Beware of Apps That Can Steal Data

Apps aren't dangerous - right?

Most of us download useful or fun apps on our mobile devices without a thought to security issues. Apps aren’t dangerous, right? Unfortunately, that’s not so. There are two basic types of dangers. The app could be designed to install malware that steals data. If the device suddenly shows unusual battery, network or data storage use, it indicates the likelihood of a malicious app at work.  Or the app could be poorly designed, with little or no concern for security of data or transactions. That seems to be the most likely scenario today.

It’s difficult to say just how widespread the problem is, partly because most of the studies are of apps on business systems. A recent study of business apps indicated that “More than two-thirds of the apps (67%) contained critical vulnerabilities. . . Stealing data from a smartphone usually doesn’t even require physical access to the device.” There are some differences between the apps designed specifically for business use (enterprise apps) and apps consumers use, but essentially app design is the same whether the apps are large or small, consumer or business. Therefore, the vulnerabilities are a concern for all of us.

Another recent disclosure is unsettling to many of us. We have felt smugly confident because we believed our iPhones to be secure. That assumption is being questioned by many security experts and the message is that Apple customers need to be careful, just like Android customers.

How is the layperson supposed to protect herself and her data and still enjoy the convenience and enjoyment of mobile apps? The experts have several recommendations:

  1. First and foremost, stick to the network app stores, Google Play and Apple’s App Store, or download from the website of the brand itself. Do not download apps from third party sources.

This will keep you safer, but it is not an assurance of total security. Google has a good explanation of what they do to keep apps safe, but in spite of their efforts both Apple and Google post apps that are not secure. The best you can do is to watch for suspicious behavior, delete the app immediately and report it to the site where you downloaded it.

Be especially careful of gaming apps or apps that deal in virtual currencies like Bitcoin. Those apps are often found to be loaded with malware but they are not the only ones.

  1. When you download an app, carefully inspect the permissions. If it doesn’t need that permission for the service, don’t give the permission. Apps that request permission for cameras and microphones for no essential reason should receive special scrutiny.
  2. Read the user reviews and pay attention to the user ratings and the number of downloads. User reactions give important clues to both the usability and the safety of the app.
  3. Read the developer information at the bottom of the download page. If the firm doesn’t sound familiar, look for its web page to see if it appears legitimate.
  4. If the app makes claims that sound “too good to be true,” be especially careful. That is particularly true of mobile health apps (mHealth). There is evidence that apps are being developed without careful technical and medical supervision. Apps that give incorrect information about medical conditions can be dangerous. Consult with your own physician but remember that the physician may not be an expert in this area. Also do your own careful research.

A recommendation that will be easy for most of us is adding mobile security to our devices. Most of the security suites we are already using have versions for mobile devices that can are easy to add. I added one to my iPhone recently and was pleased to see that it scanned my phone when I downloaded it and pronounced it clean of viruses and other malware. It has not interfered with the phone’s functioning, and that’s good news also.

Another easy but essential recommendation: update your apps frequently. Many of the updates are security patches.

Hint: when researching apps use words like “dangerous” and “insecure” and look at the hints at the bottom of the results page. Businesses are very concerned about apps that give incorrect information about customer usage and the word “fraud” is invariably associated with business issues.

The good news is that with a few sensible precautions, we can enjoy the opportunities mobile apps provide in our daily lives welcomes thoughtful comments and the varied opinions of our readers. We are in no way obligated to post or allow comments that our moderators deem inappropriate. We reserve the right to delete comments we perceive as profane, vulgar, threatening, offensive, racially-biased, homophobic, slanderous, hateful or just plain rude. Commenters may not attack or insult other commenters, readers or writers. Commenters who persist in posting inappropriate comments will be banned from commenting on