Installing apps on a smartphone might seem like the most ordinary thing in the world. After all, we all have hundreds of them on our mobile devices. You just open an app store, find the app you like, tap the big Install button, and you’re ready to enjoy all the benefits of your latest download.
We’re also a bit too eager to skip any “Terms & Conditions” screens and give our apps all the permissions in the world. After all, what harm could a simple weather app do? So, what if it asks to access the phone’s GPS data, camera, and local storage? It’ll be fine.
Well, that’s where the problem lies: it very may well not be fine. Over time, apps have become far too intrusive. What used to be a simple button on your home screen for turning the flashlight on and off is now an app that comes packaged with annoying ads. These apps still serve their primary purpose; however, due to reliance on advertising for their creators to earn money, it has become lucrative to stuff all sorts of trackers inside them.
Today, we’ll be looking at some of the worst offenders, talking about how to figure out if any particular app is harmful to your privacy, and also checking out a few apps that are good for cybersecurity.
Impact of Apps on Cybersecurity
Tracking and Permissions
User tracking is a growing concern. Nowadays, apps can harvest data even when they’re not running, as they still have a small process sitting in the phone’s memory responsible for tracking the user’s behavior. Again, ad serving is why problematic apps are built the way they are. If the app creators can serve targeted ads to their users, thus creating better chances for conversion, they’re making more money from each download.
Even though it’s not actually true that Google and Facebook “listen to your calls” and then figure out which ad to serve you, they do rely on GPS data and some additional trickery to figure out which products you’d most likely be interested in. That’s why it’s a smart move to check which permissions the app you’re going to download needs. If you believe it goes overboard in any way, chances are you’re better off without it.
Apps Going Rogue
Some apps aren’t made to sniff around users’ phones, yet they somehow end up doing precisely that. Usually made by a small developer on a shoestring budget, these are mostly security apps that supposedly only have a simple purpose, such as blocking ads on a video platform. But, at one point, the app might start harvesting user data, making strange snapshots, or worse – serving malware.
What usually happens is that due to the development studio being so small (usually just a single person), the app just doesn’t get updated as frequently as it should be. Hackers are constantly finding new exploits in mobile software, especially in apps that haven’t received security updates in ages. This leads to hijacking campaigns where hackers can take control of these apps to cause damage to their user bases. Hacking and hijacking isn’t the only way an app could suddenly change its purpose to something more nefarious. A wealthy enough company may outright purchase the app and then turn it into a vessel for identity theft through a phone. It has happened to more than a few browser extensions.
Fake Apps
There are also a number of apps that are harmful by design. Every once in a while, Google and Apple publishes lists of apps they have banned from their respective storefronts. Apps that were part of scam campaigns or were delivering some form of malware onto the users’ devices, card swipers, etc. In late 2021, Google banned 151 of these apps from the Play Store.
The worst part is that these applications sometimes amass millions of downloads. They look like legitimate and handy tools, like QR scanners or photo editors, making them appeal to a large user demographic. Most of them try to sign their victims up to some expensive subscription-based service, from which the bad actors behind the scam will get a commission.
The biggest telltale signs of fake apps are the developer’s profile, user reviews, and privacy policies. A fake app developer uses a fresh profile with barebones information, and the privacy policy section is written in a generic tone, so a quick search would lead you to a template they used. As for reviews, users tend to voice their dissatisfaction, so if you notice an avalanche of angry users and dozens of 1-star reviews, it’s highly likely that the app is broken, fake, or both.
Best Apps for Improving Cybersecurity
Now that we’ve seen how apps can harm our privacy and security, let’s talk about the other side of the coin – the apps you should use if cybersecurity is your primary concern. These apps protect the user data in various ways, encrypting all the data that goes through it and keeping your phone in top shape. We’ll offer some general advice in this section and point you towards some specific, top-tier apps you should install.
Ad Blockers
We’ve talked about how mobile apps tend to siphon personal information, so the developers can sell it to advertisers. Ads on websites tend to follow a similar route. That’s why getting an ad blocker for your mobile browser is a good start for stronger data protection. It will also improve your browsing experience as you won’t be seeing all those pesky ads all over the articles you want to read. Most of these apps are free, with optional paid upgrades, but again – check the required permissions before downloading anything.
VPN Apps
A virtual private network, or VPN for short, represents an extra layer to your online security. These apps act as a tunnel for your internet traffic, masking your actual IP address and encrypting all the data that passes through while the VPN connection is active. On top of that, by mimicking connection from another location, you’ll get to access region-locked content on various other apps and platforms, so a VPN is a good thing to have if your country is restricting access to certain services.
An Antivirus
Just like your PC and laptop, your smartphone can get infected with malware, too. You’ll need an antivirus to keep the intruders away and, in case of infection, clean up your phone’s storage. Popular choices are Malwarebytes, Kaspersky, and Bitdefender. If you’re already using a desktop antivirus, check your plan, as you usually get a mobile license in addition to the main product. If you’re using Bitcoin on your phone through a wallet app, an antivirus is a must. Most good ones aren’t free, but even basic protection is better than nothing.
WhatsApp, Telegram, and Signal
The mobile market doesn’t lack variety when it comes to messaging apps. Nobody texts anymore, especially when they can send pictures and videos through various messengers, create group chats, call each other, and more – all for free. The rise of mobile messaging apps has led to increased concerns about data protection. Users were rightfully worried if a third-party could intercept their messages. That’s why the best messengers use end-to-end encryption, which strengthens the network’s security and allows only your recipient to read the contents of your message. WhatsApp has been at the forefront of cybersecurity among the messengers, with Viber, Signal, and Telegram following the lead. Pick any of these depending on which one your friends and relatives use.
Password Managers
Keeping all your passwords and logins saved inside a web browser isn’t safe. It’s even worse is if you write them all down on a piece of paper or in a notes app. Instead, get a password manager (LastPass is a popular choice). These apps protect all your logins with strong encryption and, at the same time, help you log in quicker by automatically filling out forms on websites and services. Don’t lose the password for your password manager, though!
Apps You Need to Avoid
While there are hundreds, even thousands of very useful apps, both Google Play and Apple App Store also host some apps that could be problematic. Apps that you want to avoid having on your business smartphone, or in general if you’re concerned about the security of your device. Here are some common apps that proved to be bad for cybersecurity.
Facebook and Facebook Messenger
Meta, formerly Facebook, is a company that’s no stranger to controversies. From data leakage to outright selling user information to third parties, Facebook and its messenger app should not find their way to your phone if you’re worried about online privacy. Be especially careful with the Facebook app since it’s a known “sniffer” of cookies and search queries.
Phone Cleaner Apps
Not too long ago, smartphones had trouble managing their memory. When phones didn’t come with 4+ GB of RAM, every megabyte of internal memory was important. Phone cleaners became a short-term solution, but with them came a lot of problems – intrusive permissions, access to OS-level files, and tons and tons of ads for questionable services. Your phone can handle itself just fine now, and you don’t need an external app to keep clearing the cache.
Generic Antivirus and VPN Apps
This one should go without saying, but under no circumstances should you download security software from completely unknown developers. It’s a huge gamble, and those apps could easily turn out to be trojan horses for malware delivery, or worse – they could let hackers take full control of your device.
Angry Birds
The original Angry Birds was quite a revolutionary game. It was one of the first huge hits in the mobile gaming world and attracted millions of players. Unfortunately, the NSA managed to hack into it and harvest user data at one point. The sequels got rid of the vulnerability, but the damage was already done.
Talking Animal Apps
If you have children, you might’ve been tempted to download one of the apps where they can play with and talk to a virtual animal. My Talking Tom and similar apps record all audio so the virtual cat can talk back, but underneath that cute exterior, they’re actually sending all voice data to the advertisers.
the Bottom Line
App stores have, unfortunately, become a minefield of malware apps. Still, if you take this advice and double-check everything you download, your phone and your data will be much safer. Remember to check user reviews on app stores and don’t give apps permissions just because they ask for them: only do so if it’s a proven app that really needs the permission it asks for to function properly.
Ivana Vojinovic
Tags: antivirus, Applications, AppSec, Cybersecurity, Mobile Devices, Mobile Security, Security, VPN
