Email this Article Email   

CHIPS Articles: Understanding Mobile App Security

Understanding Mobile App Security
By CHIPS Magazine - November 16, 2017
If you are like millions of Americans with a smartphone or other mobile device, you probably use apps, some for entertainment, maybe to play games or listen to music, or to get information, such as driving directions, or to read the news or books. There are millions of apps that target every age and taste; they are so easy to download — and are often free. What’s not to like, right? Mobile apps can be so much fun and so convenient that you might download them without thinking twice about critical questions you should be asking, such as how they’re paid for, what information they may collect from your device and who ultimately gets that information.

Free Apps

Some apps are distributed for free through app stores; the developers make money in a few ways, according to the Federal Trade Commission:

  • Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
  • Some apps offer basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
  • Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases too.
  • Some companies offer free apps to interest you in other products hoping you will make a purchase. These apps are another form of advertising.

Some ad networks gather the information apps collect, including your location data, and may combine it with information about your internet browsing preferences or the kind of information you provide when you register for a service or buy something online. Advertisers are betting that you’re more likely to click on an ad targeted to your specific interests.

At the same time, developers want to provide their apps as inexpensively as possible so lots of people will download them. If they sell advertising space in the app, developers can offer the app for a lower cost than if it didn’t have ads.

Privacy Concerns

Some apps access only the data they need to operate; others access data that’s not related to the purpose of the app. When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access: your phone and email contacts, call logs, internet data, calendar data, data about the device’s location, the device’s unique ID and information about how you use the app.

It is important that you understand that someone may be collecting data on the websites you visit, the apps you use, and the information you provide when you’re using the device — whether it’s the app developer, the app store, an advertiser or an ad network. If they are collecting your data, they may share it with other companies. If you are apprehensive — and you should be — about how your information is being shared, check the “privacy” settings on your device or look for ways to “opt-out” of data collection in the app privacy policy.

It’s not always easy to know what data a specific app will access or how it will be used, warns the FTC. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app — if the developer provides it. If the developer doesn’t provide contact information — like a website or an email address — the app may not be trustworthy.

If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them, the FTC says. It’s valuable information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or wallpaper app to read your text messages.

Some apps use specific location data to provide maps, directions to the nearest restaurants and gas stations, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.

Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself so you will lose the convenience of having your location services turned on.

Your phone uses general data about its location so your phone carrier can efficiently route calls, so even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.

Malware and Security

Your phone may alert you when updates are available for your apps. It is a good cybersecurity practice to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.

If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware. If you think you have malware on your device, you can either contact customer support for the company that made your device or you can contact your mobile phone carrier for assistance.

Many app stores include user reviews that can help you decide whether to download an app. But some app developers and their marketers have posed as consumers to post enthusiastic comments about their own products. The Federal Trade Commission sued a company earlier this year for posting fake comments about the apps it was paid to promote.

Finally, don’t sacrifice security for convenience. Read the permissions statement before you install any app, understand the risks to your sensitive information, and update your apps and operating system when new versions are available to protect against the latest malware.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer