A report mobile security report released by McAfee this February 2014 shows that apps that invade a person’s privacy are dominating the landscape. Data that the security company collected from thousands of apps shows that 82% of them track a person’s location while 80% collect location information. Some of these apps even contain malware that is able to gain access to personal information.
While it is normal for location based apps such as Yelp or Google Maps to track your location, other apps are also doing the same right now even if the apps in question have nothing to do with navigation or location services.
So why are these apps collecting your location information? It is being used to better target an individual with ads. A total of 4 out of 5 apps will want to know where you go. These apps will want to know your exact location (Gps, longitude, and latitude), your general location (Wi-fi or cell tower), and your last known location. While this may be beneficial since you will be getting ads that are specific to your geo-location it can also be dangerous since it will give crooks an idea of where you are.
McAfee reports that “While ad libraries may serve legitimate business purposes, subsidizing content that consumers want, they can also facilitate over-sharing of information with mobile apps. in a few cases, they go hand in hand with malware. We found that adsmogo and leadbolt are two ad libraries that we found seldom appear without malware. However, as with successful app stores, malware authors include successful ad libraries because of the volume of users. We should not conclude that ad libraries are innately bad.”
When installing an app it will generally inform the user what permissions it requires for it to be able to run on the device. Listed below are some of the permissions that you should be looking out for.
- GET_TASKS : This may be used to eavesdrop or evade defenses
- READ_PHONE STATE: This may be used by cybercriminals to track you and their bot clients through your device.
- ACCESS_FINE_LOCATION or ACCESS_COURSE_LOCATION: This may be used to pinpoint you and your travels.
- GET_ACCOUNTS: This may be used by cybercriminals to login or authenticate to certain accounts.
- READ_SMS or SEND_SMS/ READ_MMS or SEND_MMS: This may be used to commit fraud.
Before you download any new app on your mobile device try to determine if its purpose matches that of the access it is requesting. If it is requesting for something that it unnecessary then there’s something not right with the app.