Mobile phone applications represent a major threat to everyday consumers. Map apps, social media accounts, and web browsers all try to access our locations regularly, claiming to offer convenience while collecting far too much information about our movements, purchases, and search histories.<\/p>\n
Last month, Canada\u2019s federal privacy commissioner released a scathing report following a joint investigation into location tracking conducted by the app for Tim Hortons. The coffee chain has nearly 5,000 locations across all 10 Canadian provinces, along with more than 600 U.S. locations\u2014third-most in the country behind only Starbucks and Dunkin\u2019 Donuts.<\/p>\n
In 2017, Tim Hortons introduced a new mobile app that was downloaded 10 million times within three years. Like most retail apps, it was intended to offer users easy payment, loyalty points, and order-placing perks. But in 2019, a new feature was quietly added. Using geolocation software, the Tim Hortons app took advantage of the GPS systems in customers\u2019 phones to install a veritable snooping tool.<\/p>\n
Instead of asking for permission to access users\u2019 GPS locations only while they were actively using the app, Tim Hortons tracked users 24 hours a day, around the globe\u2014even when the app was not in use. Initially, the system was intended to track individuals so that specific promotions\u2014like, say, coupons for a Tim Hortons stand in an arena if the user attended a hockey game\u2014could be delivered to them. But data was instead collected to hunt for patterns and changes in where and when Tim Hortons\u2019 users picked up their coffee.<\/p>\n
That extended the reach of the GPS tracking not just to geographic locations but to the specific types of locations, as well. Tim Hortons claimed the purpose was just to figure out whether loyal customers were frequenting rival coffee shops. But the continuous tracking led to other data compromises, like deceptions in privacy statements and inadequate protection of the aggregated data collected by the app.<\/p>\n
Daniel Therrien, Canada\u2019s federal privacy commissioner, was blunt about the consequences of such data intrusion, which he called a \u201cmass invasion of privacy\u201d: \u201cAs a society, we would not accept it if the government wanted to track our movements every few minutes of every day,\u201d he said during a press conference with other privacy commissioners from major Canadian provinces like Quebec, Ontario, and British Columbia. \u201cIt is equally unacceptable that private companies think so little of our privacy and freedom that they can initiate these activities without giving it more than a moment\u2019s thought.\u201d<\/p>\n
What Can You Do to Protect Your Data?<\/strong><\/p>\n For most of us, smartphones have become the most important devices in our day-to-day lives. We communicate with colleagues and family members, check our calendars and email accounts, conduct financial transactions and download files, and shop for goods, all from the same device. Yet we don\u2019t treat the data stored on our mobile devices with the same care as the information saved on our laptops, desktops, and servers.<\/p>\n Here\u2019s what you can do to better protect your smartphone and extend an extra few layers of security to the information you carry around in your pocket:<\/p>\n 1) Update your apps.<\/strong>\u00a0Many app updates occur automatically, but plenty still require special permissions\u2014or will only update when your phone is fully charged and connected to Wi-Fi. That makes it easy to put off an update or forget to set one in motion, even though security vulnerabilities are often addressed when new versions of popular apps are released. If this step seems intimidating or confusing, contact a trusted IT provider for advice, action plans, and smart app update strategies.<\/p>\n 2) Only install apps from official sources.<\/strong>\u00a0It\u2019s critical to pay attention to where your apps come from. Only download new apps and updates for existing apps from official sources like the App Store on Androids and Apple iPhones. These stores require developers to meet certain criteria before their app can be offered for sale or download, and unreliable apps are regularly vetted and removed. Yet malicious apps can still slip through the cracks, which means that users should pay attention to the app developer\u2019s name and read reviews of apps you might not be sure about. Bad actors will often list an app that looks or sounds similar to a popular one or try to promote suspicious add-on apps that can surreptitiously install malware into existing apps. If a developer has created other apps with suspicious names or has even one or two bad reviews, don\u2019t install it.<\/p>\n 3) Be careful about granting permissions.<\/strong>\u00a0After you\u2019ve safely and securely downloaded or updated a trustworthy app, slow down before you automatically accept all permissions related to it. Blindly allowing an app to access your device\u2019s location, camera, microphone, contacts, or other sensitive areas of your phone could lead to trouble. If you aren\u2019t sure about specific app permissions, check your phone\u2019s privacy settings and manually review which app accesses which part of your phone. If anything looks unfamiliar or unsafe, deactivate that permission and immediately reach out to a trusted IT provider.<\/p>\n 4) Delete old or unused apps from your smartphone.<\/strong>\u00a0If you come across an old app that you haven\u2019t used in ages, don\u2019t just let it take up space on the second or third swipe screen of your phone as this can give hackers easy access to your device. Instead, free up your phone\u2019s memory and clean up your home screen by deleting old or disused apps. Make a habit of checking your smartphone menu on a monthly or quarterly basis to avoid such vulnerabilities.<\/p>\n 5) Activate multi-factor authentication (MFA) for your phone login and apps.<\/strong>\u00a0This typically comes in the form of a one-time code that\u2019s entered along with your usual password, a fingerprint or face login, or a Touch ID. Make sure this setting is activated under your\u00a0Settings > Password & Security<\/strong>\u00a0menu so you can prevent malware or other dangerous apps from stealing existing passwords and locking you out of certain accounts. Not sure how to implement MFA? A trusted IT provider can help.<\/p>\n 6) Avoid unsecured public Wi-Fi networks.<\/strong>\u00a0Many of us are working from the road this summer, increasing the chances of signing in to an unprotected public Wi-Fi network. Avoid this major issue by using a mobile hotspot (if you have good cell phone service) or logging in via a VPN (Virtual Private Network) to enhance overall cybersecurity.<\/p>\n