Skip to main content

Five ways mobile apps are putting your credentials at risk

(Image credit: Image Credit: Carballo / Shutterstock)

Recent data breach incidences have taught us a lot. Most importantly, it has made us realise if our data goes in the wrong hand, then we are left vulnerable forever. Businesses are taking robust measures to keep their systems secure with firewalls and antivirus software. But, it has still not gotten into the heads of many that their phones and tablets are home to a wealth of personal info that can be quite easily broadcasted to the entire world if left unprotected. Mobile apps don’t just collate our data but also broadcast it to ad networks. Because of poor security features of different mobile apps, chances of your mobile data going into wrong hands is high.

Do you know? At least one on the four mobile apps (which accounts for more than 24 percent) consists of at least one security flaw with high risk!

This astonishing fact puts the security of your credentials shared with different mobile apps in doubt.

Here’re the different ways in which your mobile apps are compromising your data privacy even if you are using those quite diligently. 

1. Leaving Your Data Unencrypted

Probably the riskiest thing mobile apps do is collect your data and leave it unencrypted. Your name, email address, phone number, home address, and credit card info, all left unencrypted for anyone to see. Even WhatsApp, one of the most widely used chatting platforms, was leaving users’ data unencrypted till March 2017.

Take for instance, different coupon apps which usually receive a large number of traffic from people trying to save moolah while shopping online. One of them is the Coupons App, which has more than 10 million users! During an analysis, Appthority discovered that the Coupon App, sends private information on the internet without encrypting it. This data includes zip code, email address, phone number and the exact geolocation of users.

What needs to be done: Unless you hold the expertise to monitor the data transmission and storage specifications of any mobile app, you cannot find out whether the data it saves or transmits is safe from breach or not. However, there is still some hope! Check whether a mobile app validates the authenticity of SSL certificates presented or not. Apps with several non-SSL links should be avoided for one’s own good.

2. Asking for Your Location

Mobile applications often ask for your location, such as a mapping app trying to give you direction. But, what if beauty and recipe apps ask for your location! Do they really need to know your location details? Probably not! Most of the times, your location is passed on to advertisers, who start annoying you with frequent pop ups about sale, discounts and new offers.

What needs to be done: Most of the Android and iOS apps ask for your permission to access your location. Unless it’s important, deny your approval and save your phone screen from getting flooded with advertisements. However, some apps put you in a situation of fix – Either you agree to provide your location or don’t use the app altogether. It’s ideal to look for alternatives than falling into the ‘give your location’ trap.

3. Online Ads that Get Hacked Easily

Let’s see how mobile advertisement scene gets risky. Ad networks supply code to app makers, which needs to be inserted into different apps. Sometimes, the codes are not robust enough to do a good job in terms of security. And, what follows next! Higher chances of data getting hacked and corrupted.

What needs to be done: You can opt for those mobile apps, which run without advertising. But, those will quite likely charge you some money for their business model to survive without advertising. Moreover, iOS users can get rid of app advertisements by opting for ‘limit ad tracking’ in the Settings - Privacy > Advertising > Reset Advertising Identifier. Further, Android users can block cookies in their browser settings. 

4. Sign-On Through Social Media Accounts

Maintaining the separate login ID for every mobile app is a tedious task for many. As a result, people often get tempted by the option of signing up easily through Facebook or Google+ account. However, the single sign-in option can be risky! Want to know how? Just think what will happen if your social media accounts are compromised (The most recent example is Facebook’s data security fiasco). Your apps will become vulnerable to data security risks! This way, you will end up allowing hackers to take over your different accounts, at the same time.

What needs to be done: Sign up through social media accounts is convenient, but risky! Prefer setting unique login ids for different accounts, and the single sign-in option only with high-trusted sites.

5. Address Books & Calendars

Along with asking about your location, some mobile apps also demand access to your contacts and calendar. Most of the time, their intention is just to analyse your address book & calendar and share the information with ad networks. Even when you are not much concerned about the advertisers knowing your details, you can’t stay assured of whether they are handling your particulars.

What needs to be done: As an Android user, you need to be wary if an app really needs your contact and calendar info or not. Accordingly, you can give it the permission. Fortunately, iOS users can control permissions to a larger extent by going in the Privacy settings.

Pro Tip: Be careful of what you install

Whenever you install a smartphone app, exercise your power to grant the permission to view your contacts, access your picture gallery and read your location. Some apps want these details for legitimate reasons, but other apps may leave them potentially open to abuse. So, think before you approve access to these details. Especially Android users, as its app-vetting process isn’t as reliable as that of iOS. There have been several reports of malicious apps sitting unnoticed for months on the Play Store. In 2017, more than 700,000 apps violated Play Store policies, a 70% increase from 2016. Isn’t that scary enough?

Kalpana Arya, Techjockey
Image Credit: Carballo / Shutterstock

Kalpana is a tech enthusiast, presently working as a Content Expert with TechPillar. Tech blogging is her passion, through which she intends to explore the world of software & hardware.