If These Apps Are Still on Your Phone, Someone May Be Spying on You

Posted on

Instagram

Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.”

Even more worrisome, updates may automatically add additional capabilities. “People need to remember that at Facebook, and plenty of other places, you’re the product, not the customer,” Salisbury says. “Information about you, what you do, where you go, who you interact with, etc., is valuable. If you’re OK with giving that up for some free services, that’s a valid choice. What I’d hope is that people actually think through the choice in an informed way and make sure they’re getting as much as they’re giving.”

Facebook Messenger

Since Messenger is a separate Facebook app, Attila Tomaschek, digital privacy expert at ProPrivacy, feels that it’s important to address as well. “Deleting Facebook Messenger is a no-brainer, based upon the company’s frighteningly lax approach to protecting user privacy,” Tomaschek says. “The messages you send and receive using the Facebook Messenger app are not encrypted, meaning that all your messages are plainly viewable to any Facebook employee with the appropriate permissions.”

While the company is planning to roll out a “Secret Conversation” mode that will offer encryption, it won’t be the default option and won’t be available for the calling feature. “What’s more, the app automatically scans any links or photos you send, and if any suspicious content is flagged by the algorithm, your messages will be read by moderators employed by the company,” Tomaschek adds. “Basically, if you don’t want your personal data to be subject to Facebook’s flimsy data-privacy practices and you don’t want anyone potentially eavesdropping on your private messages, then it’s best to cut your losses, delete the app, and look elsewhere.”

If you’re looking for an alternate private messaging app, Tomaschek recommends the secure messaging app Signal. “Your messages in Signal are secured by the app’s proprietary encryption protocol, which many consider being the most secure messaging protocol available today,” he says. “In fact, Edward Snowden has even endorsed Signal as a secure messaging app.”

Flashlight apps

We bet you didn’t see this one coming. “Free flashlight apps are often of high cybersecurity risks,” says Harold Li, vice president of ExpressVPN, a consumer privacy and security company. “Many of these apps are free but ad-supported, and they often request permissions, such as audio recording and contact information, to apparently function properly. When users install these apps, they risk sharing their personal data with app developers who monetize the data by selling them to advertisers.”

Li recommends removing these apps entirely. Then he recommends updating your passwords for any social media or email accounts you use on your phone. You can also write to these companies and request to have all your data deleted. Under certain countries and states’ laws, consumers have the right to the erasure of all their data.

While Li couldn’t recommend any safe alternatives, he did say this: “It’s 2019, and most phones already come with in a built-in flashlight function, so you really don’t need to install another free app that could be collecting and selling your data.”

Angry Birds

“When Snowden blew the whistle on the NSA and exposed the agency’s surveillance tactics, he mentioned the Angry Birds app specifically as one that the NSA was using to siphon the personal data of its users,” says Tomaschek. “The app was leaking personal data like users’ phone numbers, call logs, home country, current location, and even marital status, and the NSA was gobbling it up without any misgivings whatsoever.”

If you have this game installed on your phone, Tomaschek says the best thing you can do is delete it. But, he adds, “Angry Birds app developers have since evidently patched the vulnerability that allowed for the information to be leaked. So, if you take the developers’ word for it and simply can’t resist indulging in slingshotting birds across your phone screen, then at the very least update to the latest version of the app.”

Zombie Mod

Even if you’re zombie-obsessed, you’ll want to skip Zombie Mod. Covington says, “This game attempted to collect a tremendous amount of personal data from users’ Google accounts, including Gmail usernames and passwords, while also attempting to profit from aggressive advertisements that, in some cases, bricked the device and forced the user to reset and start from scratch.” That’s no small issue.

Plus, adds Covington, “this one game impacted over 50,000 Android users and is part of a family of mod games that are all based on the same code foundation. We recommend users take a close look at the games they have on their devices and remove the ones that are not actively being played or that provide a negative user experience.”

Unfortunately, Zombie Mod may be trickier for consumers to uninstall. “They should start by locating and deleting the original Scary Granny Zombie Mod app,” says Covington. “More important than removing the app, we recommend that any user who has been fooled into installing the game also change their Google account password.”

DoorDash

“The popular and convenient DoorDash app was featured in a Washington Post investigation earlier this spring, which revealed the alarming amount of personal data that the app tracks and shares with other entities,” says Tomaschek. “The investigation revealed that when you open the app, you are sending your data to nine separate third-party trackers. This data includes information like your name, email address, and physical address, along with the make and model of your phone. Furthermore, Facebook and Google ad trackers are also being used by the app, which means that the two tech giants know every single time you open the app.”

Tomaschek recommends deleting the app altogether, but that doesn’t mean it’ll be the last you hear of it. “Unfortunately, some apps can employ ‘uninstall trackers,’ which basically alert the app developer if the tracker detects that a user has uninstalled the app,” he explains. “While the app won’t be able to track you or collect your data any longer, you may notice advertisements popping up all over the place on your phone for the app you deleted, attempting to entice you to download it again.”

Children’s apps

We love our kids, and our kids love our phones. And there can be times when allowing them to play a game can be an incredibly helpful distraction. But you should “be very cautious about children’s games and apps that have little or no reviews,” says Barlow. “[Also], with children’s apps, be wary of anything that stores video and audio content. This stuff lasts forever.”

Dating apps

Tinder and Grindr both collect over 50% of your personal data (Facebook takes the cake at 70%), according to cybersecurity firm Clairo. Think about it: they get names, email addresses, phone numbers, employment and even pet ownership statuses, beyond the obvious location and age data. In 2020, five different dating apps experienced data breaches, leaking information from millions of profiles, putting users at risk of phishing, phone scams, and identity theft.

Ring doorbell app

Ring doorbell users think that they’re the spies, but the app does even more lurking in their phone. An investigation by the Electronic Frontier Foundation found the Android app is packed with third-party trackers that disseminate names, IP addresses, mobile network carriers, persistent identifiers, and sensor data to four marketing and analytic companies.

Every app, every time

We hate to break the news to you, but all apps come with some degree of risk. And regardless of the app, Salisbury recommends that users always review permissions, disable location services when possible (though some apps won’t work without it), and turn off geotagging for pictures. “With this location and geotagging data, marketers and perhaps less savory people can build a pretty decent profile of where you’ve gone and when. Privacy implications should be obvious,” Salisbury says. “Disable permissions if you aren’t comfortable with the app having that kind of access to your phone data or can’t think of a reason why that app needs that permission. If it’s not an option to disable the permission, uninstall the app.”

Prev2 of 2Next