protect your data privcay
Technology

Expert Opinion on APP Security & Data Privacy – Latest Guide

By

Do you trust the apps on your phone? Unfortunately, when it comes to data privacy and security, smartphone apps are infamously tough to trust. Regrettably, there is no way to identify at first sight if an app is tracking you or stealing your personal information. However, simple steps in the right direction can make the difference between losing online protection or maintaining your precious privacy.

Even when you intentionally stop the services monitoring your activity, there is no foolproof way in today’s evolving technological world that can confirm it actually does happen. An app might function well today but could turn into a culprit tomorrow if the app is sold or compromised due to a flaw.

With iOS 14.5, Apple introduced the App Tracking Transparency feature. The feature blocks apps from using data for targeted ads, sharing your location data with advertisers or any other identifiers with third parties. In addition, the privacy nutrition label in iOS 14 allows users to see what kind of data an app collects before they download it.

Similarly, Google introduced options for you to find and delete saved data on the platform and introduce privacy settings in Android 12. However, there’s a lot more you can do to protect your data privacy and augment your smartphone security. Some of the top tips from data privacy experts are discussed in detail below to give a heads up to protect personal data while using mobile apps.

Part 1: Information About Apps

Research about the App or Company

You can’t tell about the authenticity or security of an app by its face value. However, a quick Google search can give you thorough information. Whenever you’re unsure of downloading an app or if the app has any data or privacy leaks, searching the name of the app with phrases like ‘data scam’ or ‘data scandal’ can reveal information about the app.

A simple search will also tell you if data breaches are common or the company’s reputation for responding to any such issue. If the company has been affected multiple times and has done nothing to address the issue, keep away from the app.

Showing how to choose whether the app is real or fake

Be Vigilant of App Permissions

 

We’re always so excited to download and rush to interact with the app that we don’t consider the permissions asked by the app. The one tip recommended by every security and privacy expert is double-checking which permissions the app asks for. Do the permissions resonate with the functionality of the app? Do we even read the permissions? Regrettably, we don’t, and at best, sometimes.

App permissions are complex, and not always obvious why an app might require permission. However, most of the time, it is profusely clear that an app most likely doesn’t need the asked permissions, a clear warning sign. For example, a calling app: does it need access to a camera or the ability to create new accounts? Probably not.

Similarly, in addition to paying close attention to permissions that you give to an app, it’s also important to track how your phone behaves after you download it. Drastic changes in the battery life of your device is another red flag. You always need to be vigilant and give attention to the apps you install or are already installed on the phone.

 

Download Apps Only from Apple and Google Stores

There’s a serious risk associated with apps downloaded from third-party app stores. Downloading a piece of software from a third-party app store can potentially infect your smartphone or tablet with malicious bugs.

Data and cybersecurity experts even say that not all Apple App Store and Google Play store apps are 100% trustworthy. However, it is highly recommended that you only download from the official stores and never side-load an app.

A Synopsys Cybersecurity Research Center (CyRC) report highlighted that a major portion of apps (63%) out of the 3,335 apps analysed on the Google Play Store contained open source components with known security vulnerabilities. The study further highlighted the use of excessive mobile device permissions and sensitive data being exposed in application code.

Overall, the apps on either of these app stores are vetted to ensure they meet a standard data protection quality and have a comprehensive privacy policy. In effect, signifying they will be protecting your privacy and data.

Apps downloaded from unofficial and insecure sites augment the risk of malware, ransomware, trojan, and spyware infecting your mobile. In the worst case, the infected app can have complete control of your device.

Before downloading an app, there are many things to look at, such as how long the app has been available, reviews, and irregular patterns of reviews.

Management of Google-linked Third-party Accounts

Some third-party applications or services, such as social media, music streaming, and online shopping allow you to link your Google Account to enhance your experience. When you connect your Google Account to a third-party account, that third party may send the information to Google. A third party may say that information is shared with Google.

Important: Third parties are companies or developers outside of Google.

Unlink Third-party Accounts from Google

To do so, follow the instructions below:

Step 1: Check the Linked accounts page

  1. Head to the Linked accounts page associated with your Google Account. You may need to sign up.
  2. Select the 3rd-party account you want to unlink your Google account, then hit Unlink.

If the external account you want to end is not on this page, go to step 2.

Step 2: Check Google Apps

  • Go to the Google app linking your third-party account to your Google account. For example, Google Home, Google Assistant or YouTube.
  • Tap Linked accounts, Connected accounts, or Apps found in the Google Settings section.
  • Locate the 3rd-party account you want to unlink from your Google account.
  • Select Unlink or Remove next to the third-party account you want to terminate.

What If You Fail to Delete the 3rd-party Account Link from Your Google Account?

Some third-party accounts may not allow unlinking from your Google Account. In that case, follow the instructions below:

  1. Go to the third-party account that you had linked with your Google account.
  2. Choose an option, such as Apps, Linked Accounts, or Connected Accounts, which may be accessible to you in the account’s Settings section of your account.
  3. Follow the third-party’s instructions to unlink from your Google account.

Part 2: Security And Authentication

Set a Secure Password

To start with, if you don’t use biometric security and/or PIN, model, or password on any of your devices, start with that.

Talk to a security expert, and you’ll hear the same thing: the most likely cause of the security flaw is that you haven’t secured your belongings.

Consider the following: if your phone doesn’t have a password protecting it, all your data is ready to be deleted every time you leave your device unattended (intentionally or unintentionally). It includes your emails, documents, social media accounts, and your entire photo collection.

The best part is that with Android, your devices are as secure as possible. The Smart Lock software feature allows you to leave your phone unlocked automatically under various pre-approved “safe” conditions – for example, when you’re at home when a trusted Bluetooth device is connected or even when your phone is turned on. It means that extra security only shows up when it’s essential, and you don’t have to laugh about it the rest of the time.

You can find and configure Smart Lock in the Security section of your system’s settings, often hidden behind “Advanced Settings” – or if all else fails, simply search for a phrase in System Settings and access the available options.

Simple and clear, there is no excuse for leaving your things unprotected. If you haven’t already done so, go to the Security section in your device’s settings and get started right away.

Make Sure Your Saved Smart Lock Passwords Are Not Compromised

Speaking of Smart Lock, one of the least discussed parts of Google’s security system is the ability to store passwords for websites and apps that access your mobile devices. As part of the annual review, you can look at Google’s list of passwords saved for your account to find out what’s there and what, if any, your login information is at risk.

While running, take a few seconds to remove obsolete items that are no longer needed and do not belong here.

Enable Two-factor Authentication Measures

Today, a password is not enough to protect a critical account, especially one as complex and valuable as your Google Account. Two-factor authentication means that you must enter a unique time-sensitive code with a password when attempting to log in. It significantly increases your level of security and reduces the chance that anyone can hack and gain access to your personal information, as this requires knowing your password and the physical presence of your code-generating device.

Suppose you haven’t enabled 2-factor authentication for your Google account; head over to this page and get started. And don’t stop at Google. Try enabling two-factor authentication for every service you offer, including password managers, social media accounts, and any cloud storage services Google doesn’t use.

Once you have everything configured, trust that your phone will act as a security key or a program like Google Authenticator that generates unique codes from your phone.

Tweak Your Lock Screen Security

The locked screen is your phone’s guard – and there are a few things you can do to tone the muscles and make sure it’s fully functional.

First, think about the types of notifications you receive and how much information you want to see on the lock screen. Anyone who takes your phone with them can easily see all this information. If you tend to receive sensitive messages or just want to increase security and privacy, go to View System Settings and select “Lock screen”. (On some devices, you may need to look in the Security section or the dedicated “Lock screen” section to find a similar option.)

Use a Password Manager

The strongest passwords are random strings of characters – letters, symbols, and numbers and they are strongly recommended to make your passwords secure.

However, these complex passwords are much harder to remember. That’s where a password manager app comes in handy. Password managers keep all the passwords encrypted and protected; that’s why experts recommend using one.

Password managers prevent password-reuse attacks because many people re-use the same password on multiple websites. If hackers break into one website, they can use the same user credentials to log in to other websites.

Also, a password manager can save you from phishing attacks from imposter websites. The imposter websites are created to trick you into entering your password for the account you have on the actual website. The password manager will not enter your password if you’re on an imposter website. Password managers can also track your accounts online, helping you identify unused and susceptible accounts.

Part 3: Securing Your Devices

Use Vpn on Public Wifi

Public WiFi networks can be pretty notorious in terms of security, and experts highly recommend using your mobile data or a VPN. Public WiFi hotspots are an easy target for hackers to perform Man-in-the-Middle attacks or create rogue hotspots. VPN is a secure and robust method to use on public WiFi to protect your devices.

A VPN sends your traffic using an encrypted ‘tunnel’, which makes it really hard to decipher or intercept. A virtual private network can keep your data from being snooped by people sneaking on the same public network. It will mask your data transmission and avoid filtering or censorship on the internet. Therefore, users are advised not to access sensitive apps or documents when using public WiFi services.

However, you need to use a trustworthy and well-known VPN app and always read the service agreement to know what data might be collected and stored.

Check Your Social Media Exposure

Cambridge Analytica harvested millions of Facebook users’ data and built their psychological profiles based on their Facebook interactions. Targeted users with personalised ads based on their personality profile. Social media networks are always prying on users’ personal data to advertise to them. Even if you’ve freed yourself from the social media, web or never created a profile, you may still be prone to privacy invasion.

If you appear on a family or friend’s account, you’re still visible online. Companies create a ‘shadow profile’ for you that includes a person’s likes, dislikes, religious beliefs, political leanings, and much more. Therefore, it is always recommended to limit the information you share on social media. The more information you share, the more you’re at risk in the event of a data breach.

Essential Read: A Complete Guide to Parental Control Apps

Don’t Jailbreak or Root Your Phone

So, what about mobile operating systems? The answer is simple: Jailbreaking your iPhone or rooting your Android gives you superuser privileges, which the manufacturer blocks for various business reasons, as well as the security of your devices. Therefore, when performing the terminal unlock procedure, you immediately void the manufacturer’s warranty.

Jailbreaking in iOS and root access in Android gives users access to many exciting features that would not otherwise be available. But at the same time, it makes them more vulnerable to malicious attacks. The data you carry on these devices is usually susceptible, and if you are not aware of the extent of the risk you are taking, do not do so.

The process itself is usually quite simple – and surprisingly, it’s easier to jailbreak your iOS device than gaining root access on thousands of different Android devices.

Install an Antivirus and Keep It Updated

Let’s see first what to expect. The primary responsibility of antivirus software is to scan your phone for malware (malicious applications and files) and warn you of any problems. Most also provide real-time alerts for potentially dangerous sites you visit, where you are more likely to get malicious files.

In addition to untrusted applications and files, some antivirus applications offer security features to block unwanted calls and messages or allow you to wipe your phone (erase all personal information) or find it if it has been stolen.

And once you know the concepts of “phishing” and “malware”, you clean up and still look for applications from reputable companies.

Cybercriminals have a growing arsenal of tactics at their fingertips. The first step to maintaining online security on various websites is exercising caution and learning the basics of mobile security.

Make sure you adhere to the following instructions:

  • Assess their reputation before installing files and applications. Look for reviews in the app store; an underestimated application can be dangerous.
  • Make sure your passwords are complex and well managed. Remember, at least eight characters, with a combination of numbers, letters and symbols.
  • Make sure your phone and applications are updated regularly. App and device updates resolve known vulnerabilities in previous versions.
  • Be aware of the possibility of identity theft. This is when you receive a fake (and often unrealistic) email, apparently from a company, a friend, or an acquaintance asking you to click on a link or take action. Download the files or click on the links only if you know exactly what they are.
  • Always use a secure Wi-Fi connection. Anyone can access public Wi-Fi, so imagine someone standing behind you and recording everything you do.

Back-Up the Data on Your Phone

The main reason for backing up your data is to have a secure archive of your important information. Whether it’s secret documents for your company or precious photos of your family, you can recover them quickly and easily in case of data loss.

However, 30 per cent of people never back up their devices. It may not work much – until you put it into perspective with the following information:

  • People lose (including the stolen ones) 113 mobile phones every minute. (World Rescue Day)
  • Ransomware attacks were estimated to run every 14 seconds in 2019 (Cybercrime Magazine)
  • The number of mobile phones lost every year exceeds 70 million. (Kensington)

So, consider backing up your data as the basis for your digital disaster recovery plan. Backing up your devices will keep you one step ahead of any cyber threat that can lead to data loss.

However, it should be noted that data loss is not always the result of cyber threats. It may also delete your external hard drive or computer and lose your data. It is simply the nature of all hardware, and backing up your data can help restore it to a new device.

What Data Should I Back Up?

As a starter, you should back up anything that cannot be replaced in case of loss. For individuals, it can include:

  • Contacts
  • Pictures
  • Videos
  • Music files
  • Emails
  • Documents
  • Spreadsheets
  • Financial databases

For businesses, backing up data gets a bit more technical. Imagine backups of user databases, configuration files, machine images, operating systems, and log files – and there is usually an IT administration department to handle all this.

Lock or Wipe Your Phone Remotely in Case of an Emergency

“Remote wiping” is a term you’ll hear a lot when it comes to handling smartphones and tablets. If a device is lost or stolen, someone can send a command to completely erase the stored data, protecting the company’s valuable assets and reducing the risk of breach or compromise.

Since a data breach costs a company $ 3.9 million on average, aggressively deleting a lost phone makes good business sense. The same goes for personal data and information, which can hold unfathomable value for individuals due to emotional reasons.

Find, Lock or Erase a Lost Android Device

If you lose your Android phone or tablet or Wear OS watch, you can find, lock or delete information stored on it. When you add a Google account to your device, Find My Device is automatically activated.

To find, lock, or delete an Android phone, it must:

  • Be turned on
  • Be signed in to a Google Account
  • Be connected to mobile data or Wi-Fi
  • Be visible on Google Play
  • Have Location turned on
  • Have Find My Device turned on

If you’re using a lost phone for 2-Step Verification, you’ll need a backup phone or backup code.

How to Remotely Find, Lock or Erase

  1. Go to android.com/find and sign in with your Google account.
  • If you have more than one phone, click the lost phone at the top of the screen.
  • If your lost phone has more than one user profile, sign in to your primary account with your Google Account.
  1. Loss of telephone will be notified.
  2. The map shows information about where the phone is located.
  • The location is approximate and may not be accurate.
  • If your phone cannot be found, the last known location is shown, if available.
  1. Choose what you want to do. If necessary, click Enable Lock and Delete first.
  • Play sound:Let the phone ring at full volume for 5 minutes, even if it is silent or vibrating.
  • Secure device:Locks the phone with a PIN, gesture or password. If you do not have a lock, you can install it. Moreover, you can also add a message or phone number to the lock screen to help someone retrieve your phone.
  • Erase the device:Permanently erase all data on the phone (but you don’t need to erase the SD card). Once removed, the Find My Device feature will no longer work on your phone.

Important: If you find your phone after deleting it, you may need to use your Google Account password to use it again.

Find, Lock or Erase a Lost iOS Device

If your iPhone, Mac, iPad, iPod touch, or Apple Watch is lost or stolen, you can delete its data in the Find My iPhone app on iCloud.com.

Go to icloud.com/find and go to Find My iPhone.

What happens when you erase a device in Find My iPhone?

  • You get a confirmation email on your Apple ID email address.
  • Activation of the lock is no longer secured. Your Apple ID and password are needed for the reactivation of your device.
  • If you remove a device with iOS 15, iPad 15, or later, you can use the Search option to find or play audio on the device. Otherwise, you will not find or reproduce the sound on it. You can also find your Mac or Apple Watch if previously used Wi-Fi networks are nearby.
  • Apple Pay is disabled for your device. All credit or debit cards configured for Apple Pay, Student ID, and Express Travel Cards will be removed from your device. Credit, debit and student IDs will be removed even if your device is offline. Express Travel Cards are removed once your device connects to the Internet. See Apple Support Administration for the cards you use with Apple Pay.
  • Using two-factor authentication removes the erased device from your list of trusted devices.
  • If you delete a device but then find it, you can restore data from an existing backup. See Apple Support Restore your iPhone, iPad, or iPod Touch from a backup, restore your Mac from a backup, and restore the data on your Apple Watch from a backup.

Erase Yours or a Family Member’s Device Remotely

  1. On the Find My iPhone page on iCloud.com, click All Devices and select the device you want to delete.

If you do not see any devices, this is because you have already selected one device. Tap on the name of the current device in the middle of the toolbar to open a list of devices, then choose a new device.

  1. Click [delete device]. (Delete the device button in the lower right corner of the device information window.)

Depending on what you want to delete, you can perform one of the following actions:

  • iPhone, iPad, iPod touch, or Apple Watch: Enter a password for your Apple ID or Apple Family ID. If you are not using a trusted browser, answer your security questions or enter a verification code sent to your other device. If you are using your computer and want to skip the verification step in the future, click Trust. If you’re using a friend’s computer, click Don’t believe it.
  • Mac: Enter an Apple ID password of a family member. If you are not using a trusted browser, answer your security questions or enter a verification code sent to your other device. If you are using your computer and want to skip the verification step in the future, click Trust. If you’re using a friend’s computer, click Don’t believe it. Enter a password to unlock your Mac (you will need a password).

If your device is lost and you are prompted to enter a phone number or message, you may want to indicate that your device is lost or how to contact you. The number and message are displayed on the lock screen of the device.

If your device is online, the remote wipe will begin by following the on-screen instructions. If your device is offline, the remote uninstall will start the next time its status turns online.

See Apple’s two-factor authentication for Apple ID support if you want more information about trusted devices and verification codes.

Cancel an Erase

If your device is offline, remote removal will occur the next time you connect online. If you find the device before removing it, you can cancel the request.

  1. On the Find My iPhone page on iCloud.com, click All Devices, select your device.

If you don’t see any devices, it’s because you’ve already selected a device. Tap the name of the current device in the centre of the toolbar to open the device list, then choose a new device.

  1. Click Stop removal request and then enter your Apple ID password.

Always Keep Software up to Date

Hackers and crackers love security flaws generally known as software vulnerabilities. It is a security hole or weak spot in a software program or app. App developers often release software updates to patch the security holes in their applications. The updates usually contain new features, bug fixes, security patches and new security features for any vulnerability.

Timely updating your smartphone’s operating system and apps is critical to keeping crucial data safe. Experts advise keeping your mobile settings to automatic updates, so you never have to worry. We’ll just mention a few significant security breaches in apps:

WhatsApp, one of the most popular apps globally with around 2 billion users, had a vulnerability in its VOIP function. The vulnerability allowed hackers to inject malware onto the user’s device just by calling their phone. And it was open for weeks until the company issued a significant update to patch the flaw.

Walgreens, the second-biggest pharmacy chain in the United States, faced a major data breach due to an error in its mobile app. Their app had around 60 million downloads on iOS and Android devices and allowed users to view other users’ private messages.

Therefore, always consider updates like vaccines for your smartphone—a protective way to keep your smartphone evolving and stay ahead of the breaches.

You may also like

Post A Comment

Your email address will not be published.