Skip to main content

https://stratcommand.blog.gov.uk/2022/12/20/cyber-insiders-being-app-aware/

Cyber Insiders: Being App Aware

Posted by: , Posted on: - Categories: Cyber, Personnel, Technology

There’s an ‘app’ for everything these days and whether it’s social media, online banking, or gaming, digital applications are a part of daily life for the majority of us. Downloadable from both official and third-party app stores, as well as from online websites, access to these applications has also never been easier. Some of us may receive electronics for Christmas and whether it’s a new phone, laptop, or tablet, we’ll head almost immediately to one of these stores to download our favourites. But is it safe to do so? This virtual marketplace may seem secure on the surface but dig a little a deeper and you’ll discover a whole host of threats associated with digital applications. The government has recently published a new Code of Practice which will strengthen app security and privacy for consumers, but in the meantime you should follow the advice of our cyber experts. But first we're going to explore this by first looking at data tracking before discussing some common risks associated with applications and sharing some useful tips on how you can become ‘App Aware.’

Graphic showing tips on being "app aware". These are repeated in text below.
Our top tips on being "app aware"

Why Track:

Many users are unaware of the extent to which their data and information is harvested away and used. The question is why, and how, are apps doing it in the first place?

In 2018, the Financial Times published an article exploring the extent to which apps were collecting data and providing it to third-party organisations. Alphabet, the conglomerate famous for Google as well as Facebook and Twitter, were found to be the top three recipients of user information. Now, you may be sitting there picturing your personal data from match three games being packaged up and parcelled off to the folks running social media. However, the majority of mobile apps actually contain utilities from these large organisations that enable them to track and collect user data straight from the application itself.

Whether its names, gender, age, or your user preferences, all data is fair game for collection and can then be used for a number of reasons. It may be cultivated and used to push out targeted messaging, such as advertisements or it may be used in business reports on performance, user preferences, or customer experiences. For example, if you download a fitness app, or a new game from the ‘App Store,’ Google can show you adverts for similar or related products.

What are the risks involved:

You would probably classify everything we’ve discussed so far as being harmless. What’s the big deal if third-party organisations are tracking the apps I use or the data I upload to them? In some circumstances it can be incredibly useful. You may be shown a product or service you were previously unaware of that could have a positive impact on your day-to-day life. However, with our personal information and data stored away, we’re at risk of potential cyber threats from within the apps themselves. Let’s have a look at a few of these below:

  • Applications will often sell targeted advertising slots for revenue purposes. This is why, when using some of our favourite apps, we’re flooded with adverts promoting one product or another. These slots are freely available to purchase and increasingly they’re being snapped up by fraudsters and scammers in what is known as ‘Ad threats, a form of “malvertising.” This is explored in much greater depth in an article published by Forbes.
  • Running parallel with this is the cybersecurity measures put in place by applications. NowSecure highlight that an alarming 85% of mobile apps have security and privacy vulnerabilities which not only impacts the users but also tarnishes the reputation of the companies and sectors in questions. For example, an article published by Medtech Insight shared research on 30 mobile healthcare apps which found that all were vulnerable to cybersecurity attacks. Therefore, personal information, such as medical records, that were uploaded to these apps could easily fall into the wrong hands.
  • Large companies may seem impenetrable but can, and do, suffer from security breaches on occasion. For example, in 2021, a hacker released the personal data of over 500 million Facebook users, exposing sensitive information about them in the process. Have a read of The Top 5 Security Breaches of 2021 - Sedara Security to learn more.
  • And, although official stores receive regular security updates to minimise malicious apps being uploaded to them, they too are not immune. For example, in 2021 it was revealed that more than 100 million Android Users had downloaded malicious apps on the Google Play Store containing Dark Herring malware, a cash-stealer intended to add chargers to mobile phone provider bills. It is estimated that the campaign stole hundreds of millions of USD from unsuspecting victims. Read 'Dark Herring' Billing Malware Swims onto 105M Android Devices | Threatpost to find out more.

What can you do to protect yourself?

It is incredibly hard to know about an applications level of security and there is very little you can do to control the information, or data, that third party organisations gather. But there are some things you can do to make sure you’re ‘App Aware’:

  • Ever wondered why a newly downloaded app is requiring a whole host of information or permissions? Maybe they want access to your contacts or your camera. Think about what is being asked of you and, if it seems excessive or unnecessary, don’t comply. Why would a wallpaper app need to know your best friend’s phone number?
  • Don’t sign into an app using your social networking account. We’re all probably guilty of doing this or have been in the past. It’s quick and it’s easy however, it also provides the app and any third-party organisation, with a huge amount of personal information about yourself.
  • You can ask your apps not to track. This is a big one as when you say yes to tracking on your iPhone, apps such as Facebook or Twitter can track you across other websites using something called the Identifier for Advertisers (IDFA).
  • Another one we’re probably guilty of is not deleting apps we no longer use. If you’re not regularly playing it, reading it, or scrolling through it, best practice dictates you should delete it. It’s one less tool for data collection.

Conclusion

At the end of the day, it is incredibly difficult to control what information is being collected about you via your favourite apps. The best thing you can do is make sure your aware of the risks we’ve discussed in this article and understand the best practices to minimise the cyber threats data tracking presents. Always be ‘App Aware.’

Sharing and comments

Share this page

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.