Delving a few months back in time, USA was witness to an outright, well schemed and open robbery in pure daylight. No, we’re not talking about any bank robbery. Neither are we referring to an economic scam or a political scandal that seems to have gained a fair share of popularity. The crooks in this crime were armed with the most modern form of weaponry in today’s digital age – Tools to exploit mobile app safety!
People in the US had their personal details palmed off by an e-mail subscription service to Uber. Most of them were consumers of Lyft, a competitor of Uber. And the name of this offending e-mail service was Unroll.me.
It was widely reported in the American press that Uber had fingerprinted its users. This meant that even after a user deleted the Uber app from his/her mobile phone, Uber would still be able to track the user’s mobile usage.
This crime found an identical twin in the security breaches of 17 million accounts with Zomato and 3 billion accounts with Yahoo.
Scary, isn’t it? One moment you entrust your information in the hands of the world’s top global service providers and in the next, some unknown hacker is memorizing your password in the comforts of his room.
However scary it may sound, we can not run away from the tech world , almost every aspect of our life is dependent on technology. Our saviour is awareness and adoption of good practices to ensure our mobile apps do not compromise our privacy.
Read the fine print
You must read the privacy policies of all the apps that they intend to use. To be fair to Unroll.me, the Company had declared its intention to share users’ data to third parties. Unfortunately, many subscribers of the e-mail service ignored the fine print.
We should go thorough all terms and conditions of the apps before we grant any permission to them. Got no time for this? Then atleast do following:
Scan through the terms and conditions , your sixth sense may spot something critical.
Use Google / Quora to serach “Is <app name> safe/secure to use?” or “How does <app name> make money?”.
Check app’s business model
It is likely that the app that you are going to sign up for is free to use and doesn’t have any advertisements running either. Now, doesn’t it sound funny to you? How would this app make revenue for itself?
Some apps that are free and do not even serve ads, share users’ data like email, phone number, income, etc. with third parties.All this information is incredibly valuable to many marketing companies.
It is strongly suggested that you should check the business model of the app that you are interested in. A little bit of research in the present can save you the troubles of many problems in the future.
Review apps and permissions
We should periodically audit our apps. Now what does that mean?
It means that once in a while, you must scan your phone and delete the apps that have been idle for a long time. Chances are, you have used your Twitter, Facebook or Google accounts to access these apps. Over a period, you tend to forget you ever downloaded them but they are present on your devices, leeching off information.
Google and Apple have recognized the data security and privacy threats posed by mobile apps. Over last few years they have strengthened the Android and iOS platforms to empower the users so they decide which app can access their data. While granting any permission to an app, you need to wear a critical hat. Grant the access only if you are 100% sure about the purpose and need of that permission. If in doubt, do not grant.
In today’s world, data theft is an extremely hideous crime of serious nature that must be dealt with an equally serious attitude. The first step to protecting yourself is believing the fact that you need protection. And in this case, all you need to do is Read, Check and Review.