Are Your Smartphone Apps Selling You Out?
Apple's App Store, Google's Play store and other app stores are packed with apps that can compromise your security and privacy without you ever knowing anything bad happened. What's a mobile app user to do?
Sat, December 07, 2013
It's a politically sensitive subject because the iPhone is the big American brand, and the president is a self-proclaimed fan of the late Apple founder and CEO Steve Jobs. He'd love to pander to buy-America voters. (Obama is also probably not "allowed" to have an Android phone.)
Of course, neither the president nor the Secret Service is willing to say exactly how security could be compromised with an iPhone. But one security risk is the unpredictable nature of both iPhone and Android apps.
Sure, there's a lot of flat-out malware flying around online, most of which looks like regular, legitimate apps but in fact are either malware or they compromise privacy or security in some way.
There are certain types of apps that users are wary about and may take precautions about downloading. But others don't seem to have anything to do with user data, so they seem safe.
The FTC said the app had been installed on "tens of millions" of phones.
The whole "Brightest Flashlight" fiasco shines light on an uncomfortable set of facts about smartphone apps. For starters, some apps that have no apparent need to harvest personal data or compromise privacy or security go ahead and do so anyway.
But even those that don't move user data can leave users vulnerable through sheer incompetence.
Silicon Valley computing giant Hewlett-Packard recently conducted a study about the security of business apps for the iPhone and concluded that many of them give themselves permission to access phone features and user data that make no sense, given the stated purposes of the apps.
HP found that more than 90% of the business apps it studied had privacy or security flaws.
Many of the flaws involved unencrypted data or insecure protocols. Some 20% of the apps send user data via unprotected HTTP. A similar percentage sent via HTTPS, but didn't do it right. And HP found other problems where an app could compromise user security and privacy not through malice, but through incompetence.