Your mobile apps are up to no good

Metaratings
19 Feb 2014
00:00

Before you accept the ‘Terms and Conditions’ associated with your next app you really should read them. Yes, I know, they all have onerous clauses but you want the app and really don’t care about the repercussions of using it, right? After all, what harm could a Flashlight app do, shed light on my personal life?

Well, yes, that’s exactly what it can and does do. My search through Google Play Store for a simple torch program that utilized my smartphone’s LED left me more frightened than the darkness I was seeking to illuminate.

I can understand the app needs permission to access the LED and turn it on and off via the app's control button, but why would it need ‘permission’ to take control of my camera at the same time? Was it interested in seeing and recording what I was doing in the dark? The other clauses were no less daunting:

Clause 1 – Camera. “Take pictures and videos. Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.”

Clause 2 – Storage. “Modify or delete the contents of your USB storage.”

Clause 3 – Retrieve running apps. “Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device.”

Clause 4 – Read phone status and identity. “Allows the app to access the phone features of this device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by the call.”

Clause 5 – Full network access. “Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.”

Clause 6 – System tools. “Modify system settings. Allows the app to modify the system’s settings data. Malicious app may corrupt your system’s configuration (sic). Test access to protected storage. Allows the app to test a permission for USB storage that will be available on future devices.”

Let me remind you this is a flashlight app, purportedly to shed light in the dark, not shed light on your entire personal life for some unknown snoop to see. Either I am becoming paranoid or my personal data really is being targeted by something or someone via a free app on my smartphone for some ulterior motive.

There have been many suggestions that this behaviour is going on. Presumably, the culprits are big mega-sites like Google and Facebook, keen to get a better understanding of what my daily life consists of so they can target me with marketing hits.

But what if it’s an even bigger force at work? How easy is it to produce an app, distribute it freely via any app store, and then reap whatever data you want simply by including a preposterous set of terms and conditions that nobody bothers to read? If you have ten, or twenty apps all doing the same what is happening to your data caps and where exactly is that data going to?

The disclosure that 92% of the top 500 Android apps carry security or privacy risk is worrying enough but when you load these apps you only have scant information on the source of the app, i.e. the name of the developer and company distributing it. Do Google or Apple even bother to check the credentials of these suppliers? Hardly, and why should they? If the source is a covert operation it is unlikely to admit anything.

With apps, it’s more than just a case of ‘buyer beware’. If a flashlight app has the ability, and permissions from you, to expose everything you do to an unknown source, what hope do you have of retaining any semblance of privacy or personal security? Oh, you could always dump that smartphone and go back to your old Nokia 6110, it’s probably still in a drawer somewhere.

As featured on TM Forum's The Insider

Related content

Comments
No Comments Yet! Be the first to share what you think!