Halting Hackers on the Holidays 2023 Part II: The Apps You (Shouldn’t) Trust

by Gary S. Miliefsky, Publisher of Cyber Defense Magazine

Read Part I first:  Halting Hackers on the Holidays 2023 – Cyber Defense Magazine

As we count the breaches and total personally identifiable information (PII) records lost reaching the billions, you might wonder how this happens?  Many seemingly innocuous apps that people carry around with them on their mobile devices have the capability to eavesdrop on their activities.

You just had a flat tire along a dark country road. Luckily, you downloaded a flashlight app into your cellphone and now can put it to use.  But that flashlight, handy as it is, may be just one of many doors you unwittingly opened to let spies take up residence inside your phone.  Most free flashlight apps are creepware – also known as malware that spies on you and your online behavior and could pass along information to others.

For example, Goldenshores Technologies, the company behind the popular “Brightest Flashlight Free” app for Android phones, agreed to settle the Federal Trade Commission’s charges that the software secretly supplied cellphone locations to advertising networks and other third parties.  The problem doesn’t begin and end with flashlight apps, though. Many seemingly innocuous apps that people carry around with them on their mobile devices have the capability to eavesdrop on their activities.

Consumers trust first and verify never.  As a result, most of their smartphones are infected with malware that they trust in the form of some kind of useful app or game.

General Tips:

• Backup your data: Before attempting any removal, back up your important data (photos, contacts, etc.) to a secure location like a cloud storage service.
• Download and update antivirus/antimalware: Install a reputable antivirus or anti-malware app from a trusted source and keep it updated. Run a full scan to detect any suspicious software.
• Check app permissions: Review the permissions granted to your installed apps. If any app has access to sensitive data like your location, contacts, or messages without a legitimate reason, uninstall it immediately.
• Factory reset (as a last resort): If other methods fail and you’re confident your data is backed up, consider a factory reset. This will erase everything from your phone, including creepware, but also your personal data.

Smartphone apps like TikTok can be risky for a number of reasons, depending on your perspective and the specific concerns you have. Here are some of the main areas of concern:

Data Privacy and Security:

• Data collection: Many apps, including TikTok, collect a large amount of user data, including your location, contacts, browsing habits, and even keystrokes. This data can be used for targeted advertising, sold to third parties, or even accessed by governments.
• Security vulnerabilities: Apps can contain vulnerabilities that hackers can exploit to access your personal information or install malware on your device.
• Data breaches: Apps can be vulnerable to data breaches, where hackers gain access to large amounts of user data.
• Transparency and control: Many apps have unclear privacy policies and make it difficult for users to control their data.

Content and Moderation:

• Misinformation and harmful content: Apps like TikTok can be used to spread misinformation, hate speech, and other harmful content.
• Addiction and mental health: Some apps, particularly those with highly personalized algorithms and constant notifications, can be addictive and have negative impacts on user mental health, especially for young people.
• Moderation practices: App moderators may not be able to keep up with the volume of content being posted, which can lead to harmful content being allowed to spread.

Other Concerns:

• Battery drain: Many apps can drain your phone’s battery quickly.
• Cost: Some apps have in-app purchases or subscriptions that can be expensive.
• Screen time: Apps can be addictive and lead to spending excessive amounts of time on your phone.

It’s important to note that the level of risk associated with any particular app depends on a variety of factors, such as the app’s developers, its privacy practices, and how you use it. Some apps are more secure and have better privacy practices than others. It’s important to do your research and choose apps that you trust.

Here are my best tips for ousting those spies inside the phone:

• First, assume you’ve already been compromised. It’s nice to think all is probably well, but most likely it’s not. Somewhere in the phone, the spies are at work, and it’s time to take the privacy policies of these apps more seriously.
• Verify the behavior and privacy risks for apps before installing them. Do some research and ask the question: “Why does this app need GPS, microphone, webcam, contacts, etc.?” Most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky apps.
• Do a smartphone version of spring cleaning. Delete all the apps you don’t use that often. Replace the apps that take advantage of too many of your privacy settings, such as GPS, phone and text message logs, with similar apps that don’t.
• Turn off WiFi, Bluetooth, Near Field Communication and GPS except when you need them. That way, if you are at a local coffee shop or in a shopping mall, no one can spy using a nearby (proximity) hacking attack. They also can’t track where you were and where you are going on GPS.
• Check to see if your email has put a tracer on you and your phone. If you use a Google email account and have an Android phone, you’d be surprised that even with your GPS off, it’s tracking your every move. You need to go into the phone’s settings to turn off that tracking feature. In your Android phone, go to “settings,” then “location.” Select “Google location reporting” and set “location history” to off.  Do the same for your iPhone and disable location services for most or all apps until you are certain they need this information, and you really trust the app.

Here are some resources that can help you make informed decisions about the apps you use:

• Electronic Frontier Foundation: https://www.eff.org/
• Privacy International: https://privacyinternational.org/
• Center for Digital Democracy: https://democraticmedia.org/

Ultimately, the decision of whether or not to use a particular app is up to you. However, it’s important to be aware of the potential risks and take steps to protect your privacy and safety.

About the Publisher

Gary Miliefsky, Publisher & Author. Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author and keynote speaker. He is a Founding Member of the US Department of Homeland Security, served on the National Information Security Group and served on the OVAL advisory board of MITRE responsible for the CVE Program. He founded and is the Publisher of Cyber Defense Magazine since 2012. Visit Gary online at: https://www.cyberdefensemagazine.com/