Friday, July 19, 2024
No menu items!

App permissions can be used to exploit your data

Must Read
App permissions can be used to exploit your data
Simon Campbell-Young, MD of Credence Security.

Every time an application is installed on a device, the user is asked to allow that app certain permissions. These range from being able to view your contacts, to using your camera and microphone, tracking your location, and many, many more. While some of these permissions are necessary in order for the application to function, others are not necessary in the slightest, and are only there to gather and exploit the user’s sensitive information.

Simon Campbell-Young, MD of Credence Security, says: “Irrespective of the platform, applications offer great insight into the user, and this data is of great interest to marketers and businesses, but also cybercriminals.”

However, on both Android and OS, users are required to give permission to any access, which is why he says carefully reading the list of permissions the apps request is crucial. “Ask yourself if there is a legitimate reason an application might need camera access, for example, or why it would need to track your location. If it isn’t necessary, be suspicious. In addition, some apps give the user the option of signing in through a social media platform such as Google, Twitter or Facebook. Here too, check the fine print to make sure you fully understand what information you are handing over.”

Certain apps are fairly cunning with their permissions, asking for those that although do not seem strictly necessary, could have a legitimate need. “If in doubt, ask the developers. Certain apps will also have an explanation of permissions requested in the developer notes, others don’t. A good way to suss out the app and see if there have been major issues or privacy violations is to check out the reviews written by users. If too many are bad, then err on the side of caution and don’t install the app.”

He says it’s also wise to review your application permissions on a regular basis. “This is done through the application settings, and is fairly straightforward. Clear out any unused applications too, but remember that removing an application from your device isn’t always enough. If you have opted to connect via a social media service, you need to recheck your permissions even after you have uninstalled the app in question.”

Then there’s the question of people finding ways to bypass certain application functionalities. “Take Snapchat for example. Snapchat is one of the most popular and highly rated apps available on both iOS and Android platforms, and has captured the information of today’s youth, with its combination of timed photos and videos, and the access it gives to famous and interesting people.”

Campbell-Young says one of the reasons it has become so popular is because messages sent between users self-destruct after a short time, making it the ideal platform to send salacious selfies. “However, there are ways around this – it is possible to take a screenshot of the message. When this happens the sender is notified, but not much else. Moreover, there are several apps available that have been designed to evade this alert, which is giving rise to a slew of security and privacy issues.”

So even the most diligent of users can still be in danger, he says. “Also, applications have bugs and issues from time to time. No one is accusing them of malice here, but technological issues can see information being exposed or handled in an insecure manner. We do see permission issues boil down to honest mistakes too.”

But not always. “There have been several cases where apps have been caught selling users’ location data, even after the user has specifically opted out of sharing their location with the app. There are many other cases of malicious apps slipping through the security cracks on legitimate play stores and marketplaces. Ultimately it is up to the user to be as vigilant as possible. Check and check those permissions again, and review them regularly.”

Edited by Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter

- Advertisement -

Novus Holdings Invests R55 Million in AI Innovation Company

Novus Holdings has invested R55 million in Bytefuse, an AI company, to enhance its enterprise-scale solutions. Maski, an AI-powered tutoring...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -