You’re always in the loop because you’ve always got your phone. But could your phone be compromising personal and company data? By Aisha Visram (Founder, Mobile Guroo)
By now you’ve ditched that New Year’s resolution not to use your iPhone in bed because… well, it was never gonna happen anyways. Your phone keeps you connected to every email, every little win (and failure) and every notification that pertains to the success of your business.
But are you doing everything you can to make sure all that information stored in your phone is protected? Probably not — because you likely didn’t even know you were at risk.
Free Apps = Potential Risk
The average mobile user has 50 to 250 mobile apps on their device. Free mobile apps are riskier than paid apps.
Why? Because to generate revenue, app developers often share your app data with advertising and analytics companies, which compromises your privacy and security.
This poses a security risk by exposing your highly sensitive data to hackers when they gain access to your phone, either by physically possessing the device or via remote exploits. Either way, this could have significant consequences.
And if you use your phone for work, your mobile device contains your company data as well as your personal information. This puts your company data at great risk, namely of intellectual property loss and theft.
So what do we mean by risky? According to the AppThority App Reputation Report 2014, 95% of the top 200 free iOS and Android apps exhibited at least one of the following risky behaviors:
1. Track Your Location
Many apps are running in the background and capturing your location. Of course this is useful when hailing an Uber, Lyft or using maps; however, how many apps are reporting on your location in the background when you aren’t even using them to get from point A to point B?
2. Store Your Credit Card Number Unencrypted
When your apps aren’t securing your data using encryption, they’re much easier to intercept. For example, Starbucks, the most popular mobile payment app, saves your password in clear text and contains links to your credit card information, none of which is encrypted within the app.
3. Access Your Private Info Such as Your Contacts
Developers of apps, especially social networking apps, often transfer the contacts or address book from the device without permission. Usually they are trying to increase the viral effects of the app.
In the hands of hackers, your contacts can be used to create a targeted phishing attack. Typically, targeted phishing attacks start with an email which contains a link to a trusted site where hackers pose in order to collect your usernames, passwords and credit card numbers.
4. Use the Device’s Microphone
Scarily enough, there are apps that have access to turn on the microphone of your mobile device and without even asking your permission. Malicious users can then record private conversations.
5. Use Your Social Apps Log-in
There are many apps that leverage your Facebook and/or Twitter log-in information in order to sign into their mobile application. Single sign-on does make for a better user experience but it is also riskier since, if your social log-in is hacked, all of the apps that you have logged into using the same password might be compromised as well.
Steps You Can Take to Reduce Your Risk of Being Hacked
- Set a passcode for your device.
- Encrypt your device and app data. Download NowSecure to your mobile device to find out if apps are storing data encrypted on your device. NowSecure will also tell you if your apps are sending data to foreign countries where cyber crime is high.
- Only install apps from approved app stores, such as the Apple App Store and/or the Google Play Store.
- For Android devices, ensure Google App Verification is turned on. This way, you will be alerted if you attempt to install a harmful app on your device or if one is already installed.
- Don’t recycle app passwords, use a unique and difficult password for each mobile app. Use the Dashlane app to create and store these difficult to crack passwords.
- Don’t connect to an open public Wi-Fi hotspot. Hackers could be masquerading as the hotspot, ready to steal your personal data.
Do you have any other tips for protecting data on your phone?
Photo credit: wk1003mike via Shutterstock.
About the guest blogger: Aisha Visram has 10+ years in enterprise mobile. She is the founder of Mobile Guroo, which assists companies to go BYOD securely without compromising the user's mobile experience. Mobile Guroo solution architects recommend and deploy Enterprise Mobile Management solutions, as well as provide employees with dedicated IT support services for mobile.