Mentally, we often give the world’s most popular apps a free pass when it comes to security.
If the brand is a household name, a huge number of people use the service, and the companies behind them are responsible for a vast amount of private data, there’s no way that the app itself could be insecure and riddled with flaws, right?
In fact, some highly-recognizable pieces of software are among the worst offenders. Let’s look at five popular apps with significant security vulnerabilities.
1. Hola Unblocker
I’ll kick off with Hola Unblocker. The free VPN provider used to be one of the most popular apps in the Chrome Web Store thanks to its ability to circumnavigate geo-locked content.
However, as more and more people started using the service, questions arose. It quickly transpired the peer-to-peer VPN technology the app deployed meant its users were unwittingly participating in a giant botnet. Your computer was merely an exit node on the network.
In layman’s terms: if you’re running Hola, other people are using your internet connection to browse the web. It’s so hazardous for your security that the Electronic Frontier Foundation explicitly recommends against allowing it.
To make matters worse, Hola is selling access to exit node bandwidth (i.e. your computer) for $20 per gigabyte under the name of “Luminati.” The company is profiting from your insecurity.
What to Use Instead — A leading premium VPN provider. Free ones are tempting, but there will often be privacy implications.
In 2014, Uber became embroiled in a bitter row over its “God View”.
It allowed any one of its employees to track any passenger’s movements, with the situation coming to a head when one of the firm’s directors started tracking a Buzzfeed journalist who was reporting on the claims.
There’s a lot you can tell about a person from their location. When they arrive at and leave work, if they’re spending the night at home or frequently somewhere else, how religious someone is based on their location on Sundays. Location is a sensitive thing that wraps a lot of other sensitive things.
— Parker Higgins, activist at the Electronic Frontier Foundation
Since the incident, Uber has updated its terms. Drivers can only access travel records to settle disputes and fix bugs.
But the app still has issues. In 2016, a Londoner discovered someone had hacked her account and billed her for five rides in Guadalajara, while another British person got a bill for $600, for trips in New York, despite never visiting the United States. They are far from the only victims.
U.S. authorities are currently involved in an ongoing investigation into the company’s “phantom rides,” though Uber itself claims it “found no evidence of a breach at [the company]”. The case continues…
What to Use Instead — Your bike?!
3. Angry Birds
When combined, the various iterations of the Angry Birds series have been downloaded more than two billion times. It makes the app an attractive proposition for hackers.
But in this case, it’s not hackers you need to worry about. Instead, it’s the government. Both the NSA and Britain’s GCHQ used the game to grab users’ age, gender, and location. A leaked classified report in 2012 in the U.K. even included a code for mining entire user profiles on Android devices.
And even if government surveillance doesn’t concern you, the app has developed a reputation for aggressive ad libraries that snatch your phone’s call logs, your signal, carrier, device ID, and number.
4. Any Yahoo App
How many times does a company need to be the victim of a massive data breach before you simply stop using it?
Yahoo has consistently been in the headlines for all the wrong reasons over the last few years, but no story has been more worrisome for end users than the December 2016 revelation that one billion accounts had been compromised. The hackers used “forged cookies” so a browser didn’t prompt users for a password on every visit.
Worst of all, it took Yahoo almost two and a half years to discover the issue and make the news public. In conjunction with the 2014 theft of 500 million user details, it points to a company in crisis with no control of its internal systems.
Do you trust Yahoo to keep you safe? I certainly don’t. My advice? Delete any apps and close your account today.
What to Use Instead — The list is endless. Need an email address? Use Gmail. Looking to replace the excellent Yahoo Finance? There are lots of alternatives. Need a weather app? Try Wunderground or The Weather Channel.
5. Adobe Flash Player
Does any self-respecting internet user still have Flash installed on their machine? Apparently, the answer is Yes.
Today, it’s used on fewer than 10 percent of the world’s websites. Almost all modern ones no longer rely on it. In fact, it’s mainly become a method for serving ads.
We saw the most severe vulnerability in 2011 when experts discovered Flash enabled “webcam spying” — hackers could trick users into unwittingly activating their webcam and microphone using “click-jacking” techniques.
But the situation has barely improved. In the first six months of 2015, experts unearthed a barely-believable 94 vulnerabilities. They included 32 flaws that allowed Denial of Service attacks, 68 that allowed code execution from malicious sources, and 13 that allowed attackers to steal information directly from a victim’s computer.
Adobe has moved quickly to fix the vulnerabilities in most cases. However, in February 2010 it was forced to apologize after not fixing a known problem for more than a year.
Annoyingly, the company does not specify which holes it’s closing in its near-daily security updates. Thus, it’s impossible to know how many serious issues the developers have closed without the public ever knowing about them.
What to Use Instead — HTML5. The latest version of the markup language has rendered Flash almost irrelevant.
Who Can You Trust?
Of course, this list is not exhaustive. In the current climate, it’s virtually impossible to definitively say any app is 100 percent secure.
As a user, your only weapon in the fight is the web. If you’re serious about your security, make sure you do your due diligence before signing up to a new app or service — especially if it needs personal information or your credit card details.
Which woefully insecure apps would you add to this list? Let me know in the comments below.