IBM has always been a company in a state of constant renewal and reinvention. Through economic upheavals and natural disasters, tech bubbles and recessions, it continues to engage clients, governments, local communities and universities to improve how the world works. Differentiated by values, strengthened by collaboration and experienced through the IBMer, today their solutions in Cloud, Big Data, Analytics, Mobility, Predictive Intelligence and others are making the world smarter. Through its Blog posts, IBMers will explore some essential areas of business and life that are deeply interlinked with technology and would like to invite all to share experiences and comments as it continues on this journey of discovery and innovation.
In a recent discussion with some university students, I found out that there was a run among them to collect free cash coupons. Those who collected more became the envy of others. Why wouldn’t it be? Getting something free is always welcome! In fact, it required very little effort: Just pick up the smartphone, instal the app, or invite a friend to instal the mobile app.
I was curious, why would an app throw away money without getting anything in return? My inquisitiveness compelled me to pick a device from one of the students and explore the permissions granted to this app. The display showed some unpleasant results. The mobile app had permissions to read media, access camera, make phone calls, read text messages, read contacts in the address book and what not!
I enquired with all other students if they were aware that they had sold their privacy for a Rs 100 pizza voucher. One student replied, “I clicked ‘Next’, ‘Next’ to instal the app, similar to what I do on my Windows desktop. I never bothered, nor had the time, to read what I am permitting this app to access on my device.”
But the story does not end here, one young chap could not stop himself from saying, “Even if they access all my information, what am I going to lose? I am a student and I do not have financial assets!” I asked him, “Would you remain a student for life? Are you not expecting a large bank balance a few years from now?”
So, here the question arises, what if some malicious apps make use of the information collected today and gain access to one’s finances tomorrow and exploit him or her in every possible way? Because generally, the basic personal details of any person remain the same over time and these are the details which usually get verified by websites or help desk persons of financial institutions, when you request them to change your email ID or password. Mobile apps have become easy pathways to collect a wealth of data containing personal details and behaviour.
Another similar instance was with my childhood friend who is working with the Indian Railways. I wanted to re-confirm the timing of a special train which was not listed in the railway portal. Assuming this friend of mine can be the best source to give me authentic information, I called him up and asked if he could help me with this. He readily responded with the details, but also asked me to instal the mobile app that he was using. I told him about another mobile app which I had already installed. However, he insisted I instal the app as he found it to be quite handy. I became eager to give it a try, but what I found again was, this app required privileges to read my SMS, media files, location, address book and what not! I asked him, why would a railway enquiry app need permission to read my contacts? He did not have the answer and realised that he was not aware of the permissions he granted to this mobile app until now! He was surprised to know that he had given access to his family photos and videos to an unknown entity. Moreover, he realised why after installing this app on his device, his friends started getting spam advertisements; the reason was simple—the app had read all the contacts on his device. I told him to instal the app that I was using, which has similar features, but requires only network access permission on the device. He thanked me for the suggestion.
While all mobile apps do not have an intention to invade one’s privacy, there are many intrusive apps in the market. And, giving unintended access to your personal data may give them an opportunity to spy on what you do, where you go and who you interact with. However, there are many good sets of mobile apps which need access to your personal data to improve and personalise your experience with their app.
The way we do not stop going out of our house because of the fear of thieves, and rather we lock our house to keep it safe, similarly, we cannot insulate ourselves away from the mobile revolution, but we can remain vigilant and apply right protection to ensure our mobile experience remains pleasant.
Here are a few tips you must exercise to remain a safe mobile user:
Your awareness of privacy will safeguard you from an unpleasant digital experience!
- By Mahendra K Chopra, Senior Security Architect, Security Innovations