Free Mobile Apps Pose a Threat to Privacy

October 31, 2012

Free mobile applications pose a serious threat to user privacy due to their ability to capture large amounts of user information, a new study reveals.

According to research from Juniper Networks, free apps are 401 percent more likely to track user location and 314 percent more likely to access user address books than paid-for apps, an article from ComputerWeekly reports.

Many of the apps analyzed in the research had permission to access the Internet, which could provide the means for exposed data to be taken off of the device. Juniper’s Mobile Threat Center studied 1.7 million Android market apps, and found that many of them solicit personal information or perform functions not required for the apps to work, the article says.

For example, the study found than 94 percent of free gambling apps that have permission to make outbound calls do not describe why the app needs this capability. Also, 83.88 percent of free gambling apps have permission to use the camera, and 84.51 percent have permission to send SMS messages, ComputerWeekly reports.

There is an overall lack of transparency as to who is collecting information and how it is used, says Dan Hoffman, chief mobile security evangelist at Juniper Networks.

The study also found that other permissions requested include the ability to initiate outgoing calls, send SMS messages and use a device’s camera without the user’s knowledge. Hoffman says that the ability to initiate a phone call can be used to eavesdrop on ambient conversations, and the ability to use the camera enables a third party to obtain video and pictures of the area where the device is present, ComputerWeekly reports.

Research firm Gartner predicts that the number of mobile applications downloaded this year will double to 45 billion. As such, Hoffman says that people need to stay informed about the information being captured, especially as more mobile devices enter the workplace.

Juniper Networks is calling on the mobile app industry to:

· Correlate permissions to actual app functionality – the app’s functions have to align with the app’s actual needs, without adding unnecessary permissions such as camera functionality.
· Better differentiate between permissions – make sure that permissions are required for each use of a function, i.e. intentional outbound calling for business is one thing, Spyware apps to listen to calls is another.
· Accept some exposure with free apps – help users understand that free apps often come with a catch.
· A smaller amount of actionable data is beneficial – Help users understand what data is available for sending in each app.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.