How to avoid mobile phone apps from leaking your personal data
|Brittany Hainzinger in Security Wednesday, November 18, 2020|
With 60-90 apps downloaded on the average persons device, many could be leaking your personal information. There are several ways to prevent this such as getting a VPN, and reading the terms and conditions.
Most people have dozens of mobile phone apps installed on their phone, tablet, or even their smartwatch. In fact, the average person has about 60 to 90 mobile phone apps on their phone. Out of all those apps, many of them could be leaking your personal data. How can you protect yourself? One of the primary ways is by installing a VPN, but there are other ways, too. Here are a few things that you should consider.
First: Get a VPN
What is VPN and why would it protect you? A VPN is a "virtual private network," which acts as a gateway between yourself and the internet. This gateway only allows traffic through that's been filtered. You can filter out sites that could potentially be malicious, as well as filtering out suspicious things such as potential phishing attempts. A virtual private network will encrypt data that passes through it, thereby making sure that no one can sneak and look at the information you're sending and retrieving.
This is particularly important when you travel. When you travel, your information can be sniffed out by other people through WiFi. If you connect with a public WiFi service, you might be connecting to someone trying to scavenge for information. If you connect to a WiFi service that isn't encrypted itself, this becomes even more dangerous. But if you have a VPN, you're safe, because your data is already being preserved.
Installing a VPN on all your devices will ensure that you're always protected as far as the data you send and receive. But that doesn't necessarily mean that mobile apps won't be leaking your personal data, because mobile apps themselves might be sending data to their own servers. While it will be encrypted throughout, it will be collected nevertheless. But what VPNs can do is tell you that the mobile apps having a lot of data and traffic, which may be suspicious if the app shouldn't be constantly sending and receiving.
Pay Attention to Permissions
When you first install and use an app, it usually asks for permission to a variety of features. It may ask for access to your photos, microphone, and more. For the most part, this isn't malicious. Developers ask for as many permissions as they possibly can on the off chance they might need them later. But permissions means that your phone can access more data, and because it can access more data, it also means that it may be able to leak that data.
For instance, if an app doesn't need your photos, you shouldn't give it access to your photos. With access to your photos, it's far more likely that it could accidentally leak that information. Always give restricted permissions, which are restricted to only what the mobile phone app really needs. If the mobile phone app doesn't need any permissions, give it no permissions. It will become apparent if the app can't work without those permissions later.
Don't Rely Solely on Permissions
But as important as permissions are, it's not the only thing you need to think about. Though you might restrict the app from information, you may still enter that information into the app later. As an example, you might refrain from connecting your phone number to it, but might give it your phone number manually. Pay attention to the information you're actually adding into the app, because it's this information that could also make you vulnerable.
When you add payment information to an app, think about whether you really need to do so. Use credit cards rather than debit cards because credit cards are easier to audit and to cancel. Make sure you're not including a lot of personal information into your app that you don't really need to add. And remember that permissions can be adjusted or changed; if the app suddenly requests more permissions, you should consider before offering them.
Read the Terms of Service
Most people don't read the Terms of Service. But it's actually pretty important. Many people gloss by the ToS even though the ToS might say that their data can be sold to advertisers or other third-parties. If you're concerned about apps leaking your personal data, you need to know what the Terms of Service says.
Of course, it would be a mistake to assume that the ToS means that your data will never be stolen. The ToS doesn't prevent the company from doing so, it just means the company can be held legally liable if it does so. So, while you shouldn't assume that a ToS will protect you, you at least will know if the ToS does say that they can leak your data readily. These are apps that you should definitely avoid if you want to maintain your privacy.
Audit Your Network Connections
Your network connections will show exactly how much talking the app is doing over the internet. Sometimes it may not be immediately apparent what data is being sent back and forth between a server by just looking at the app. Instead, you're going to have to look at the network connectivity. This can be done by looking at the information through your router or by looking through the data being transferred through your virtual private network.
Your VPN should be collecting data regarding network connections; this is one of the most valuable sets of information to analyze. Use the VPN not only for protection but also to tell you whether there's erratic behavior going on between the app and the network. If you see an app talking a lot for no reason, then it's probably sending information that it shouldn't be sending. Many large companies have been seen doing this, such as sending very large packages online and collecting large amounts of information without expressly requesting it.
Check Your Stats
When you take a look at your apps in your mobile device, you should be able to see how much data it regularly sends and receives. Be suspicious if it's sending a lot of information, especially when you aren't using it, or especially if it doesn't have any reason to need a connection. There are a lot of apps that can be collecting an excess of information for other reasons, and these apps should be deleted if so. Not only could they be stealing your personal data, but they could also be eating up your data. Even if you have unlimited data, it's possible that you could get throttled (slowed down) because you're consuming too much of it.
The stats will also be able to tell you whether the app is taking up a lot of space, which it could be doing if it's saving a lot of your personal information on your phone. This could be dangerous, too; make sure that the app is only saving the amount of information you need.
You should always read reviews of apps before installing them. With upwards of 60 apps on every phone, very few people are doing so. But reviews are where people will share their opinions and experiences about the app, including the fact that they might have seen the app sending out their personal information, or they might have experienced a data leak. People will share whether the app appears to be secure or whether it's not very well-secured, and this information will give you what you need to make a good decision on whether you want to install it.
When you read reviews, consider the fact that many companies today are paying for reviews. That means that you can't always trust reviews online; you need to read all the reviews, including the very bad ones, to make sure. You should also take a look at Better Business Bureau ratings, because these are more likely to be serious and legitimate.
Look up the Developer
In addition to reading reviews, make sure the developer themselves is trustworthy and has done a lot of work in the space. Not every phone app will leak your personal data intentionally. Some of them could potentially be hacked and share your information that way. The developer should be someone who has developed apps in the past. If this is their first app, they're going to need to show a lot of professionalism to ensure that their app seems to be protected and safe. You can look up the developer's social media and website to ensure that it's a professional company rather than a fly-by-night developer.
Protecting your personal data is incredibly important. The truth is, once your data is out there, it's out there forever. By making sure the apps that you're using are reputable, using a VPN, and paying attention to permissions and network connectivity, you should be able to protect yourself. Most of the leading apps are pretty well-secured. As long as you make sure to lock down your permissions as well. But anyone can create an app, and it may not take much for that app to get published.
People today use many devices and they have a lot of their information online. The time to act and secure yourself proactively is now. And it all starts by installing a VPN and keeping an eye on your network traffic.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more