Tuesday, May 28, 2024

App Permissions To Avoid + Best Practices According To Cybersecurity Experts

Apps are everywhere. If you need to lose weight, track your steps, tune your guitar, measure the distance between two spaces, or learn how to do a handstand, there is an app for it.

Many apps request permission to access sensitive information stored on mobile devices or on your computer. They need to access this data, including your camera, your GPS coordinates, and your microphone, to function properly.

Since people are accustomed to apps requesting permission, many will grant permission automatically without considering the access they are giving the apps. Thankfully, most apps request permission without malicious intent. However, there are some malicious apps that can use the permissions you grant to do serious harm, such as some Coronavirus trackers, or symptoms identification apps these days.

What Are App Permissions?

When you install an app, it will declare its permissions during the installation process. After the app has been installed on an Android device, you will be asked to grant permission for things including Internet access, the ability to write things on the SD card, monitoring your location using GPS, or sending SMS messages.

In theory, an app asking permission before accessing your personal information is a good thing. However, since every app you install, be it an app to manage your finances or a simple video game, is requesting permission, it has gotten to where people view permissions like they view a EULA. It’s something that you quickly tap without reading when installing the app. This is where problems can arise.

Also, there are certain types of apps you should be really careful with – even though they’re known for being secure. These are the apps that contain sensitive information such as online banking apps, email apps, online stock trading and fintech apps, basically anything that has your bank account info, social security number, etc. Apart from creating strong passwords, make sure you enable two-factor authentication (if it’s not already enabled by default) so you can avoid hacker attempts, identity theft,  data leaks, or any inconvenience even if your device is being stolen.

Permissions to Authenticate Accounts

This permission allows apps to authenticate sensitive information. This could include passwords. The danger comes when nefarious apps have this capability. They can use it to phish your passwords. Many apps that ask for this permission come from big developers, such as Google, Twitter, and Facebook. Still, because of the potential damage this permission gives, you need to scrutinize the app before you grant it permission to authenticate accounts.

Permissions to Process Outgoing Calls

Let’s say you are using an online trading platform to day trade at home, in an effort to build a second source of income. You download an app, and it asks for the ability to process outgoing calls. This request should stop you dead in your tracks. The only apps that would need this permission are those connected to voice over IP. There’s no reason a trading app, an exercise app, or a video game that does not explicitly deal with incoming or outgoing calls would need this permission.

Permissions to Read Your Contacts

When you grant this permission, you are giving the app the ability to read all the contacts you have stored on your device. There are legitimate reasons social media apps and communication apps may want to read your contacts. It makes it easier to connect with others who use a similar app. There are also several gaming apps that will want to read your contacts to connect you with other friends who play the same game.

However, granting permission to read contacts to any app can be dangerous. Malware-like apps will take advantage of your contacts and use targeted phishing scams. For example, if you grant a nefarious app permission to read your contacts, you might receive an email from a friend who you frequently communicate with that has files attached. You may innocently open the email and find that it contains malware because the email has been spoofed.

Permissions to Read Your Social Media Stream

Issues with social media and privacy have loomed large in the news recently. Therefore, many apps are requesting permission to read information from your social feeds. While there may be some legitimate reasons for apps to need to monitor your social media feed, in most cases this is unnecessary and can be dangerous.

When you think about the large amount of personal information produced via social networks, it’s easy to see how the wrong app can take advantage of this information. It might use the information posted to figure out a user’s password, security questions, and other information that could be used to commit fraud.

Permissions to Send SMS

You should use extreme caution when using an app that requests permission to access or to send SMS or MMS. Companies can throw on additional charges to an individual SMS. They make money,and you receive a bill for said services. There are few circumstances when you will use an app that requires the ability to send an SMS. If there is no simple reason to grant this permission, don’t do it.

The Best Way to Interact with Permissions

There are several legitimate apps that need permission if they will function. You can protect yourself by knowing how to properly interact with permissions.

First, make sure that you are installing a trustworthy app from trustworthy locations. Even if the app is trustworthy, from the Google Play Store, for example, it might still possess malware-like properties. Before installing any app, carefully read the reviews. Do a quick Google search about the developer. What is their reputation? Have their apps had trouble with malware or viruses in the past? If so, find another app.

Avoid installing apps that request too many permissions or permissions that are excessive for what the app is used for.

For example, you download an app that tracks your caloric intake. Immediately, it’s asking to access your contact list, your location, and your social media. You would do well to question the motivation behind these requests. If the app seems like it’s requesting excessive permissions, stay away.

You can review the permissions of an app before you install it. Hardware, like motion sensors, can also pose a security risk. That’s why it’s important to monitor all permissions closely.

Hackers are devious and clever. They can use apps permissions to get access to your contact information and the contact information of your friends and family. They can use these apps to install dangerous viruses, and they might be mining your information and selling it to the highest bidder. Contemplate the permissions you grant apps, and delete any apps that request permissions that make you feel uncomfortable.


Latest articles

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles