App Security: Untold Security Issues App Fanatics Need to Know
Just because “THERE’S AN APP FOR THAT”, it doesn’t mean you’re safe to download anything online.
As we all know, application programs (apps) are game changers. They are life hacks to users for easier and more productive daily task performance. With 3.5M apps on the Google Play Store, for example, it is safe to say that there’s an app for almost anything a person needs.
Although extraordinarily helpful, some of these apps have security issues and vulnerabilities untold, and some are even used to maneuver hacking attacks.
As an app fanatic, it doesn’t hurt to be extra careful in pursuing the things you love. So, let’s begin unmasking these issues right now.
SPOT THE FAKE APPS
Unscrupulous hackers exploit the popularity of apps among millions of users worldwide by creating and publishing impostor applications on Google Play, Apple App Store, and other app markets.
You thought you were one step ahead of hackers by installing a security tool on your computer and mobile. But it turns out you didn’t.
An example is the recent viral discovery of 36 apps bluffing as security tools on Google Play. Thanks to Trend Micro researchers who were able to unmask what was secretly going on—stealing users’ data, tracking users’ location, and aggressively pushing advertisements.
Lorin Wu, Trend Micro:
In early December 2017, we found a total of 36 apps on Google Play that executed unwanted behavior. These apps posed as useful security tools under the names Security Defender, Security Keeper, Smart Security, Advanced Boost, and more.
Google then responsibly deleted these apps from Google Play upon notification.
Luckily, catching these fake apps is hardly rocket science.
Below are some of the many ways to spot these poseurs, and what you can do to safeguard yourself.
Double check the developer’s name.
Before you download an app, ensure the developer’s name comes from a reputable company or someone you recognize. And check the spelling; some hackers also use similar names as the trusted ones. Although it doesn’t guarantee total security, doing so can help you stay away from vicious authors.
The image above is a possible pitfall to a security breach if left unnoticed.
Bad grammar and typos could tell.
Many fake apps are created hastily by non-native English speaking developers. A poorly written app description could be an indication of a phony app, so better read it thoroughly.
Check the reviews all the time.
Reviews are made purposively. Generally, an app with more reviews means a legit one. Make sure to check both sides of the coin. You have to read the negative reviews first before the 5-star ones. Reviews can be easily bought, by the way.
Shopping discounts? On apps?
That’s one big red flag. Any similar offers from apps promising instant shortcuts and life hacks are just too good to be true.
Go directly to the app’s official website.
If you want a quick solution, download the app straight from the company’s website.
Always verify permission requests.
Learn to deny permissions to an app asking for access to all data on your device and the websites you visit. Check if the permissions requested are relevant to the apps’ nature of service. You wouldn’t want some random hacker savoring your private images and data just because you didn’t give a damn about permissions. So, take time to read meticulously what you are about to give.
Gabriel Wood, NextAdvisor:
Be especially careful with any app that asks for the administrator permission, as this gives the app the ability to do really nasty stuff like change your password, encrypt your storage and make itself undeletable.
It may seem a tedious process, but it’s the optimal way to find the real intention of an app and the purpose of all its demands.
Research before you download.
Researching takes up time and is sometimes inconvenient but it saves privacy and security, nonetheless. There are many apps that do not belong to well-known developers, though, that are legitimate as well. The only way to still enjoy what other developers can offer—especially those from virtuous new developers—is to check their past apps and review what online forums are saying.
KNOW THE REAL COST OF THAT FREE APP
People love anything that is for free and that’s the reason behind the growing billions of app users worldwide—there’s an app for that, FOR FREE!
Unless they have an alternative income-generating job, it’s hard to reconcile the fact that app developers have bills to pay, but still, they create apps available for free.
So, where do they get their daily provision from?
Besides drained battery life and poor device processor, here are the other real costs of free apps:
There’s a big market for in-app purchases.
Common to addictive gaming apps, developers get their income from in-app purchases—consumable, non-consumable, non-renewing subscriptions, and auto-renewable subscriptions—to sell virtual products and services for a better app performance.
There’s a potential privacy invasion through in-app advertising.
In-app advertising is a perfect platform for businesses to market their products knowing that people spend most of their time on technologies. Often, in-app ads offer its users better experience, however, they sometimes pose a real threat. How?
Nadia Kovacs of Norton:
Some apps have in-app ad libraries that come packaged with the app. During the installation process, users might not realize that there can be other applications bundled within the app that they are downloading. The permissions you grant to the parent app are also granted to the other, bundled apps; in this case, the in-app ad library. These permissions allow the ad library to potentially have access to location services, your address book, text messages, emails and more.
The real product is YOU.
You see, some free apps do rubbish acts like collecting data more than what you thought you’ve allowed. This is the biggest reason why everyone should check permission requests as written earlier. Your personal information becomes the product hackers and scammers sell to the darknet when you don’t check the permission requests.
We live in a world full of wonders: good and bad. Though the latter may crunch our passion and enthusiasm on the marvels of technology, it is not bad enough to stop us from keeping on top of it.
Cybercriminals may try to take advantage of people’s weaknesses. But the good thing is, companies are prompt in coming up with the best solutions for security risks.
One best example is Dead Drop Software: an online collaboration tool that allows for safe and secure communication, secure data storage, secure file-sharing, and easy project collaboration.
This cloud-based software was built with bank-level security using data encryption for both data in transit and data at rest within the platform, protecting its users from prying eyes and devious hackers.
There are millions of legitimate apps out there and I know you’ve been using two or more. That’s great.
Just remember the lessons you’ve learned above: there are no free apps, and if something is too good to be true, it probably is.