Popular Apps and Games That Threaten Your Mobile Security
As the old saying goes, “If you’re not paying for a product, you are the product.” That’s especially true for apps. Sure, smartphones are wonderful things, but for convenience, you might be sacrificing your security and privacy.
Consider the amount of people who download social networking apps. That’s a lot of personal information.
Here’s how some of the most popular apps threaten you — and how you can fight back, without uninstalling.
With an average of over 136 million users a month in the U.S. alone, Facebook Messenger is all-consuming, and the most downloaded app of 2016 so far. We’ve grown used to its ease and usefulness, but when it first launched, Facebook members were suspicious: after all, the app already lets you speak to friends. Why would you need to download a separate app altogether?
Since then, we’ve been assured that it poses no threat to our privacy , but earlier this year, security experts found that hackers could intercept your messages on Android devices and even alter their contents through a man-in-the-middle (MITM) attack .
Aside from potentially gaining private data (including financial) by spying on conversations, cybercriminals could infect devices with ransomware, or as TechWorm explains:
Facebook Messenger conversations are held as legal and binding evidence by courts in the United States, Australia and Europe, therefore such a hack could be used to alter judgment in key cases.
What can you do? Facebook’s acknowledged the vulnerability, and offered a solution, but first, you need to update the app. Once you do that, you can start Secret Conversations , which enables end-to-end encryption. That’s what WhatsApp uses too — not a surprise as Facebook now owns that instant messenger, too .
If you’re still nervous about using it, however, you can always try a different app for private conversations .
We’re sure you recall all the panic about Pokémon Go‘s privacy settings, but that all turned out to be… Well, a typo, really. Nothing to worry about, right?
— LaserJetPT (@jet_pt) October 8, 2016
The Kremlin doesn’t agree. Russia thinks there’s something fishy, mainly because officials don’t trust John Hanke, the CEO of Pokémon Go‘s developing company, Niantic. He previously worked for a firm partly funded by the National Geospatial-Intelligence Agency (NGA), which supports America’s intelligence and defense departments.
Furthermore, the app’s Terms and Conditions do raise some questions, namely why Niantic collects location data, and information about the operating device (OS) you’re using. It’s said to improve services, but it can also be passed onto third parties, as long as they seek your approval first (which they could do by updating those Terms of Service that nobody ever reads ). So what’s happening with our data, including those photos taken in Augmented Reality (AR) mode ?
There’s also a highly-suspect clause that stops users filing a lawsuit, as an individual or as part of a group, against Niantic.
— GIPHY (@GIPHY) October 8, 2016
What can you do? If you’re within 30 days of downloading Pokémon Go, you can opt-out of that latter clause.
Pokémon Go needs location services to operate, so there’s little you can do about that. Still, there’s no reason to panic right now . Niantic doesn’t seem to have nefarious purposes, so deleting your account is pretty pointless. Nonetheless, take some precautions like not using AR: it’ll stop you worrying about the app accessing your camera, and save you some battery , too!
And if you downloaded an unofficial version before Pokémon Go launched in your country, beware of malware .
Breathe in deeply: love is in the air — and you might be able to smell something funky, too. Boasting an unbelievable 26 million matches worldwide each day, the dating app’s been downloaded 100 million times.
But as its popularity increases, various security issues have been raised and patches issued, including a particularly worrying vulnerability that lets hackers track users’ locations to within a 100-ft radius. That seemed to have been fixed. Then Swipe Buster reared its head, giving subscribers the power to pinpoint where someone uses the app most.
He needs it ? pic.twitter.com/xU6prUy5Bz
— No Chill On Tinder (@NoChillOnTinder) July 27, 2016
Twitter favors verified accounts, so you might think that Tinder does too. In fact, many have been applying for this to convince their matches that they are who they say they are. Unfortunately, that’s a scam. Tinder doesn’t offer verified accounts at all. A malicious bot sends you a link to a fake site that asks for your private information, including “age verification” — which asks for credit or debit card details.
What can you do? Tinder offers some basic advice for staying safe, but you’re nonetheless surrendering some privacy. That’s a nightmare for parents worried about their kids , so if you’re in that position, you should talk to your children about online safety . As Tinder links up with Facebook, it’s well worth giving your profile a thorough privacy check-up .
Regularly update your apps, so you know all the recent patches have been issued on your device, and don’t trust websites that other users send you to, however genuine they appear to be.
Whenever I think about how bad my dating life is, I remind myself that there's people that pay for Tinder Plus.
— mikey. (@usernamemikey) October 5, 2016
Most importantly, look through your Tinder settings, and make sure your Discovery Settings are private, or else you might be traceable.
Once again @Snapchat doesn't disappoint. That's why you are my favorite social media app.
— TorqdOff (@TorqdOff) October 7, 2016
Snapchat’s got a lot going for it , but you might’ve been put off by the so-called Snappening , a massive data breach from a few years ago which many think is akin to Celebgate . Some 200,000 private images were made public, but Snapchat assured users that their servers were secure — prohibited third-party apps were responsible. In fact, their servers delete messages by default once they’ve been viewed (or, if they’re not seen, they’re deleted after 30 days), except Live Stories, which are sometimes archived.
The good news is that Snapchat does encrypt your pictures, and while that’s never fool-proof , it does at least demonstrate a good level of security that you can depend on in most cases. But security software founder, John McAfee says that he and a team of hackers were able to read encrypted messages from both Snapchat and WhatsApp, so don’t put all your trust in these messaging services.
What can you do? Remember that anyone can save a snap. The fact that you’ll be notified is hardly the point. As encryption is far from perfect, don’t send anything you don’t want anyone except the supposed sole recipient to see.
If you want to avoid any potential Snappening-esque leaks in the future, don’t use a third party app. Make sure you’ve downloaded the official version and update it regularly. If after reading this you still want to download Snapchat, search for it in the Google Play or iOS App Stores. The authentic one should appear at the top.
This is one of the most intimate apps available: Glow is a fertility tracker, including details about sex lives and miscarriages, as an aid for couples trying to have a baby. Cybercriminals could’ve gained access to swathes of information through a security vulnerability revealed earlier this year. Given Glow’s nature, you can understand why users were worried about personal information, including names, date of birth, and email addresses.
The flaw was in the app’s ability to share details with a partner, but which could also be sent to third parties. Personally Identifiable Information (PII) is certainly valuable, but medical data can lead to identity theft , too. Thankfully, a Consumer Report found the vulnerability before cybercriminals did.
Fortunately, Jennifer Tye, head of Glow, Inc.’s U.S. operations, reassured users:
Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution … There is no evidence to suggest that any Glow data has been compromised.
What can you do? Glow patched the vulnerability straight away. You need to update the app to issue the fix, and relink accounts with partners. That is, once you’ve changed your password!
Kinder surprise / Tinder surprise pic.twitter.com/BmyVNqsuzX
— Keyz? (@KeyzRdr) October 4, 2016
Speaking of which…
A Final Word About Passwords
Your first line of defense is always your password, so keep it private.
Whatever service you use, your password needs to be complex, and not easily guessable. Hackers could infer a lot of data about you, even by just looking through your Facebook profile, so make it as obscure as possible.
Which apps do you think are suspect? For what reasons? Have you completely abandoned a service for security concerns?