Ten years ago, Greg Packer—a retired highway maintenance worker from Huntington, New York—waited in line for 110 hours to purchase the first iPhone.1 In addition to making calls, Mr. Packer’s phone came with a nifty little icon labeled “App Store,” which made obtaining “apps” easy and often free. While seemingly innocuous, “apps” would soon revolutionize our world.
As you know, apps provide a wide range of capabilities to entertain, educate, and connect us with others. Since their introduction, popular ones have changed the way we take and share pictures (Instagram), provided a ubiquitous platform for social commentary (Twitter), and even disrupted the well-established taxicab industry (Uber). While their benefits are unmistakable, don’t assume their use comes without risk. In fact, several successful hacks have taken advantage of poorly designed apps to steal personal information, such as photos, passwords, and contact information,2 for nefarious purposes. With that in mind, there are a few simple steps you can take that will go a long way toward keeping your information safe.
Shop at official app stores only.
Only install apps found in the official app store for your device, such as the App Store for iOS and Google Play for Android.3 Be wary of any app that is available for download from an external location, like a website, as there’s no way to vouch for its integrity or security.4 Why? Both Apple and Google review apps for safety before making them available through their online stores and consider their security-mindedness to be a market differentiator. Other sources may not be similarly motivated. Or worse, are creating malicious apps intentionally to take advantage of unsuspecting users.5
Be thoughtful when granting permissions.
You’ve probably noticed that some apps ask for access to all types of information when installed. Sometimes there’s a good reason for such access, like a photo editing app requesting access to your photos. But other times, an app may request access to something it really doesn’t need, like your contacts or GPS location. Some apps collect this information just to sell it to advertisers and other companies!6
Your best option is to play it safe when presented with setup options. Just because the app asks for certain permissions, don’t feel compelled to approve these requests. Instead, carefully consider whether or not the information is essential for the apps’ performance. If the reason for the access to this information isn’t obvious, trust your instincts and just say “No.” If it turns out later that this information is needed for the app to function properly, you can always go back to your settings and allow it.
And remember…
Keep your apps updated! Over time, new hacker techniques may be discovered that cause a previously safe app to no longer be trustworthy. Stay out of harm’s way by updating your apps (and your device’s operating system7) as soon as these fixes are available. Don’t want to be bothered with checking for the latest and greatest updates? No problem. Simply configure your smartphone (both iOS8 and Android9 support this) to update apps automatically.
If you have any additional questions about protecting yourself from threats found in mobile device apps, contact your Circuit IT Security Officer, local IT staff, or ITSO for more information.
____________
1 Atlantic: How Long People Waited to Be First in Line to Buy Apple Products
2 Wired: An Obscure App Flaw Creates Backdoors In Millions of Smartphones
3 iOS devices are constrained to only being able to use the official App Store unless “jailbroken.” Android devices don’t have this safety feature by default, but users can (and should) change their settings to limit themselves to Google Play: Settings/Applications/Unknown Sources, and be sure to uncheck ‘Unknown Sources.’
4 ZDNet: (Google) noted that users were 10 times more likely to download malware from outside Google Play than inside its store in 2016.
5 ArsTechnica: Researchers report >4,000 apps that secretly record audio and steal logs
6 TechRepublic.com: Android flashlight app tracks users via GPS, FTC says hold on
7 If you are running a judiciary application on your device, make sure to get the “all clear” from the application’s point of contact before upgrading the operating system to ensure the application will not be adversely affected.
8 How-To Geek: How to Enable or Disable Automatic Updates for iOS Apps
9 How-To Geek: How to Disable Automatic App Updates in Android
As you know, apps provide a wide range of capabilities to entertain, educate, and connect us with others. Since their introduction, popular ones have changed the way we take and share pictures (Instagram), provided a ubiquitous platform for social commentary (Twitter), and even disrupted the well-established taxicab industry (Uber). While their benefits are unmistakable, don’t assume their use comes without risk. In fact, several successful hacks have taken advantage of poorly designed apps to steal personal information, such as photos, passwords, and contact information,2 for nefarious purposes. With that in mind, there are a few simple steps you can take that will go a long way toward keeping your information safe.
Shop at official app stores only.
Only install apps found in the official app store for your device, such as the App Store for iOS and Google Play for Android.3 Be wary of any app that is available for download from an external location, like a website, as there’s no way to vouch for its integrity or security.4 Why? Both Apple and Google review apps for safety before making them available through their online stores and consider their security-mindedness to be a market differentiator. Other sources may not be similarly motivated. Or worse, are creating malicious apps intentionally to take advantage of unsuspecting users.5
Be thoughtful when granting permissions.
You’ve probably noticed that some apps ask for access to all types of information when installed. Sometimes there’s a good reason for such access, like a photo editing app requesting access to your photos. But other times, an app may request access to something it really doesn’t need, like your contacts or GPS location. Some apps collect this information just to sell it to advertisers and other companies!6
Your best option is to play it safe when presented with setup options. Just because the app asks for certain permissions, don’t feel compelled to approve these requests. Instead, carefully consider whether or not the information is essential for the apps’ performance. If the reason for the access to this information isn’t obvious, trust your instincts and just say “No.” If it turns out later that this information is needed for the app to function properly, you can always go back to your settings and allow it.
And remember…
Keep your apps updated! Over time, new hacker techniques may be discovered that cause a previously safe app to no longer be trustworthy. Stay out of harm’s way by updating your apps (and your device’s operating system7) as soon as these fixes are available. Don’t want to be bothered with checking for the latest and greatest updates? No problem. Simply configure your smartphone (both iOS8 and Android9 support this) to update apps automatically.
If you have any additional questions about protecting yourself from threats found in mobile device apps, contact your Circuit IT Security Officer, local IT staff, or ITSO for more information.
____________
1 Atlantic: How Long People Waited to Be First in Line to Buy Apple Products
2 Wired: An Obscure App Flaw Creates Backdoors In Millions of Smartphones
3 iOS devices are constrained to only being able to use the official App Store unless “jailbroken.” Android devices don’t have this safety feature by default, but users can (and should) change their settings to limit themselves to Google Play: Settings/Applications/Unknown Sources, and be sure to uncheck ‘Unknown Sources.’
4 ZDNet: (Google) noted that users were 10 times more likely to download malware from outside Google Play than inside its store in 2016.
5 ArsTechnica: Researchers report >4,000 apps that secretly record audio and steal logs
6 TechRepublic.com: Android flashlight app tracks users via GPS, FTC says hold on
7 If you are running a judiciary application on your device, make sure to get the “all clear” from the application’s point of contact before upgrading the operating system to ensure the application will not be adversely affected.
8 How-To Geek: How to Enable or Disable Automatic Updates for iOS Apps
9 How-To Geek: How to Disable Automatic App Updates in Android