Cyber Centre: Smartphone Apps Compromise Personal Data Security and Privacy

Cyber Centre: Smartphone Apps Compromise Personal Data Security and Privacy
The icons of mobile apps are seen on the screen of a smart phone in New Delhi, India, on May 26, 2021. Sajjad Hussain/AFP via Getty Images
Amanda Brown
Updated:
0:00

In a recent warning, the Canadian Centre for Cyber Security highlighted the significant risks associated with the increasing dependence on mobile apps, including data collection and vulnerabilities, which threaten privacy and security.

The Cyber Centre emphasized that while apps like Instagram and Snapchat offer convenience and entertainment, users can become complacent, with potentially serious consequences.

In a world where personal information has become a valuable commodity, the Cyber Centre says there are ways to mitigate the risks associated with data privacy in the digital age.

In its article published in August, “Protecting Your Information and Data When Using Applications,” the centre explains that an application program, generally known as an app, is a software program downloaded to a device “to enable you to be connected, productive, creative, and entertained.”

Apps, such as those for Facebook, Google Drive, and TikTok, serve both individuals and organizations for purposes like social networking, marketing, and recruitment, according to the centre.

The Cyber Centre says the ubiquity of apps and their accessibility makes them easy to download without prior thought or due diligence.

“Given that apps are widely available and often offer free trials, it can be easy to download them without considering the security risks, like what information is being collected, stored, and shared,” the Cyber Centre said.

The centre says its guidance aims to help users minimize the amount of personally identifiable information (PII) or privacy data they expose to those who would collect it.

PII data can include a user’s identity details, such as name, biometric records, social insurance number, home address, and medical, financial, education, and employment information. The centre said it’s important to note that some apps, such as location-based apps, don’t necessarily share data, but do have data-sharing features that can collect PII.

Risks associated with apps that share data, according to the centre, include the hidden collection of data pertaining to a user’s movements, behaviours, and preferences, even if such settings are off.

“This is a huge concern as aggregate data can reveal patterns or behaviours about individuals and organizations, or state secrets from government institutions,” the centre said.

Other risks include user data that is sent to offshore servers, the sharing of unencrypted PII that renders it vulnerable to eavesdropping and tampering, the sale of data to third parties, and the re-identification of an individual after anonymization.

The centre also explained that metadata—embedded information that describes the content and context of data—can be extracted by device cookies and shared without user knowledge.

It’s crucial for businesses and individuals to be aware of the privacy settings for the apps users install, the centre says. It offered organizations several tips on how to protect proprietary data. Advice included disabling app access to device tools such as the camera, if possible, blocking unapproved apps on corporate devices, applying security patches and updates, conducting privacy setting audits, and instructing users on how to identify phishing attacks.

Individuals, it said, can consider whether app functionality needs access, for example, to data pertaining to one’s camera, storage, location, and microphone. Users can refrain from using social media to log into apps, deny location permissions, use complex passwords, and hide location. The centre also suggests users encrypt data streams using a virtual private network (VPN).

The Cyber Centre suggested users only use apps from trusted sources and check out reviews of an app’s developer or vendor to assess their security practices.

“Take time to understand the platform’s privacy, data collection, and data use policies. Also, understand the vendor’s terms and conditions and permissions requirements,” the centre said.