A group of Internet activists and privacy advocates penned an open letter to Microsoft earlier this year urging the company to shed light on just how confidential the conversations are that take place over Skype, which the company purchased in 2011. Of particular concern, the letter said, is the potential access governments around the world might have to listen in on conversations and to gather user data about those conversations.
It’s part of the ever-escalating debate and concern over the potential for mobile apps to steal user data and corrupt user privacy as people increasingly use such apps that can collect sensitive information whether users know it or not.
Google keeps a regularly updated transparency report that includes the number of user data requests the company receives from government agencies and courts, removal requests from copyright owners and governments, as well as current and historical global traffic data. All Google-related skepticism aside, that’s more transparency than users can expect from most web companies, particularly those creating apps that can potentially access data from your device.
Legitimate apps are increasingly bending privacy restrictions to collect information about users’ contacts and location, and some even collect users’ device ID, IP address, phone number and lists of other mobile apps operating on a given device.
Concern over overtly malicious apps is also increasing as the number of mobile malware programs is exploding — particularly on the Android platform, which is particularly susceptible to exploitation because of the operating system’s huge popularity and the ease with which its apps can be created and distributed, according to analysis from Kaspersky Labs.
Malicious mobile programs can steal contact information, user data, geographic location data and can even access physical features like the camera and audio recorder. Though the Android platform is more susceptible to malicious apps, Apple’s iOS is not immune — users of both systems were exploited last year by Find and Call, an app that claimed to help users sort and manage their contacts but instead shared the phone’s location and address book with spammers without permission. And iOS was also duped by the social networking app Path, which also accessed user contact information without permission.
To avoid being duped by bad apps, users must closely analyze what permissions an app requests. Here are a few important tips to know:
- For Android users, it’s essential to analyze permissions requested for the app, which are shown in Live Wallpaper in Google Play prior to downloading the app. When you click on the app in question, ‘permissions’ is one of the four main informational tabs along side ‘overview,’ ‘user reviews,’ and ‘what’s new.’ If that information indicates that the app will access the user’s contact, location and Internet data, it’s probably best to not download that app.
- There are permission firewalls that Android users can download to handpick the permissions they give to apps, but this requires rooting the device, something that can be risky if users don’t know what they’re doing. Also, apps that are firewalled this way can crash when they are not given the accesses they were designed to receive.
- iPhone users have some privacy controls provided by Appl, and users can block app access to photos, contacts and GPS features if they think those permissions are unnecessary.
The best way to protect the privacy of mobile devices is to install anti-malware programs like the Kaspersky Mobile Security suite, which blocks dangerous sites during online banking and shopping defends against mobile malware programs and includes a variety of other essential security protections.