Smartphone users will often see the prompts about allowing a certain app to access location services. Often times these apps will request location access when a user is attempting to view a map or when a user wants to send a location pin.
However, there are times when an attempt will randomly ask for location access even when the above examples aren’t applicable. It is in these moments where users need to decide the implications of allowing certain apps to have knowledge of your locations, as well as the knowledge of who exactly this information is being sent to.
With organizations all over the world taking users data without their prior knowledge or permission and using it for shady means, understanding location settings is more important now than ever.
The following are four reasons why you should understand your location settings:
1. Your privacy can be at risk
The Internet is a very unsafe place for the uninformed. Those unaware of the dangers that lurk on the intra-byways of the net could be taken advantage of by those who perpetrate those dangers. Sometimes these dangers can spill out into the physical world.
It was recently found that services like Foursquare, which mix social media with a maps platform, often have viruses amongst the software. In fact, a contest run by a security company found at least 900 malware bugs amongst a few Foursquare-like apps.
Apart from the malware factor of hackers and cybercriminals exposing your personal information, there is also the social factor of online stalkers and other criminals that will check on these apps to discover where you are at certain times of the day. Facebook has this problem with estranged spouses in particular.
2. Companies can do whatever they want with your private information
Every now and then a company is sued for illegally selling user information. Zoom was just recently caught in a similar controversy. Facebook, the world’s largest social network, is consistently embroiled in scandals as they allegedly continue to provide user information to whomever they deem fit.
Social media users are advised to understand this when any sort of app or website asks for your personal information, especially your location services. It is also worth noting that when a service is free to the user, it usually means the user themselves is what is being monetized.
What this usually means is that visitor traffic and other recorded metrics are used to gain advertisers, however, sometimes your information is what is being sold.
3. Hackers can use your personal information to coordinate attacks
Mobile devices are only as safe as their weakest links – or their weakest partner’s weakest links. They run a massive risk of malware infection and cybercriminal attacks as they run a multitude of poorly protected apps daily, this as well easily-accessible location information and personal information make smartphones too rich a target to resist.
Cyber attacks that use location information amongst other data include:
- Targeted social engineering attacks that employ real-time or historical geolocation data. For example, an employee at a leading tech/pharma/defense contractor reveals, via Foursquare, his or her regular visits to the local coffee shop, where s/he is targeted by social engineers looking to gain access to the corporate network, or the victim of a real-world theft (laptop, mobile device) that yields sensitive data
- Malware that leverages preference data from check-in services to social engineer targets
- Malicious hackers use location data to launch real-time attacks against other check-in service users
These days certain industry leaders like to proclaim that privacy is an outdated concept. But criminal abuse of location services to pursue people, not just their data, may give privacy advocates the most potent ammunition they’ve had in years.
Certain industry leaders like to proclaim that privacy is an outdated concept these days, that everyone is connected and visible. However, flagrant criminal abuse of location services to pursue people, as well as their data, could give them their biggest evidence to the contrary yet.
4. Sometimes location data can leak
In February, Nedbank announces that nearly 2-million of their customers had their personal information leaked when a poorly protected third-party company was targeted in a hack.
The information that was leaked included very personal details like home addresses, full-names, and phone numbers. While no bank accounts or PINs were leaked, the CEO of Nedbank, Mike Brown, was fearful that cybercriminals would use the leaked information to target certain people – using their own information to gain their trust before stealing from them.
Knowing this, we can see why it is essential that users try to keep their location information private unless they absolutely need to. Even the safest and most organised company can become a target of cybercrime and undergo a massive leak of user information.
Nedbank did not think that the leak would occur in a third party, the bank’s own security measures were updated and strong. Their weakness is that they did not expect the third party’s own to be so lax in contrast.
This begs the question of users when your location is being requested: Do you trust this company with this private information?
By Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter
