Category: Mobile App Development

apps stealing your personal data

Are apps stealing your personal data? Part Two

In the previous post, we looked at how some mobile apps can be malicious and attempt to take advantage by stealing your personal data for monetary gains. In this part, we will explore the measures that mobile app developers can take while building apps to make them more secure and prevent critical personal data loss.

Note to developers – Building secure mobile apps

Ensure libraries are free of vulnerabilities

Developers must be cautious while using third-party libraries as they could contain malicious code or could possess security flaws. Ensure that the code is tested thoroughly before being used in the app development.

Application sandboxing against malware

While building and testing apps, it is a good practice to follow sandboxing. This helps to isolate application data and code execution from other apps. A sandboxing approach helps execute untested or untrusted programs or code, possibly from unverified or untrusted third parties or websites, without risking harm to the host machine or operating system.

stealing your personal data

Don’t ask too many permissions to sensitive information

A simple app such as a flashlight does not require permission to access internet and location. These days users are concerned about data privacy issues and hence do not prefer apps that need permissions which they find unnecessary. Therefore, tuning down on number of permissions might help increase user adoption. In fact, one of the flashlight apps has put up a permission comparison screenshot to showcase less permissions as a USP:

stealing your personal data

Validate input fields to prevent SQL injection attacks

SQL injection is an attack technique that takes advantage of applications that don’t correctly validate user-supplied requests before passing them to the associated backend database. Using normal request channels such as form data, scripts and URLs, hackers can pass malicious SQL queries and commands to a database if they are not thoroughly checked first. By validating input fields and sanitizing data inputs regularly and monitoring input logs, threats like SQL injections can be thwarted.

GDPR regulations and what it means for mobile apps

From May 25 2018 onwards, GDPR will be applicable to all websites and mobile apps which serve users who are citizens of EU. Developers must ensure that they adhere to the EU guidelines and ensure greater data protection for app users. Some of the guidelines are to collect only vital information, encrypt that data and allow users to delete/modify said data at any point of time.

We have looked at some steps the developers can undertake to embed security in mobile apps right from design and development stages. In the next post we will explore how you as a user can protect yourselves from malicious mobile apps and prevent them from stealing your personal data.

apps stealing your personal data

Are apps stealing your personal data? Part One

Fire and fury. This was the feeling etched in the minds of the 2 billion strong userbase of Facebook once the Cambridge Analytica scandal came to limelight. Cambridge Analytica, a political consultancy firm based out of Dallas, US and London, UK, had assimilated data of millions of Facebook users with an app called thisisyourdigitallife, with no indication to users on how their data will be manipulated. It had then used this data to create psychological profiles of millions of people, sending them targeted ads to influence and sway their votes in the favor of Cambridge Analytica’s clients.

Has Cambridge Analytica been successful? The firm was involved and attributed in turning the tide towards Brexit by targeting voters with likeminded ads. Similarly, it was part of the Trump campaign, sending targeted ads and content to voters with specific psychological traits.

Closer home, Cambridge Analytica was found to have played in a role in the 2010 Bihar Legislative Assembly elections. Apart from this, both Congress and BJP are said to have worked with the now disgraced agency to use analytics and glean insights about Indian voters.

 

In today’s digital age, where data has become the new currency, netizens have risen in numbers against loss of private and sensitive information, and misuse of the trust they had on Facebook. In fact, in March 2018, the growing negative perception of the social media giant led to a $60 billion drop in market capitalization.

 

Mark Zuckerberg, Facebook’s CEO has since testified before the US Senate Judiciary and Commerce committees, apologized for Facebook’s lapse and has vowed to enforce stronger data protection policies.

Given this atmosphere of absolute disregard for user data privacy, are mobile apps stealing your personal data? Is your data safe? How does your data get leaked anyway? Let’s explore in this blog post.

 

How is data leaked and what happens with it?

As per ProofPoint, mobile app data theft risks can be categorized as:

apps stealing your personal data - three levels of risks

Let’s look at a few examples of how your data can be stolen by mobile apps without your knowledge:

Unwanted ads – Madware

Beware of free apps. When you are unable to ascertain how a mobile app makes money most probably you and your data are being monetized by being targeted with ads. Madware is a much more aggressive version of advertising. Madware disrupts user experience and potentially exposes sensitive information such as location, contact information and device identifiers to cybercriminals. It enters your phone when you download an app and makes changes to browser settings automatically, allowing ads to pop up over all sorts of apps.

Location and internet access for targeted adds

Sometimes apps can seek location and internet access even when they don’t require it for functional purposes. In such cases, if you provide permission without understanding about it, your location might get tracked and you will receive location-specific ads over the internet. There have been incidents where even with the GPS being off, device location was tracked using cellphone towers, accelerometer and other features without the user’s permission.

 

Monetary loss – keystroke logging

Your bank accounts may be compromised if confidential data such as passwords and access codes can be read from the phone by malicious mobile apps. Some apps demand permission to SMS and call records. Such apps may employ keystroke logging to gather information such as credit card numbers, bank account passwords and more.

 

Echo Chambers and Political Manipulations

Psychology has always been a tool for politicians to turn collective minds in their favour. Fake news is spread, hate speeches are made to instigate reactions that complement their party’s agenda. But with social media, some political strategists have gone a step further. They use illegal means to collect social media data of millions of users using apps, to analyze and form psychological traits that will sway voting choices.

It is apparent that hackers are employing various new ways to get hold of your private data for their personal gains. That politicians have jumped into the fray is distressing. Given the dangers of security lapses and data theft, what can app developers and we as users do to remain vigilant and cautious? Read our next part – Are mobile apps stealing your personal data? Part Two – to know more.

iPhone X – the future of smartphones unraveled

The wait has ended. iPhone X – the future of smartphones has arrived amidst much fanfare. Unveiled at an event at the newly opened Steve Jobs Theatre (Apple Campus – Cupertino, California), the iPhone X has been subjected to both bouquets and brickbats. In this post, we explore why.

First things first, the specifications.

iPhone X comes with a host of new features, the most important ones being Facial Recognition, Augmented Reality support, Super Retina Display (Apple’s moniker for OLED display, a first for an iPhone). The home button has bid us goodbye, as the phone now responds to swipe up.

Let’s look at the specs:

Features  Details
Capacity 64 GB, 256 GB
Display 5.8” all-screen OLED, HDR
Resistance Water, Dust
Chip A11 Bionic Chip, Neural Engine
Camera 12-megapixel wide-angle and telephoto cameras, Optical zoom; digital zoom up to 10x
Video 4K video recording, Optical zoom, 6x digital zoom
Id Face ID, enabled by TrueDepth camera
Siri Improved Siri who can be activated with voice
Battery Wireless charging, lasts up to 21 hours
OS iOS 11

 

Fantastic Four Features

While the specifications are excellent as in any iPhone what is the extra special feature that makes this iPhone a fitting one to mark Apple’s tenth anniversary?

Could it be a body made entirely of smooth glass and polished stainless steel? The Facial Recognition capability that promises to adapt to changing human features? The absence of the home button? Or the impetus for Augmented Reality that is expected to be a game changer for app and gaming experience?

All are strong contenders, but perhaps it is these four that will be making waves for a while:

Facial Recognition

 

 

 

 

 

 

 

 

The Facial Recognition technology, called Face ID, captures several images of facial features with The TrueDepth camera system (a combination of light projectors and sensors), using Infrared light. Akin to the fingerprint security system that scanned our fingerprints, compared with the control set and unlocked the phone, FaceID will be comparing images to provide our gateway pass. Imagine just glancing at the phone to unlock it – simple, isn’t it?

Augmented Reality

Pokémon Go got us started on the AR rage where people were capturing monsters in red and white balls at school, near the dumpster and even at a temple entrance. Apple, too, has gained considerable advancement in AR. We saw a few applications at the event, one by Major League Baseball, where the feature lets spectators attending a live game see player statistics when they hover their phones over a particular athlete.

The technology is still at an infant stage and slowly, AR will gain momentum in smartphones.

Wireless Charging

 

 

 

 

 

 

 

 

iPhone X supports wireless charging. In fact, Apple is going full-fledged in this sphere – launching a wireless charging mat that charges all kinds of Apple devices from watch to phone to pod, all at the same time!

Animoji

Emojis are a loved feature of the internet and smartphones. Almost everyone uses them while texting, updating Facebook status and posting tweets. So why not create custom emoji? No no, we are not talking about emoji characters that look like you, but those that mirror your own expressions and movements!

Why brickbats?

Botched by Notch

 

 

 

 

 

 

 

 

 

 

The feature that has been receiving a lot of flak from a range of designers, developers and general tech aficionados is the now infamous ‘top notch’.

This section hosts a lot of cameras and sensors and is present right at the top of an otherwise all-screen phone. This might be a problem as the UI is affected while browsing sites.

While designers are expressing their consternation around the world, Apple has suggested in its Human Interface Design to:

Don’t mask or call special attention to key display features. Don’t attempt to hide the device’s rounded corners, sensor housing, or indicator for accessing the Home screen by placing black bars at the top and bottom of the screen.

FaceID is not proven

While Touch ID is a proven security measure, not many are ecstatic about using FaceID for securing their phones. It is entirely possible that identical twins might be easily able to crack the code and use your phone for hilarious or nefarious (if you have an evil twin!) reasons. Not kidding!

Final Word

The iPhone X is indeed a path breaking phone with a bevy of interesting features. It is pricey at $999, but tech aficionados will surely not give it a miss.

Watch the official film here

Close Bitnami banner
Bitnami