How many times have you heard or even used the expression “I am lost without my phone”? The smartphone revolution allows us to store thousands of megabytes of data on a single portable device. Contacts, Personal Information, Credit Card Numbers, Social Security Numbers, Account Numbers and yes, even Passwords and ATM Pin Numbers.
Our smartphones also store login information to critical sites like Banking, Corporate Intranets and Emails and in some instances, even saves WiFi Passwords in clear text.
Recently, there has been a significant increase in reports concerning malicious mobile apps available from legitimate stores and repositories. This raises alarm around the validity of any application available on major platforms, especially the “free” or “lite” versions.
The problem is, we don’t really know what these apps do in the background and our need for instant gratification exceeds caution. We never read the Terms and Conditions nor do we verify what resources are allocated to these apps when installed. (ie. Camera, Location, Contacts, Microphone to name a few)
We put our trust in these repositories to verify and validate the publisher and application and then blindly assume that if these repositories authorised the publication, why should we be concerned, especially if it displays the “Verfied” logo or is listed as “Recommended”.
Truth is, we should be extremely concerned. A string of malicious apps was recently identified and removed from these repositories, but with thousands of apps on the market, who knows what we can or can not install….not to mention what we already have installed.
Even if a legitimate app is published and verified, does verification stop there? Or does the repositories continuously validate the authenticity and integrity of updates and major changes of these apps?
Here are a few tips on how to prevent malicious apps and malware from being installed:
1) Read the Terms and Conditions. Don’t accept if you don’t agree.
2) Verify the resources allocated to these apps. Why allow the application access to your contacts or camera to simply get a weather forecast.
3) Make use of a Mobile VPN Service and Antivirus to protect your online privacy.
4) Put controls in place to prevent children from unrestricted access to repositories.
5) Request an IT Security professional to verify the application, especially on business devices.
6) Remove apps not used frequently.
7) Do regular updates on verified apps.
8) Refrain from using software hacks and pirated software.
9) Enable biometric and two-factor authentication.
10) Make regular backups.
11) Report suspicious applications to the repositories.
Trust your instinct and use common sense. “If something seems to good to be true, it very often is”
- Images used for illustration purposes only and does not provide information relating to specific smartphone apps or its integrity.