Published: September 30, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
In October of 2014 a flashlight app for smartphones made the news in a bit of a dramatic way. The story went that an app that you can download to your device is really spying on you; stealing your information and sending it off to servers in other lands for bad guys to use for their own purposes. What? Why would a flashlight app do such a thing? Well, sadly, that still happens…all the time. Recall a recent story about Temu, the shopping app? It asked for just about every permission imaginable. But, like the flashlight, it doesn’t need them.
In the original flashlight story, reports claimed that a security company found that the top ten flashlight apps were malware and were getting permissions to parts of your phone, like the GPS, camera, microphone, etc. and sending off your sensitive data, such as banking credentials to servers in China or Russia, or both. Sound familiar? TikTok ring a bell?
Well, the same thing is continuing today. Asking for permissions is the norm, and while many of them are not needed for a particular app to work properly, they generally ask for them simply because they can. It doesn’t necessarily mean the apps are dangerous.
This does mean that it’s up to the consumer to decide what apps to download and what permissions to grant to those apps. There are some tips for determining what apps to download and how to set them up safely.
Pay attention when you’re installing apps, no matter what your device is. If you do download a weather app, for example, it really doesn’t need permission to your camera or microphone (unless of course you are posting photos to the app). Neither Temu, Amazon, or TikTok needs access to your contact list, and you shouldn’t grant it.
In the case of maps or weather apps and so many others these days, they will ask for GPS access to be more accurate. If it’s asking to use an internet connection, it could merely be because it wants to download ads, particularly if the app is free. However, some of them are also tracking you, so be aware of which ones truly need your location.
We do hate to say never, but realistically unless you are a very advanced user or an app developer, apps really never need administrator rights. Just keep that in mind as a rule. If it asks for that, it probably really is malware. If this happens, report it and delete that app immediately.
Seriously consider what apps you really want or need on your devices. The fewer you have, the less exposure to malicious activity. If you are not 100% sure that you need an app, it’s better not to put it on your device in the first place. If you stop using it, just delete it.
Especially with free apps, they often do collect a certain amount of data and sell it to advertisers and marketers. So, if you don’t want that to happen, reconsider using these apps.
This hasn’t changed in all the years we’ve been so mobile. Always do your research on any software or app you download to your systems. Though the official app stores do try to keep malicious ones out of their stores, as we’ve heard about many times, some do still sneak in. Any one of them may contain malware these days. But getting them from reputable sources, only from your official app stores, keeping them up-to-date with the latest versions of the apps and the operating systems, is still the best mitigation. When patches or fixes are released, make sure to get them applied right away.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com