Mobile Apps Quietly Steal Your Privacy
Otherwise respectable mobile apps sometimes trample privacy with overgenerous device permissions, experts say.
"We're not seeing a lot of malware so much ... but we are seeing a lot of privacy concerns from apps that are sharing information that people aren't aware of, or apps that have not been built securely," said Michael Sutton, VP of security research at Zscaler ThreatLabZ.
More Security Insights
- Reality Check: Putting Next Generation Threat Detection to the Test
- Managing Threats in the Digital Age
For example, he said that several months back when his researchers were doing work in the mobile space, they ran into certain iOS apps that would ask for passwords to popular services, like GoogleDocs.
"They would communicate with services, like GoogleDocs or Dropbox, and upload things and store backups," Sutton said. "All of those authentication credentials were just stored in clear text on the backup of the file, and so anybody who got a backup of your phone could go through that in plain text."
According to Sutton, the mobile space is such a "land grab" right now that businesses are desperate to have mobile apps and are willing to outsource to developers who might not be very competent at their jobs, or who just aren't given enough time to do a security review.
"I think the worst part is people think, 'I downloaded it from the store. It's safe,'" he said. "But that's not necessarily the case, and the end users mistakenly think that the gatekeepers are watching their backs."
In fact, in many cases it might not even be in the developer's best interest to keep users' privacy intact.
Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)