Are you willing to trade your privacy for a pizza coupon?

Ensure you download mobile app from reputed market place e.g. Android apps from Google play store and iOS apps from Apple app store

Image: Shutterstock

In a recent discussion with some university students, I found out that there was a run among them to collect free cash coupons. Those who collected more became the envy of others. Why wouldn’t it be? Getting something free is always welcome! In fact, it required very little effort: Just pick up the smartphone, instal the app, or invite a friend to instal the mobile app.

I was curious, why would an app throw away money without getting anything in return? My inquisitiveness compelled me to pick a device from one of the students and explore the permissions granted to this app. The display showed some unpleasant results. The mobile app had permissions to read media, access camera, make phone calls, read text messages, read contacts in the address book and what not!

I enquired with all other students if they were aware that they had sold their privacy for a Rs 100 pizza voucher. One student replied, “I clicked ‘Next’, ‘Next’ to instal the app, similar to what I do on my Windows desktop. I never bothered, nor had the time, to read what I am permitting this app to access on my device.”

But the story does not end here, one young chap could not stop himself from saying, “Even if they access all my information, what am I going to lose? I am a student and I do not have financial assets!” I asked him, “Would you remain a student for life? Are you not expecting a large bank balance a few years from now?”

So, here the question arises, what if some malicious apps make use of the information collected today and gain access to one’s finances tomorrow and exploit him or her in every possible way? Because generally, the basic personal details of any person remain the same over time and these are the details which usually get verified by websites or help desk persons of financial institutions, when you request them to change your email ID or password. Mobile apps have become easy pathways to collect a wealth of data containing personal details and behaviour.

Another similar instance was with my childhood friend who is working with the Indian Railways. I wanted to re-confirm the timing of a special train which was not listed in the railway portal. Assuming this friend of mine can be the best source to give me authentic information, I called him up and asked if he could help me with this. He readily responded with the details, but also asked me to instal the mobile app that he was using. I told him about another mobile app which I had already installed. However, he insisted I instal the app as he found it to be quite handy. I became eager to give it a try, but what I found again was, this app required privileges to read my SMS, media files, location, address book and what not! I asked him, why would a railway enquiry app need permission to read my contacts? He did not have the answer and realised that he was not aware of the permissions he granted to this mobile app until now! He was surprised to know that he had given access to his family photos and videos to an unknown entity. Moreover, he realised why after installing this app on his device, his friends started getting spam advertisements; the reason was simple—the app had read all the contacts on his device. I told him to instal the app that I was using, which has similar features, but requires only network access permission on the device. He thanked me for the suggestion.

While all mobile apps do not have an intention to invade one’s privacy, there are many intrusive apps in the market. And, giving unintended access to your personal data may give them an opportunity to spy on what you do, where you go and who you interact with. However, there are many good sets of mobile apps which need access to your personal data to improve and personalise your experience with their app.

The way we do not stop going out of our house because of the fear of thieves, and rather we lock our house to keep it safe, similarly, we cannot insulate ourselves away from the mobile revolution, but we can remain vigilant and apply right protection to ensure our mobile experience remains pleasant.

Here are a few tips you must exercise to remain a safe mobile user:

• Ensure you download mobile apps from reputed market places e.g. Android apps from Google Play Store, iOS apps from the Apple App Store and Windows apps from the Windows Store.
• Do read the permission you grant on your device while installing an app. Try to avoid apps that require unnecessary permissions
• Look for an app available with similar values but less device permissions
• You should remove the app from your mobile device if you do not intend to use it any more
• Switch-off the unnecessary app permission wherever possible (It is not possible on Android, though)
• It is common for mobile apps to use social login (e.g. Google, Yahoo, Facebook etc.) and request your permission to access personal details post successful login. Ensure you authorise well-known apps and remove these access when the app is not in use.
• If it is not a popular app then observe the app behaviour for data moving out of your device unnoticed.
• If you are using your device for your company work then you must instal corporate Mobile Device Management (MDM) solution so that you can remotely wipe the data in case of a loss of device or lock out.

Your awareness of privacy will safeguard you from an unpleasant digital experience!

- By Mahendra K Chopra, Senior Security Architect, Security Innovations

The thoughts and opinions shared here are of the author.