The growth of the mobile application (app) industry is on the ascendancy. Using smartphones has increased and serves as a major driver of innovations. Companies have leveraged the capability of the smartphone to lower costs at various levels. Unfortunately, certain elements in society have taken undue advantage of the growth in the mobile app industry. The interest of unscrupulous mobile app developers has led to the collection of excessive amounts of personal information for various reasons, including aggressive marketing campaigns.

Mobile apps may require access to both the capabilities of the devices they reside on and the user information contained on those devices to function. As users go about their lives, their mobile devices produce a vast trove of personal information and data, ranging from the user’s location to a history of his or her phone calls or text message interactions. This puts apps at the center of debates about privacy in the digital age.

Mobile apps operate on the principle of permissions, to protect your data from exploitation. This means that applications can access hardware and data only if they are given permission. The system maintains a list of permissions for each application installed on the device. Mobile apps permissions have improved a lot over the years. Despite that, the apps are not trustworthy. Mobile apps’ permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application’s permission requests and cancel the installation if the permissions are excessive or objectionable.

The permissions you have granted to apps you installed, give the apps control over your phone and access to your private conversations, photos, and more. Anyone concerned about their privacy and security should keep an eye out for apps that request access to some critical permissions. For example, if you allow an app access to your camera, the app will automatically have access to take pictures as well.

The following access must be carefully scrutinized and any app that seeks access must be watched carefully according to AVG (https://www.avg.com/en/signal/guide-to-android-app-permissions-how-to-use-them-smartly#topic-2)

Body Sensors

Allow access to your health data from heart-rate monitors, fitness trackers, and other external sensors. Fitness apps need this permission to monitor your heart rate while you exercise, provide health tips, etc. A malicious app could spy on your health.

Calendar

Allows apps to read, create, edit, or delete your calendar events. Calendar apps obviously need this permission to create calendar events, but so do social networking apps that allow you to add events and invitations to your calendar. A malicious app can spy on your personal routines, meeting times, etc. — and even delete them from your calendar.

Camera

Allows apps to use your camera to take photos and record videos. Camera apps need this permission so you can take pictures. A malicious app can secretly turn on your camera and record what is going on around you.

Contacts

Allows apps to read, create, or edit your contact list, and access the list of all accounts (e.g., Facebook, Instagram, Twitter, etc.) used on your device. A communication app can use this to let you text or call other people on your contact list. Likewise, a malicious app can steal the entire contents of your address book and then target your friends and family with spam, phishing scams, etc.

Location

Allows apps to access your approximate location. Navigation apps can help you get around and a malicious app can secretly track your location to build a profile on your daily habits, or even let thieves know when you’re not at home.

Microphone

Allows apps to use your microphone to record audio. A communication app can use this to allow you to send voice messages to your friends. A malicious app can secretly record what’s going on around you, including private talks with your family, conversations with your doctor, and confidential business meetings.

Phone

Allows apps to know your phone number, current cellular network information, and ongoing call status. Apps can also make and end calls, see who’s calling you, read and edit your calling logs, add voicemail, use VoIP, and even redirect calls to other numbers. A malicious app can spy on your phone habits and make calls without your consent (including paid calls).

SMS

Allows apps to read, receive, and send SMS messages. Communication apps can use this to let you message your friends. A malicious app can spy on your messages, use your phone to spam others, and even subscribe you to unwanted paid services.

Storage

Allows apps to read and write to your internal or external storage. An app can save downloaded songs to your SD card, or a social networking app can save your friends’ photos to your phone. A malicious app can secretly read, change, and delete any of your saved documents, music, photos, and other files.

 

Author: Emmanuel K. Gadasu

(Data Protection Officer, IIPGH and Data Privacy Consultant at Information Governance Solutions)

For comments, contact author  ekgadasu@gmail.com  or Mobile: +233-243913077