Have you downloaded an app without thinking about the developers, country of origin, or how the app developers may capture and use your data? Unfortunately, just about every American with a smartphone has. Don’t feel too bad; we have apps for nearly everything, and many of us require them to complete our job.
While Apple and Google can tout a closed app store, numerous examples of apps with malicious intent or poor design resulted in customer information leaking or being available to cybercriminals. Understanding the inherent risk in using apps is a first step in securing your data and devices, but taking the next step is up to you. For starters, think before you install the latest “fad” app like FaceApp or viral dancing routine sensation TikTok (the most downloaded app in the US last year). While these apps skyrocket in popularity, many questions remain unanswered about the origins or motives behind the apps. TikTok has faced questions about user security, data usage due to the Chinese Communist Party’s ownership stake in ByteDance, the Beijing-based company that owns TikTok. TikTok isn’t the only app that shares these fatal flaws. Faceapp, a popular video app, is owned by a communist, US adversary, Russia.
FaceApp, which skyrocketed to popularity in 2017 with the “aging challenge,” includes a shocking caveat to use the app—the company holds “perpetual, irrevocable” rights over its users’ app-generated photos. So by clicking “I agree,” you’ve just said the app developers (and by proxy, the Russian government) have permission to store, use and potentially distribute your images permanently. I’m guessing most tweens taking selfies hadn’t read the fine print, but they might wish they had. In addition to owning your data, the threat of facial recognition and the potential future applications could be seriously damaging.
So what can we do to stay safe when it comes to mobile apps? The most straightforward answer is a classic security principle, the principle of least privilege. In short, give the minimum amount of access to resources to the smallest required group of users. Downloading few apps and granting them the minimum amount of access to your mobile device is the best way to keep your personal information and data safe. In addition, always consider the app developer and country of origin. Don’t take the risk if you can’t find a reputable website or app reviews from major trustworthy series. If the app was developed in a country that is an adversary of the US, don’t download it. Take these simple steps to increase security and reduce risk today:
- Grant access to the smallest group possible
- Grant access as it is requested, not in anticipation of a request
- Keep access control lists up to date and audited regularly
- Separate work devices from personal devices whenever possible
- Install only required software on mobile business devices
- Consider the source and producer of all applications
NC State Industry Expansion solutions provides free Cybersecurity Awareness and Education online courses to help you keep your mobile devices secure.
Brian Vigna is an instructional designer in the professional learning and instructional design unit for NC State Industry Expansion Solutions. Brian has worked as an adult educator, trainer and instructional designer for more than eight years. Brian has taught a variety of certification and professional development courses at the collegiate level as well as in collaboration with the United States government. Brian is currently certified in CISSP, CompTIA Security+, CompTIA A+, CompTIA Network+, CompTIA Cloud Essentials. He is a Microsoft Certified Professional, AWS Solutions Architect and an AWS Cloud Practitioner. Brian is also currently pursuing a M.S. in education from NC State University.