Now more than ever you have to be cautious of the apps you download. Especially on your work phone. There is always an app for something but the question is should you use it?
While it’s easy to forget privacy in a world where you can see almost anything online, it’s important to remember that it takes very little information for someone to steal your identity and even break into your banking accounts. Below is a list of apps that include the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go.
Caleb Barlow, former VP of IBM Security and current CEO and president of CynergisTek recommends this, “Only get mobile applications from the legit stores. And once you’ve found legitimate apps you want to download, be religious about permissions and check on application permissions on a regular basis. Turn off permissions that are not required for the application to work properly.” Here’s how to put a lock on apps just in case someone gets ahold of your phone physically, too.
Watch out for the below apps.
According to cybersecurity expert, Ana Bera, CamScanner, an app meant to imitate a scanner with your phone, is one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”
Interesting right? Shayne Sherman, CEO of TechLoris says “There have been several different weather apps out there that have been laced with Trojans or other malwares. Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”
We all love Facebook and the app makes it more handy, but cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”
Jafari also shares that Facebook is “notorious for collecting data on you even if you do not use their service. But removing Facebook-powered applications from your phone is a great first step to protecting your privacy.”
Michael Covington, VP of Product for mobile security leader Wandera is not a fan of WhatsApp. “This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”
Attackers had access to do a ton of spying. “This was one of the most widespread issues I’ve seen impacting mobile devices, and we continue to see out-of-date versions on enterprise devices,” Covington says.
This one is simple to remove: Update the app to the latest version.
Facebook owns Whatsapp and Instagram so it should come as no surprise that this app also puts you at risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, shares that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.”
Another worry is that updates may automatically add additional capabilities. “People need to remember that at Facebook, and plenty of other places, you’re the product, not the customer,” Salisbury says. “Information about you, what you do, where you go, who you interact with, etc., is valuable. If you’re OK with giving that up for some free services, that’s a valid choice. What I’d hope is that people actually think through the choice in an informed way and make sure they’re getting as much as they’re giving.”
Since Messenger is a separate Facebook app, Attila Tomaschek, digital privacy expert at ProPrivacy, feels that it’s important to address as well. “Deleting Facebook Messenger is a no-brainer, based upon the company’s frighteningly lax approach to protecting user privacy,” Tomaschek says. “The messages you send and receive using the Facebook Messenger app are not encrypted, meaning that all your messages are plainly viewable to any Facebook employee with the appropriate permissions.”
While the company is planning to roll out a “Secret Conversation” mode that will offer encryption, it won’t be the default option and won’t be available for the calling feature. “What’s more, the app automatically scans any links or photos you send, and if any suspicious content is flagged by the algorithm, your messages will be read by moderators employed by the company,” Tomaschek adds. “Basically, if you don’t want your personal data to be subject to Facebook’s flimsy data-privacy practices and you don’t want anyone potentially eavesdropping on your private messages, then it’s best to cut your losses, delete the app, and look elsewhere.”
If you’re looking for another option, Tomaschek recommends the secure messaging app Signal. “Your messages in Signal are secured by the app’s proprietary encryption protocol, which many consider being the most secure messaging protocol available today,” he says. “In fact, Edward Snowden has even endorsed Signal as a secure messaging app.”
This one is another shocker. “Free flashlight apps are often of high cybersecurity risks,” says Harold Li, vice president of ExpressVPN, a consumer privacy and security company. “Many of these apps are free but ad-supported, and they often request permissions, such as audio recording and contact information, to apparently function properly. When users install these apps, they risk sharing their personal data with app developers who monetize the data by selling them to advertisers.”
It is best to remove these apps entirely. Li recommends updating your passwords for any social media or email accounts you use on your phone. You can also write to these companies and request to have all your data deleted. Under certain countries’ and states’ laws, consumers have the right to the erasure of all their data.
“The popular and convenient DoorDash app was featured in a Washington Post investigation, which revealed the alarming amount of personal data that the app tracks and shares with other entities,” says Tomaschek. “The investigation revealed that when you open the app, you are sending your data to nine separate third-party trackers. This data includes information like your name, email address, and physical address, along with the make and model of your phone. Furthermore, Facebook and Google ad trackers are also being used by the app, which means that the two tech giants know every single time you open the app.”
Even if you delete this app it may still cause you trouble. “Unfortunately, some apps can employ ‘uninstall trackers,’ which basically alert the app developer if the tracker detects that a user has uninstalled the app,” says Tomaschek. “While the app won’t be able to track you or collect your data any longer, you may notice advertisements popping up all over the place on your phone for the app you deleted, attempting to entice you to download it again.”
Our kids love to use our phones and there can be times when allowing them to play a game can be an incredibly helpful distraction. But you should “be very cautious about children’s games and apps that have little or no reviews,” says Barlow. “With children’s apps, be wary of anything that stores video and audio content. This stuff lasts forever.”
Tinder and Grindr both collect over 50 percent of your personal data (Facebook takes the most at 70 percent), according to cybersecurity firm Clairo. They get your names, email addresses, phone numbers, employment, and even pet ownership statuses, beyond the obvious location and age data. In 2020, five different dating apps fell victim to data breaches, leaking information from millions of profiles, and putting users at risk of phishing, phone scams, and identity theft.
TikTok is a China-based video-sharing app that is globally successful. A large portion of TikTok’s user base is children. TikTok collects the personal information of children under 13 without getting parental consent.
TikTok has also been accused of data harvesting. TikTok collects data in a different way than Instagram and Facebook. TikTok has the ability to collect user data using contact lists, calendar access, and it can even geolocate devices.
We highly recommend deleting this app but if you must use it we recommend checking your TikTok’s settings. From there you’re able to view your privacy options.
We hate to be a debbie downer, but all apps come with some degree of risk. And regardless of the app, users should always review permissions, disable location services when possible (though some apps won’t work without it), and turn off geotagging for pictures. “With this location and geotagging data, marketers and perhaps less savory people can build a pretty decent profile of where you’ve gone and when. Privacy implications should be obvious,” Salisbury says. “Disable permissions if you aren’t comfortable with the app having that kind of access to your phone data or can’t think of a reason why that app needs that permission. If it’s not an option to disable the permission, uninstall the app.
If you want to learn more about cyber security or have more questions about the security of the apps on your phone schedule your complimentary assessment today!