Thursday, March 28, 2024

App Permissions To Avoid + Best Practices According To Cybersecurity Experts

Apps are everywhere. If you need to lose weight, track your steps, tune your guitar, measure the distance between two spaces, or learn how to do a handstand, there is an app for it.

Many apps request permission to access sensitive information stored on mobile devices or on your computer. They need to access this data, including your camera, your GPS coordinates, and your microphone, to function properly.

Since people are accustomed to apps requesting permission, many will grant permission automatically without considering the access they are giving the apps. Thankfully, most apps request permission without malicious intent. However, there are some malicious apps that can use the permissions you grant to do serious harm, such as some Coronavirus trackers, or symptoms identification apps these days.

What Are App Permissions?

When you install an app, it will declare its permissions during the installation process. After the app has been installed on an Android device, you will be asked to grant permission for things including Internet access, the ability to write things on the SD card, monitoring your location using GPS, or sending SMS messages.

In theory, an app asking permission before accessing your personal information is a good thing. However, since every app you install, be it an app to manage your finances or a simple video game, is requesting permission, it has gotten to where people view permissions like they view a EULA. It’s something that you quickly tap without reading when installing the app. This is where problems can arise.

Also, there are certain types of apps you should be really careful with – even though they’re known for being secure. These are the apps that contain sensitive information such as online banking apps, email apps, online stock trading and fintech apps, basically anything that has your bank account info, social security number, etc. Apart from creating strong passwords, make sure you enable two-factor authentication (if it’s not already enabled by default) so you can avoid hacker attempts, identity theft,  data leaks, or any inconvenience even if your device is being stolen.

Permissions to Authenticate Accounts

This permission allows apps to authenticate sensitive information. This could include passwords. The danger comes when nefarious apps have this capability. They can use it to phish your passwords. Many apps that ask for this permission come from big developers, such as Google, Twitter, and Facebook. Still, because of the potential damage this permission gives, you need to scrutinize the app before you grant it permission to authenticate accounts.

Permissions to Process Outgoing Calls

Let’s say you are using an online trading platform to day trade at home, in an effort to build a second source of income. You download an app, and it asks for the ability to process outgoing calls. This request should stop you dead in your tracks. The only apps that would need this permission are those connected to voice over IP. There’s no reason a trading app, an exercise app, or a video game that does not explicitly deal with incoming or outgoing calls would need this permission.

Permissions to Read Your Contacts

When you grant this permission, you are giving the app the ability to read all the contacts you have stored on your device. There are legitimate reasons social media apps and communication apps may want to read your contacts. It makes it easier to connect with others who use a similar app. There are also several gaming apps that will want to read your contacts to connect you with other friends who play the same game.

However, granting permission to read contacts to any app can be dangerous. Malware-like apps will take advantage of your contacts and use targeted phishing scams. For example, if you grant a nefarious app permission to read your contacts, you might receive an email from a friend who you frequently communicate with that has files attached. You may innocently open the email and find that it contains malware because the email has been spoofed.

Permissions to Read Your Social Media Stream

Issues with social media and privacy have loomed large in the news recently. Therefore, many apps are requesting permission to read information from your social feeds. While there may be some legitimate reasons for apps to need to monitor your social media feed, in most cases this is unnecessary and can be dangerous.

When you think about the large amount of personal information produced via social networks, it’s easy to see how the wrong app can take advantage of this information. It might use the information posted to figure out a user’s password, security questions, and other information that could be used to commit fraud.

Permissions to Send SMS

You should use extreme caution when using an app that requests permission to access or to send SMS or MMS. Companies can throw on additional charges to an individual SMS. They make money,and you receive a bill for said services. There are few circumstances when you will use an app that requires the ability to send an SMS. If there is no simple reason to grant this permission, don’t do it.

The Best Way to Interact with Permissions

There are several legitimate apps that need permission if they will function. You can protect yourself by knowing how to properly interact with permissions.

First, make sure that you are installing a trustworthy app from trustworthy locations. Even if the app is trustworthy, from the Google Play Store, for example, it might still possess malware-like properties. Before installing any app, carefully read the reviews. Do a quick Google search about the developer. What is their reputation? Have their apps had trouble with malware or viruses in the past? If so, find another app.

Avoid installing apps that request too many permissions or permissions that are excessive for what the app is used for.

For example, you download an app that tracks your caloric intake. Immediately, it’s asking to access your contact list, your location, and your social media. You would do well to question the motivation behind these requests. If the app seems like it’s requesting excessive permissions, stay away.

You can review the permissions of an app before you install it. Hardware, like motion sensors, can also pose a security risk. That’s why it’s important to monitor all permissions closely.

Hackers are devious and clever. They can use apps permissions to get access to your contact information and the contact information of your friends and family. They can use these apps to install dangerous viruses, and they might be mining your information and selling it to the highest bidder. Contemplate the permissions you grant apps, and delete any apps that request permissions that make you feel uncomfortable.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles