How to Prevent Eavesdropping by Mobile Apps

​“This app requires permission to access your camera and microphone.”

​We’ve all seen this message pop up on our smart devices. Apps can do some pretty cool things for us with the sights and sounds they gather, but the same information can be used to invade our privacy or worse.

​Imagine someone using photo location info to track your activities, secretly recording video while you enter an ATM password, or trying to blackmail you with an audio recording of a private conversation. Unfortunately, many of us grant apps these permissions without understanding the potential privacy risks.

​In fact, Facebook recently made headlines for what many experts call unethical data mining practices. In this “breach of trust,” Facebook allowed a third-party company, Cambridge Analytica, to collect personal information from over 50 million users in a targeted, political advertising campaign. To read more about this news story and how you can change your Facebook settings and preferences, read our article, Keeping Your Privacy on Facebook.

Your app permissions don’t just allow third-party companies to gather information. The images and sounds from your smart devices could be stolen or misused in several ways. If you unwittingly download an app with embedded malware, the app itself may be built to spy on you. For example, GhostCtrl malware disguised as a legitimate app recently infected hundreds of thousands of users and transmitted their photos and videos, voice clips, passwords, and other data to cyber attackers.

​Hackers can also hijack legitimate applications to use device resources. For example, iPhone apps have the ability to silently turn on cameras at any time once initial access is granted. Any time the app is open, they can photograph or record you, upload the captured content, and run real-time facial recognition. Even if an app legitimately gathers images and recordings with your permission, it may use geotagging to share more information than you’ve authorized on social media and other sites.

​With so many privacy risks, how can you protect yourself? Here are a few simple things you can do:

• Be selective about the apps you download. Here are some tips to avoid mobile malware.
• Actively manage the privacy settings on your device and applications, especially when installing a new app or updating an existing one.
• Think through any resource request before giving permission. If a social media site is asking to access your camera, it’s probably reasonable. If your new Sudoku app wants to use the camera, not so much.
• Look at the sharing permissions for the non-mobile version of the platform, as well. Sometimes platforms such as Facebook, Fitbit, and twitter will have different permissions for their browser-based versions than they do for their mobile apps.

​When it comes to app safety and happiness, a bit of common sense can go a long way. But sometimes, you may have to do some extra research to protect your privacy and personal information. In the case of Facebook and Cambridge Analytica, companies aren’t always transparent with whom or how they share your information.