Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Data Privacy and Security: Why Mobile Apps are the New Weak Link

There was wide outrage when the Facebook Cambridge Analytica scandal broke, when it was discovered that a political data analytics firm was able to access data belonging to about 87 million people, and that this data was used to influence the outcome of the 2016 US elections.

The widely-publicized scandal resulted in Facebook CEO Mark Zuckerberg being invited to testify before congress, and Facebook will later admit to user growth slowing as a result of the scandal, resulting in over $100 billion being wiped off the social giant’s market value.

While Cambridge Analytica created national awareness about the importance of paying more attention to our data privacy and security, other data and privacy scandals have since come up involving Facebook, Google, and other tech giants. At the heart of all these scandals lie a major issue: permissions abuse by organizations to farm user data for financial gains.

Mobile apps are a bigger threat than facebook when it comes to privacy
Unfortunately, I believe there is a much bigger threat than Facebook: mobile apps. Mobile apps are the new weak link when it comes to user data and privacy abuse, and they need to be quickly addressed and treated as such.

In a recent study that looked at permissions usage among VPN apps on the Android Play Store, it was observed that more than 60% of these apps require “dangerous” permissions that are not needed for them to function. These “dangerous” permissions pose a risk to users’ privacy by allowing access to sensitive information such as users’ location, mobile phone data, phone status, and a lot more.

The problem is that a VPN app does not need these permissions, that can compromise users’ privacy, to function, yet, more than half of the most popular VPN apps require them. I asked the author of the study and founder of TheBestVPN, Rob Mardisalu, what prompted the study. His response:

“While many seem to be paying a lot of attention to privacy issues involving Facebook and other tech giants, our research has uncovered something much bigger with mobile apps. You can very easily delete your Facebook account, but a mobile app with the wrong permissions can log all of your activities and track you. What’s more worrying is that many people give these mobile apps permission to track them without really knowing what’s going on behind the scenes.”

Mardisalu has good reason to be worried, as do all mobile phone users. A recent study from researchers from Oxford University found that a whopping 90% of free apps on the Google Play store share data with organizations.

According to the researchers, this data sharing and harvesting is simply out of control, with the average app sharing information that includes a user’s age, gender, location, and information about other installed apps to up to five tracker companies; these companies then pass the data to larger firms that use the data for other purposes.

Practically all mobile devices are affected
Before you assume that the issue is restricted to Android devices and the Google Play store, a report by the Washington Post found that the iPhone isn’t exempt: after hooking up an iPhone to monitoring software, it was discovered that 5,400 app trackers were sending data including names, IP addresses, email addresses, precise location data, cellphone carriers, and phone numbers to third parties weekly on the researcher’s iPhone. 

The transfer of this sensitive data usually took place in the middle of the night when the owners of these devices are probably wide asleep. Other iPhone users aren’t exempt, and this is despite the fact that Apple touts the fact that its devices are designed for people who want “advanced security and privacy at every level.”

When you consider the fact that Android and Apple’s iOS have a combined 98% of the mobile operating system market share worldwide, this becomes very worrisome.

In fact, realizing how much data can be mined by exploiting mobile apps, TalkingData, a Chinese big data company does just this: by creating basic mobile apps that people need -- such as VPN apps, games, etc -- and requiring unnecessary permissions (which many users automatically go on to accept), TalkingData now boasts a $1 billion valuation and access to data on over 700 million monthly active data.

If we are really concerned about our data privacy and security, it is important for us to realize that mobile apps, the way they currently are, are the weakest link -- and we have to do something about this.


With over 10 years of experience as a ghostwriter in the tech industry - writing about privacy, telecommunications, blockchain, and AI - Thomas has established himself as a go-to writer for top-notch tech and cybersecurity content


What’s Hot on Infosecurity Magazine?