ITRC Fact Sheet 147
Risks of Mobile Applications
This fact sheet offers recommendations on how to make your experience with mobile applications safe and enjoyable. The following subjects will be addressed:
- Risks associated with mobile applications
- Protecting yourself from the risks of mobile applications
- Signs that your smartphone may have been compromised
- Steps to take if you become a victim
- Definitions of key terms to understand your smartphone
Many tasks you would do on a computer can now be done, while on the go, with a smartphone. However, with all of that accessibility and convenience comes a price. That price may be diminished safety and privacy. Mobile Applications help users do everything from ordering a pizza to depositing checks. The potential danger of this convenience arises when users are not aware of the risks associated with these applications and do check to ensure the applications they use do not share any information collected from the user.
There are many risks associated with the usage of mobile applications. Some of the more prominent ones are:
- Malware: Malware is software that is intended to do a malicious act. It could damage or disable computers and computer systems, but is often used nowadays to retrieve information from an infected system. A smartphone is much like a mini-computer, so it makes sense that the risk of malware to computers is present on smartphones as well. Malware can take many forms including trojans, viruses, worms and others that we define at the end of this article. This software may install things such as key logging software, spyware, botnets and other nasty things. These programs are often used to obtain personal information which can then be used for the financial gain of the criminals who have installed them, sometimes with a significant cost to the person affected.
- Metadata: Metadata is data that describes a data file. For instance, when a digital picture is taken with a digital camera or smartphone, there is information contained in the picture file that recreates the image for others to view. However, in the same image file there is also information about that image, such as where the picture was taken (GPS location), when it was taken and information on the device which took it. Criminals can use this information to track consumers.
- Application (App) Scams: There seems to be an application that will do just about any task these days. However, some of these apps are developed by criminals who are hoping users will download and install the application, which will then allow them access to the smartphone’s system. This could include user information, such as a credit card number or Social Security number, or account numbers and passwords stored on the smartphone.
- Insecure Applications (Apps): Recent studies show that even legitimate applications can allow sensitive information to be exposed to criminals looking for such information. Some of these applications include banking institutions and major retailer apps.
While it may seem like a scary world out there for those who want the convenience of mobile apps, there are ways to protect yourself. Some things you can do to protect yourself from the risks of mobile apps are:
- Install an anti-virus software program that protects against spyware and malware as well. Make sure this software is reputable and is kept current through frequent updates.
- Enroll in a backup program which also provides the capability for your phone to be remotely wiped. This will help protect the information on your phone should it become infected by malware.
- Research apps to determine if they are safe before downloading them. Look at who developed the app. For most large companies the company should be the developer themselves. If the app is new, or not well known, do a quick Google search to see if there are any reviews of the app. A Google search for “(Insert App Name) problems” may be rewarding.
- Review what information you are allowing the application access to when you accept the terms and permissions. Make sure that the amount of information you are allowing the app to have access to is only the information it will need to perform its intended function. If it requires access to lots of personal information, you will have to weigh the need for the app versus the exposure of that information to others.
- Turn geolocation and GPS off when it is not immediately needed. This can easily be done through the privacy settings on your smartphone. Droids usually have an icon to turn on or off the GPS function. This will keep your location from being broadcasted unintentionally through picture uploads, tweets, etc.
- Do not root or jailbreak your phone. This makes it much more susceptible to malware. For more information on jailbreaking and rooting see ITRC Fact Sheet 145 on Smartphone Threats.
One of the problems when a device is infected with malware (or has otherwise been compromised) is it will be difficult for the user to tell. Unless an anti-virus has been installed and alerts users to the presence of malware, there is no notification that a smartphone has been compromised. However, there are a few indications that may mean that malware is present:
- Decreased Performance: Just as your PC will slow down when infected with malware, a smartphone will do the same. Problems with slow operation and decreased functionability can mean that malware is present on a phone’s operation system.
- Random action: If it seems as though your phone has a mind of its own, it may mean it is being controlled by an outsider. If applications open on their own, the phone powers on or off by itself or items are downloaded without permission, it may mean that software allowing outside access has been installed.
- In known emails or phone calls: If a smartphone’s call log shows calls that the you never made or emails have been sent to addresses you don’t recognize, this could be a sign of a smartphone that is infected and compromised.
Protection is key to remaining safe from malware on smartphone’s.
- If you have an anti-virus installed on the phone, the detection and removal of any malware should be simple and the anti-virus software will perform the task for you.
- If you are unable to remove the malware, then a backup program with remote wiping capability will be incredibly helpful. All information should be wiped from the phone and the backup information can be downloaded to a new phone.
- If you believe that sensitive personal information has been compromised, then you should take appropriate action to protect yourself from identity theft.
- Key Logging: The use of a computer program to record every keystroke made by a computer or smartphone user. The “key-logger” will then send the information to an outside server. This is often used in order to gain fraudulent access to passwords and other confidential information.
- Spyware: Software that self-installs on a computer, enabling information to be gathered covertly about a person's Internet use, passwords, etc.
- Botnets: A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam.
- Trojan: A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system.
- Virus: A Virus is a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer; they often have methods of infecting other computers.
- Worms: A computer worm is a self-replicating malware computer program.
- Geolocation: Geolocation is the identification of the real-world geographic location of an object, such as a cell phone or an Internet-connected computer terminal. For example, a picture taken with a smartphone may record the location within the picture file. When the file is posted on a social network site, any viewer may be able to determine the location from the data saved on the picture file. This could tell someone exactly where your home is located.