There’s an App for That???
Today it seems that there really is an app for everything. There’s the FaceApp that helps you see how you’ll look in 30 years, and Fitbit that tracks and allows you share various information about your fitness and activities. Then there are apps such as Match and Tinder to help you date and hook up with people and strangers. While all of these apps have some potentially useful and fun features, they also have huge potential privacy and security issues that you should be aware of.
Most apps need to collect some personal information in order to function. For example, one needs to provide personal information if you want to use a dating app in order to get connected with the people you are interested in, but what is that personal information used for, who is it shared with, how is it protected and what happens to it when you stop using a given app or service?
These apps and services are required to provide a privacy policy and then actually do what they say they will in this policy, but other than the lawyers who write them, does anyone actually read these policies? If a user does read a privacy policy, do they actually understand it? These are all really important issues to understand before you download an app or sign up for these services.
Types of Data Collected
The types of data collected depend on the nature of the app or service being used. App developers should follow best practices and only collect the minimum amount of information in order to perform their tasks.
Various “health” apps share a variety of data about users which, in many instances, is not disclosed to users when they sign up for the app—these apps may not be very healthy for your privacy.
What Happens to Your Data
App developers are supposed to provide details about what is done with the data once it is collected. In particular, the European Union General Data Privacy Regulation (GDPR) provides broad protections and details about how this data should be handled. Details of this data handling should be provided in the app or service’s privacy policy or notice.
Examples of Sketchy Mobile Applications
FaceApp: This app has been in the headlines lately for numerous reasons. It is an app that uses sophisticated artificial intelligence to create highly realistic facial transformations in facial pictures, which can make a person look older, younger, change their smile and so on. Unfortunately, Faceapp also has a very pervasive privacy policy.
Tinder: Tinder’s privacy policy is rather vague (possibly by design). Details about what data is shared and how it is processed are scant. It is important to consider what you do share on a site or app like this if that company is breached and sensitive information about you is made public, like what happened in the Ashley Madison breach in 2015.
Angry Birds: With more than 2 billion downloads since 2009, Angry Birds and its spinoffs are notorious for accessing your phone’s call logs, and other carrier information. Newer versions have been improved in the privacy area but be careful with these apps.
Mobile applications can be a great way to track your health, access your bank accounts, play games or meet people but they can also expose your personal information in ways that you may not expect. Every app you install increases the likelihood of exposure, so thoughtfully decide if you’re okay accepting the risk to your privacy and that you understand the consequences before you install that next app. Work with CMIT, your trusted cybersecurity advisor to discuss additional preventative measures to protect your organization. Contact us today at 781-350-3438 or via email to info@cmitne.com for more information.
Written by: Chris Zambuto | Chief Information Security Officer @CMITBostonCambridge
