It’s time to accept the fact that smartphones and tablets are a huge library of our personal data. This information is a lure for all kinds of malicious users or advertisers .
Sometimes we are to blame for data leakage , but in very many cases, the application does systematize them and send the wrong hands. But the worst thing that if our contacts, notes and passwords fall into the wrong database , we become vulnerable almost a lifetime .
According to the service Appthority, 91% of the top 100 free and paid apps in the App Store at least once were suspicious activity and 83% of “hundreds” of similar tops applications for Android. Figures are quite unpleasant , but fortunately , there are at least seven ways to improve their information security.
1. Unencrypted Data
Perhaps the worst thing that can make an application in relation to its users , it is to collect personal information (name, home address and e-mail address , telephone number and credit card number) and put it in the open access unencrypted , which means that it is absolutely anyone can learn it if you want . This vulnerability has been , for example, found in WhatsApp couple of years ago .
Big scandal erupted around the Starbucks App for iOS, when it became clear that it stores passwords in plain text , without any encryption . Another popular program , specifically its Android- version , The Coupons, passed on information about the user (including its geolocation ) every time he ran and use this application.
Of course, both of these programs have been updated , and vulnerability – fixed, but how much damage they could cause “happy” owners of smartphones ? And after these events occurred only in the last month .
What can be done ? Unfortunately, very little . The only option – learn to ” manually” view application activity , but it requires certain skills (eg , ability to understand the lines of code ) and time.
2 . Geolocation
Some applications need to know the exact location of the user , eg, GPS- program builds on the area map the best route. But why such ” knowledge” games? The answer is simple – they want their advertisers to create content and flow of spam. That is why many programs quite independently collect data from GPS- modules smartphone and banishing them to their creators . Some people are quite satisfied with this activity , some – not. In any case, then what happens to our data grasping paws advertising department is unknown.
In iOS and Android application in a special pop-up window asks for your permission to collect geo startup. In some cases, you can click on the “no” – on the program it will not affect . Sometimes have to go for broke , either consent or refuse to run the application haughtily .
3 . Advertisement
How can it hurt ? Primarily on the basis of our information are ” advertising profiles ” that ” roam ” for us, even when we change the phone . And no one can say who this dataset sell or give tomorrow.
Also, not so long ago revealed that Vulna, advertising library, collects data about users, could be used as a tool to attack Android- devices. The researchers found that application Vulna « on board” have been downloaded over 200 million times. Of course , the vulnerability is already closed, but the residue still remained .
What can be done ? First of all – download applications that do not use advertising. Basically they are paid. In addition, iOS 7 can “restrict advertising tracking ” by going to Settings – > Privacy -> Advertising and advertising networks look like “new” , the other man . No equivalents on Android , Google does not permit even block ads in Google Play. You can also block cookies from suspicious sites in the browser .
4 . Single login / password
Use the same username and password on all resources that require registration , – not the best idea . Sure, it’s convenient – hardly forget such an important combination. But if gets into the wrong hands , this information , it will get instant access to the profile and on Facebook and Twitter – in short, wherever ” untouched ” victim.
What can be done ? Obviously – to use different combinations of usernames and passwords for each site. You should also have multiple mailboxes.
5 . Contacts and calendar
Like geolocation , calendars and contact lists – a goldmine for all advertisers . So many applications trying to access them , regardless of whether they use them in their work or not. According to the same Appthority, 22% of the top 31% paid and free programs requesting access to your contacts .
What can be done ? Access to such data shall only be granted to the users themselves . On iOS, starting with the sixth version can withdraw its privacy settings. On Android, a similar function is not provided , you can close this loophole only during installation and after – no. So it pays to think carefully before agreeing to everything.
6. “Embedded purchase”
Many programs , especially games, are available for download free of charge, but the profit they get by offering built-in purchase ( for real currency , of course ) . The risk is obvious – because it is about money ! The Internet already fully described cases where the child spent huge sums , always something to buy his favorite ” toy ” on my dad’s iPhone. Parent himself , of course, was not aware of .
It’s funny that even the older players sometimes fail to resist the power of the next opportunity to buy a new virtual farm eggplant seeds .
What can be done ? On iOS, you can disable the built-in buying a specific application settings . And Android users can put a password on this function : without his input is not gonna buy .
7. Unique device identifiers (UDID)
One way to ” spy ” for users of smartphones based on the use of unique identifiers of devices : personal number of each . The same does not happen. Since most gadgets are usually used only by one person , UDID allow anyone should find you anywhere . And if that number becomes known , there is no reliable way to change it – just buy a new phone .
Apple banned software developers use UDID back in 2012 and now reject those applications that are trying to circumvent the ban . But sometimes they do it : according Appthority, the most popular applications are still collect unique identifiers . Android on all somewhat worse : 55 percent and 87 percent of paid free programs use UDID, to “follow” the user . Like all free games for the same system.
What can be done ? On iOS 7 requires application developers to use a different number , not the factory . In addition, the maximum that ” apple company ” allows to do with it – to use for advertising purposes . Reset identifier at any time by going to Settings – > Privacy -> Advertising . Google is trying something similar with Google AdID, but a huge number of completely different Android-devices makes this process difficult . Sometimes UDID may change after the “hard” flashing device.