Few are aware, but the mere fact of installing an application on our mobile can put our privacy at risk. The key lies in the ‘permissions’ that these applications request and that most of the time we grant without stopping to think if they are really necessary.
What are the most common permissions? The storage unit, the calendar, the camera, the contact book, the microphone, the received messages, the phone application and our location. These allow any app designed for this to read our messages, access call history, take photos, listen to what we say, know where we are (and where we are going), obtain the phone number of any of our contacts and consult the documents that we have saved.
Request for excessive permissions
Manuel Carpio, cybersecurity tutor at IMF Smart Education, explains why some apps ask for permissions that have no relation to their functions: “It’s usually so that the company behind the app can collect as much of your data as possible and sell it to third parties. third parties, such as advertisers and data aggregators.
The latter applies even to the most popular applications (such as social networks), which does not have to indicate anything illegal. In fact, most of them openly indicate it in their terms and conditions, that is, the paragraph that we usually accept without reading after registering in the app in question.
A different matter are those applications developed by cybercriminals for their purposes, often camouflaged as simple calculators or games, Carpio explains: “Cybercriminals try to monetize their criminal activities with their malicious apps in various ways: by defrauding our accounts through the use of services premium, collecting personal data and reselling it or sending us advertising. To this end, they can either make an ‘ad-hoc’ application that simulates a legitimate application, but has hidden functionalities, or they can make an application that exploits vulnerabilities in the configuration of legitimate applications or the device’s operating system.
In this last regard, the security firm SecneurX warned a few weeks ago of up to 34 apps designed to steal data and even send WhatsApp messages on our behalf. They were present in the Google application store (Play Store) and had more than 10,000 downloads around the globe.
How to detect malicious apps
Is there a foolproof formula to identify these malicious applications? That’s how it is. “Cybercriminals and scammers count on their victims being too busy to notice certain details,” explains the expert, “such as the app icon or the name of the developer.”
It therefore invites us to ask ourselves the following questions every time we are considering downloading an application:
• What is the name of the developer? «The name usually says it all. Why would WhatsApp have an application developed by someone other than ‘WhatsApp LLC’?
• Do the reviews and ratings seem suspicious? «Always check the reviews. 5 star reviews and 1 star reviews. Generally, the more reviews, the more legit the app is. If there are hundreds of reviews, you know the app has stood the test of time. If there are only a few and they shine brightly, there is a good chance that they are fake reviews written by the criminal developer.”
• How many downloads does it have? «Compare the number of downloads of apps that look similar. Fraudulent or malicious applications usually have few, compared to legitimate ones.
• Is your description suspicious? “Some malicious apps ask for a five-star rating in order to activate, or promise to triple your battery performance, which is a red flag in itself. Other times they offer to participate in contests, or promise gifts.
Keeping permissions in check
If unfortunately we end up installing one of these apps, there are signs that they are using the aforementioned permissions illegally. The most obvious are that the smartphone works slower than usual for no apparent reason, that it tries to connect to sites that we have not requested or that it displays an excess of pop-up windows (so-called ‘pop-ups’) with advertising. In these cases it is unavoidable to use some antivirus to detect and remove ‘malware’.
The best thing, however, is to get ahead of cybercriminals by learning how to revoke permissions. “Give your apps permission only to what they need to access on your device to provide the functionality declared by their developers. For example, it’s natural that your weather app or navigation app needs to access your location to function properly. However, there is no reason you need access to your camera or your contacts,” recommends Carpio.
To delete permissions on an Android device we must go to ‘Settings’ > ‘Applications’, where we will click on the app in question and then on ‘Permissions’. A list will appear from which to allow or disallow each option.
We can also access the ‘Permissions’ menu from any application by tapping and holding its icon on the phone screen, explains Carpio: “Tap the ‘Information’ icon in the upper right corner of the window that appears to access the information menu of the application and press ‘Permissions’. The ‘Remove Permissions’ function is recommended if we have not used an app in the last three months.
If, on the other hand, we have an iPhone, opening the ‘Settings’ application and clicking on ‘Privacy and security’ we will find sections with all the available permissions. By clicking on each one we will obtain a list of the applications that use them, and we can mark or unmark them.