Some of the most popular apps you love and have come to rely on could be posing more of a danger than they’re worth. Here’s what you need to know.
There’s an app for that…but should you use it?
We all love our cellphones and the millions of ways they connect us and make our lives easier. But some of those apps that you love and have come to rely on could actually be putting you at risk. While it’s easy to forget about the need for privacy in a world where everyone airs everything online, it’s important to remember that it takes very little information for someone to steal your identity and even hack into your banking accounts. We’ve collected information about some of the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go. The bad ones are likely guilty of one these top mobile phone security threats.
You can save yourself a whole lot of heartache if you take some simple steps before ever downloading any apps at all, says Caleb Barlow, former VP of IBM Security and current CEO and president of CynergisTek. “Only get mobile applications from the legit stores,” he explains, referring to GooglePlay and the Apple store. And once you’ve found legitimate apps you want to download, “be religious about permissions and check on application permissions on a regular basis. Turn off permissions that are not required for the application to work properly.”
It’s also a good idea to do a little research first. Barlow recommends checking how many reviews an app has before downloading it. Ideally, anything you add to your phone will have already been used and reviewed by thousands of other people.
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”
While there are safer alternatives that perform the same functions as CamScanner, Bera says that “the app is only an imitation of a real scanner, which means that you can always go back to the traditional machine.”
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claim to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”
Unfortunately, Jafari says that Facebook is “notorious for collecting data on you even if you do not use their service. But removing Facebook-powered applications from your phone is a great first step to protecting your privacy.”
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”
Yes, that means attackers had the ability to do a lot of scary spying. “This was one of the most widespread issues I’ve seen impacting mobile devices, and we continue to see out-of-date versions on enterprise devices,” Covington says. Luckily, this one is easy to remove: Simply update the app to the latest version. At the time of writing, the latest version for Android is 2.19.339 and the latest version for iOS is 2.19.112.