Android market after complaints of data theft. It again removed more than 20 apps this year for similar activities.
Not owning a smart phone doesn’t guarantee immunity either. Cyber criminals can still easily reach your data since, in a world where your privacy is intricately woven into your social groups like friends and colleagues, any breach in their accounts can lead to loss of your private information.
Smart phones are prime targets because of the sheer amount of information stored in them. According to cyber security firm Symantec, 69% of Indians access the internet, including work e-mails, through mobile phones. Users also store passwords and card details on their phones so once access is granted to an invasive app, nothing is hidden from the attacker’s eyes.
Advertisements running inside a huge number of free apps today aren’t safe either. Though in most cases they are just promotions, they can also be used to disguise viruses, trojans and links to damaging websites. And they are often carefully placed on the screen so that you are likely to click them while playing a game or chatting. “Known as ‘madware’, short for mobile adware, their numbers have grown by 55% every month since July 2011,” says Symantec MD Shantanu Ghosh.
Not only do these ads have the potential to steal your information, they also drain the mobile battery faster and eat up your 2G/3G data plan because the ads need to keep changing every few seconds. “Madwares collect browsing information like history and bookmarks, and send the information to a remote server on the internet controlled by a stranger,” says Mahendra Negi, COO of Trend Micro, a software security company.