Smartphones Too Smart For Your Own Good - Personal Information Leak Through Apps
Your smartphone may be a convenient companion, but you may need to think twice about trusting them wholeheartedly.
In this era of mobile applications earning increasing attention and popularity among many consumers, both casual and tech-savvy, the application market poses a rising threat to privacy.
With great power comes great responsibility. The convenience of buffet-style apps on the biggest mobile platforms Apple iOS and Google Android may blind users from the dangers of personal information lacking adequate and proper security measures within apps.
Your smartphone contains a personal identification number that is linked to individualized data such as your phone numbers, current locations, and your real name. this identification number is used by Apple or Google for their purposes. However, if a third party were to obtain such numbers, your individualized data may be at risk of being jailbroken.
In a recent investigation by the Wall Street Journal, 101 popular apps on both iPhone and Android platforms were examined: 56 were found to have transmitted the phone's unique device ID to other companies without users' awareness or consent, 47 apps transmitted the carrier phones' location, and 5 sent age, gender and other personal details to a third party. 45 apps did not provide privacy policies on their websites nor within the apps at the time of testing.
Among the tested apps, the iPhone apps exported the most data compared to Android apps. However, the result may not be applicable to the entire app market due to the small sample size of the investigation.
In the world of mobile, there is no anonymity, says Michael Becker of the Mobile Marketing Association, an industry trade group, the Wall Street Journal reported. A mobile phone is always with us. It's always on.
Knowing popular apps store sensitive data, you may want to curb your enthusiasm in submitting too much personal information via apps.
In another study conducted earlier this month, Chicago-based security firm viaForensics' appWatchdog revealed that companies such as LinkedIn, Netflix, WordPress and Foursquare apps failed in a security test.
The study was done to inform customers about potential data security risks posed by mobile apps. viaForensics also seeks to prompt app developers to increase the security of their apps. The test, with ratings of Pass, Warn, and Fail, tests the security of credit card, password, username, and other application data. A Fail indicates highly sensitive data was obtainable such as a password or credit card number while a Warn warrants that application-specific data is reachable.
The apps which received a Fail rating on both Android and iOS devices include: AIM, WordPress, Yahoo! Mail, Yahoo! Messenger, Hushmail, Kik, LinkedIn, Mint, Skype.
Those stamped Warn include: Amazon mobile, Best Buy, Dropbox, Ebay, Facebook, Gamefly, Groupon, IRS2Go, LA Times, myATT, Netflix, Newegg, NewsRob, NYTimes, Overstock.com, PageOnce, TD Ameritrade, Square, Starbucks Card Mobile (iPhone), The Wall Street Journal - Mobile (iPhone), TigerText, Twitter, Wikinvest, YouTube.
The more secure apps are banking apps from Bank of America, Citibank, Fidelity, and Wells Fargo; they earned solid scores. iPhone's Google Gmail App scored the best for securely storing passwords, usernames, and application data.
A recent survey by BullGuard has shown that over half of mobile users are unaware of security software for smartphones.
While mobile users expect an easy access to various services through applications anywhere at any time, they are not highly aware of the security loopholes on mobile phones, which are drastically different from traditional computers and represent a new and unique threat to customer data.
Since 2008, the App Store has seen over 14 billion app downloads, claimed Apple. As Google's Android Market intends to catch up to Apple, it claims to have earned 4.5 billion app downloads to date. In 2015, around 48 billion mobile applications will have been downloaded, estimated in a report from In-Stat.
Storing data in plain text violates common practice in computer security, yet mobile apps do just that and the study shows the apps have serious vulnerabilities when it comes to data security.
Data should not be stored on a phone, the Wall Street Journal quoted Andrew Hoog, chief investigative officer of viaForensics. If data is stored on a phone, he said, it should be encrypted.
Smartphone users are powerless in controlling phone tracking. Users cannot opt out of phone tracking, which is possible on computers to some extent such as blocking or deleting cookies, tiny tracking files. These techniques generally don't work on cellphone apps, the Wall Street Journal stated.
Tech giants Apple and Google work with ad networks, which allow advertisers to obtain information on groups of users. Advertisers gain user-specific data to identify niche markets.
Neither Apple nor Google require apps to ask permission to access some forms of the device ID, or to send it to outsiders. When smartphone users let an app see their location, apps generally don't disclose if they will pass the location to ad companies, according to the Wallstreet Journal.
Spokesmen from some of the companies such as Netflix, LinkedIn and Google expressed their awareness of the vulnerability, and their progress in fortifying their security guidelines and data handling.
Although companies are becoming more aware of security risks on mobile devices, the continuing vulnerabilities suggest security has received too little attention in the face of creating an app to top the app market.
While app developers as well as platform owners realize the pending need for increased security, it may be wise to beware of just how much information or access you allow your apps. However, the near future may allow personal information to flow more transparently in the digital world. Whether we call it freedom or communism is in the mind of the smartphone.
© Copyright IBTimes 2024. All rights reserved.