Email this Article Email   

CHIPS Articles: Protect your privacy from risks associated with mobile device apps

Protect your privacy from risks associated with mobile device apps
By CHIPS Magazine - April-June 2019
The Homeland Security Department’s Cybersecurity and Infrastructure Security Agency issued Security Tip (ST19-003) detailing recommendations for guarding against the risks that come with using mobile applications. CISA is the nation’s risk advisor, working with partners across government, industry and academia, to defend against today’s threats and collaborating to build a more secure and resilient cyber infrastructure for the future.

CISA advises that while apps on your smartphone, or other mobile devices, can be convenient tools to access news, get directions, pick up a ride share, or conduct financial transactions, these tools can also put your privacy at risk.

When you download an app, it may ask for permission to access personal information—such as your email contacts, calendar, call logs, and location dataice. Apps may collect this information for genuine purposes—for example, a ride-share app will need your location data to pick you up. However, you should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests, CISA says.

You can avoid potentially harmful apps by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store. Do not download apps from dubious sources or install untrusted enterprise certificates. Additionally—because malicious apps have been known to slip through the security checks of even reputable app stores—always read the reviews and research the developer before downloading and installing an app, CISA warns.

Before downloading an app, make sure you understand the information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. Consider not downloading an app if the policy is vague regarding sharing your data or if the permissions request seems excessive for its purpose.

For already installed apps, CISA advises:

Review the permissions each app has. Ensure your installed apps only have access to the information they need, and remove unnecessary permissions from each app. Consider removing apps with excessive permissions. Pay special attention to apps that have access to your contact list, camera, storage, location and microphone.

Some apps have access to the mobile device’s location services and thus have access to the user’s approximate physical location. For apps that require access to location data to function, consider limiting this access to when the app is in use only.

Keep app software up to date. Apps with out-of-date software may be at risk of exploitation of known vulnerabilities. Protect your mobile device from malware by installing app updates as they are released, and to avoid unnecessary data collection, uninstall apps you no longer use.

More Security Tips

Be cautious with signing into apps with social network accounts, CISA says. Some apps are integrated with social network sites—in these cases, the app can collect information from your social media account and vice versa. Ensure you are comfortable with this type of information sharing before you sign into an app via your social media account. Alternatively, use your email address and a unique password to sign in.

Public Wi-Fi networks in airports and coffee shops, for example, present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information, such as a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use, CISA says.

You should avoid connecting your smartphone to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in unexpected ways. For example, a computer infected with malicious software could gain access to your sensitive data or install new software in your device.

Never leave your device unattended in public or in easily accessible areas. Ensure your device requires a password or biometric identifier to access it, so if is stolen, thieves will have limited access to its data. If your device is stolen, immediately contact your service provider to protect your data.

References
Cybersecurity for Electronic Devices
Holiday Traveling with Personal Internet-Enabled Devices
Protecting Portable Devices: Physical Security
Choosing and Protecting Passwords
Federal Communications Commission’s Consumer Guide: Protect Your Smart Device

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer