Q: What can a non-technical person do to help protect their privacy?
A: You can double check what permissions an app uses. For Android phones, you can see what permissions it uses before installation. For iOS, apps request for permission right before sensitive data is used the first time.
A second option is to put your mobile device in airplane mode, which makes it so that apps can’t access the network or location data. This is obviously pretty inconvenient (because you can’t receive or make phone calls in airplane mode), but some apps still work perfectly fine in airplane mode.
Q: What other kinds of risks are there with apps on mobile devices?
A: There are also fake apps and malware on app stores. The most popular app stores try to remove these as quickly as they can, but sometimes bad apps still get through.
Fake apps are ones that pretend to be real apps. Most fake apps are real apps that have been modified. For example, a thief might download a real app, modify it so that the thief gains the advertising revenue rather than the actual developer, and then upload it back to an app store.
Apps that contain malware are generally designed to steal information. Sometimes these are custom apps for spying on people, sometimes they are real apps that have been modified, and sometimes they are fake apps.
For example, a few years ago, there was a fake Netflix app that used the Netflix icon, but just ended up stealing your password.
Q: How can people protect themselves from these fake apps and malware?
The key here is to look for signals that are hard for bad guys to fake. For example, an attacker can name their app anything, and can give the app any description they want. However, they can’t change the upload date on app stores, or the number of downloads. So these latter two are pretty good signals for differentiating between legitimate apps and fake apps. That is, the older the app, and the more downloads, the higher the odds that the app is safe.
Several Wombat interactive training modules focus on key components of mobile device security, including the safe use of mobile apps. It’s important to recognize that app permissions are just one of many potential dangers to the data stored on mobile devices. These cybersecurity education modules will help users make better decisions about the apps they install as well as help them understand appropriate physical and technical safeguards; best practices for secure communications; and tips for safe use of GPS, WiFi, and Bluetooth features.