Our smartphones make us very powerful. With apps, we’re able to book taxis, order groceries, track flights, find love, confirm the species of forest plants… you get the point. But how do we avoid downloading dangerous mobile apps?
In Q1, 2019, Google Play Store (the main marketplace for Android users) recorded around 2.7 million available mobile apps according to Statista. In the same period, the number of iOS apps in the rival Apple App Store came in slightly lower at 2.2 million.
Global app downloads exceeded 194 billion in 2018 according to mobile market intelligence firm, App Annie. The same report suggests that smartphone users in the UK have on average 100 apps downloaded on their devices, eventually using only around 35% of them.
We run our digital lives via mobile apps. Without those apps, our smartphones are reduced to their basic functions of making calls and text messaging… but who bothers with those anymore?
Why should you be worried when downloading apps?
The major app stores such as Google Play and Apple are built on the model of curating apps to ensure that they meet quality, security, appropriate content and other standards set by the tech companies behind them.
This means that all the apps we download should be safe right?
No. This is not always true! Despite best efforts from the tech companies, insecure apps do slip through their safety nets.
We want to use mobile apps and we want to use them now! Privacy and security are secondary thoughts for many people. For example, people desperate to catch up on the latest TV series are lured to download streaming and other apps from marketplaces which lack any significant app safety standards.
Mobile app developers and attackers will exploit this sense of urgency.
Stay vigilant when downloading mobile apps
When you last downloaded and installed a mobile app, do you recall reading every single word in the lengthy terms and conditions you had to agree to? Probably not.
Did you say ‘Yes’ or ‘No’ to the app’s request to grant permissions to your location, camera, contacts, microphone? Possibly yes.
Did you select to use the social media login option and accept to receive push notifications? You probably don’t remember, do you?
Do you ignore warnings from your device about downloading potentially harmful apps?
These are examples of the security and privacy questions most consumers fail to acknowledge. Paying a little more attention to the apps you download could significantly reduce the risk of your personal data becoming compromised.
Beware of insecure mobile apps
Mobile app developers focus mostly on getting an app into app stores and out to users as quickly and as cheaply as possible. Security tends to fall by the wayside most of the time.
For example, poorly developed mobile apps can leak sensitive data from your device if the app developers don’t enforce secure storage controls. Your sensitive data could be exposed to other apps or malware and used for malicious purposes.
Then there are apps that are specifically designed with malicious intent. These include apps designed to steal your personal or financial information, commit SMS fraud or use up your data allowance.
Click fraud is a big problem!
One prevalent problem is digital advertising fraud aka ‘click fraud’. Apps infected with adware (advertising malware) can load and mimic clicks on ads running in the background while you use seemingly ‘legitimate’ mobile apps. The result? Your mobile data is used up and the fraudsters get paid for fake ad clicks.
The major app stores are not immune to this problem either. In 2017, Google blogged about blocking over 700,000 potentially harmful Android apps from being made available to users via its Google Play app store. Many of these problematic apps were embedded with click fraud code.
How can you protect yourself from dangerous mobile apps?
Here are five steps to get you started:
#1. Avoid the temptation to ‘brick’ your phone. ‘Bricking’ is a way to gain greater control over your device. It is possible to install code that bypasses your devices in-built security functions. While this is a great way to expand the capabilities of your mobile device, you risk opening up your device to malicious apps designed to exploit vulnerabilities and gain elevated access to core mobile operating system functionality.
#2: Avoid downloading apps from unknown app stores. By downloading apps – e.g., movie/TV streaming, gaming and music – from app stores that have no transparent security or privacy policies, you have a higher chance being exposed to apps specifically engineered to do harmful things on your device and steal your data.
When downloading apps from known app stores such as Google or Apple, always read reviews and check download counts. Also, read the app description and product features. Check the app info section for the app version and last update. If the developers haven’t updated the app in a while, that’s usually a sign that they might no longer be on top of fixing security issues.
#3: Regularly scan your device for harmful apps. If you’re using an Andriod phone, you should have Google Play Protect enabled on your phone. Go to your Google Play Store > Menu > Play Protect. Ensure that the functionality to scan apps is showing recent activity.
Also, click on the gear icon and ensure ‘Scan device for security threats’ and ‘Improve harmful app detection’ are turned on. It is also worth exploring mobile malware scanning tools. We will cover recommendations in a subsequent article.
#4: Avoid giving apps too many permissions. While it can be tempting to rush through the app installation process and say ‘Yes’ or ‘Agree’ to everything, do you really need to give apps access to your GPS location, camera, texts and calls? Challenge yourself to only grant apps the permissions they need. If apps don’t allow you to opt-out of intrusive permissions, you might want to think twice before installing them.
Are you concerned about the apps you’ve already downloaded? Free apps like AppBrain Ad Detector can help you spot apps with privacy concerns including apps which can access your email accounts, contacts and browsing history.
#5: Don’t ignore the latest system updates from your device manufacturer. Stop procrastinating. You’ll be doing yourself a favour by installing the scheduled update from your device manufacturer. It will only take a moment. This will fix many system software issues on your phone as well as security bugs that could be exploited by insecure apps.