Data stealing apps (in Android and iOS) require permissions way beyond what is needed to do their job. They are stealing your data to sell it. Channel Seven Sunrise GadgetGuy speaks to the Sunrise team.
Samantha Armitage: Did you read the terms and conditions before you downloaded each app?
David Kosh: No, I just pressed accept.
Samantha: Candy Crush – a simple game – has 28-pages of Terms and Conditions. It even gains access to the contacts in your phone. And if you use it through Facebook, it gets information about you, your interests and general location. Some apps are more like spy tools – they can turn on the audio and listen to your conversations, it’s able to read texts and even connect to your camera.
All without your knowledge.
Val Quin: It is crazy. The terms and conditions are so difficult to read, and we just want to use the app, so we click ‘I agree’. You have just given that app permission to do whatever the T&Cs says it can do with your data.
Samantha: What can people do to protect personal information?
Val uses an Apple iPad to demonstrate accessing its Privacy settings. It is similar on Android, just go into Settings and Apps.
He showed the types of information apps collect. Location, contacts, calendars, reminders, photos, microphone, camera, HomeKit and much more.
For example, under location (enabled by GPS, Wi-Fi or store beacons etc.) you must ask why things like Facebook (social media) Evernote (word processor) needs to know where you are. Of course, Maps, Weather, Camera, your bank etc., do need to know. But Uber defaults to use your location all the time instead of when you use the app – so switch it to the latter.
Val: The best advice is to go through all of these apps and set relevant permissions. If they stop working (and most won’t), then get rid of them.
Koshie: Are there any data stealing apps we should be wary off?
Val: Any free app because its product is you (it monetises your personal data). Be wary of apps that want access to contacts, microphone, camera gallery, etc. Ask why they would need that.
Samantha: Are we going to see more legislation to protect us?
Val: I was amazed at the lack of depth the US Senate questions were to Mark Zuckerberg, CEO of Facebook. It demonstrated how little they know. There is a huge way to go. Legislation is needed, so much so that it may put these devious data collectors out of business if they comply.
As a start, we need to be told what information is collected and have the option to refuse that.
Developers are getting sneakier at jusitfying data stealing apps
- Want access to your contacts? That is to allow you to share more easily on social media (and gives us access to others we can steal data from).
- Why do you need to location? Hey, what about automatic adjustment for daylight saving (and we can track your every move)
- How is my calendar used? So, we can set reminders (and order that Uber in time!)
- Why my camera? In case you need to scan pesky 3D barcodes (and to face recognise oll your friends)
- And on and on and on.
The greatest threats will come from AI ‘voice assistants’ that need everything – calendar, contacts, email, location, SMS, storage (that includes all your files and documents), telephone, microphone, camera, picture gallery and so much more just in case you need their help. You are going to have to trust Apple, Microsoft, Samsung, Google or Amazon if you want to use them.
GadgetGuy’s take – data stealing apps mine for the new gold
Just as the #MeToo movement outed inappropriate behaviour, the #DeleteFacebook movement is outing abuses of personal privacy on a huge scale.
It is not just Facebook’s 2.2 billion users that should feel violated but every time we search (via Bing, Google or other search engines), buy food at the Supermarket and flash Flybuys, or even order an Uber the product is you.
Banks/finance, insurance, utilities, comparison websites, retail and online stores, loyalty cards and more – all collect masses of PII.
Coles Flybuys, Qantas Frequent Flyer, Virgin Velocity, Woolworths Rewards and many store cards appear safe. But they know so much through their partner network it is scary. They share data freely with those partners that can afford it.
Comparison websites are a very deep, dark, rabbit hole that you should never go down. Sure, some are slightly better than others privacy-wise. But they all want masses of PII to enable them to compare everything from mobile phone plans to health insurance. Not only do they get commissions from so-called objective comparisons, but they gain information to sell to partners.
It is scary how granular that information is (what your shoe size is, what coffee you like and where you buy it, and more.
Fact: There is nothing legally or morally you can currently do to stop abuses of your PII except be vigilant.
The Sunrise segment is here
Header image courtesy Kaspersky Threats To Your Mobile Privacy Come From All Directions These Days