People have become over-reliant on mobile devices, especially smartphones to drive their social, entertainment, and knowledge networks. Operation of these phones is made possible by use of mobile applications. A mobile application, commonly referred to as apps. It is a kind of application software intended to run on a mobile device that can be a smartphone, tablet, or PDA. Their primary aim is to give users a similar experience to that of the PCs. All apps provide limited and specific functionality such as game, web browsing, games, weather and calculators.
These apps are made to run on different operating systems such as Android, iOS, Windows phone, Symbian and the most common being Android and iOS. Users are able to download apps for free or for a fee from their respective app stores. Google Play supplies android users with apps whereas Apple’s App Store supplies iOS users with their apps (Schilit, Theimer & Welch, 1993).
Privacy threats due to unrestricted app installation
Smartphones are handheld computers, hence are prone to malware attacks. Upon downloading an app, a user may be requested before installation for permission to access certain information on the device. Some will consequently be able to access phone and email contacts, login credentials, calendar data, device’s unique IDs, financial data, call logs, internet data, personal documents and device’s location. Every decision made by the user to open security restrictions to allow the app on the phone is a potential security loophole.
It is common knowledge that when any program is allowed to run on any device, the user relishes control to it, thereby allowing it to do what it is programmed to do. Some will access data that they need to function effectively whereas others access data that is not related to the functionality of the app. Some sketchy app developers do spend much of their time in creating smartphone malware that allows them to access privacy-related user data, exploit this data which may cause damage to the device (Smulders & Vink, n.d.).
Unrestricted mobile apps can access data from other connected devices too. Advertising principles dictate that a person is more likely to click on an advertisement targeted to their specific needs. Ad networks, with the help of unrestricted apps, gather personal information including location data and information one provides while making online purchases. Therefore, they have the capability to send users targeted ads.
Mobile users have entrusted most legitimate high profile companies like shopping or banking apps have been to secure sensitive data with extreme caution, but this is not the case. Recent research shows that current encryption technology may be inadequate to secure information accessed by favorite apps. A vast number of apps contain inferior encryption technology vulnerable to attacks. Scammers are able to access data as it travels between the user and the intended target. Some companies are also at risk of exposing sensitive business information as they allow their employees to use their work related smartphones for personal use (Smulders, n.d.).
Apple’s tight oversight on installation of apps
Apple is very strict on app installation in the iOS. Their apps are restricted from accessing data from other apps thereby preventing leakage of any sensitive data. Apple’s App Store is also very strict on the apps they allow to be hosted on their site for download thus eradicating most of the sketchy app developers. Apple is also opposed to third-party app stores and subsequently expects users to stick to their app store. Accounting to its tight oversight on its apps, Apple is able to drive current updates to more devices rapidly (Sørensen, 2013).
Differences in policies between IOS and Android
Android OS offers users the opportunity for one to read the permissions just before app installation thus allowing the user to assess the risk of allowing an app to access sensitive information to enjoying its perceived functionality. However, this is not the case with iOS.
Android allows its users to install apps from third-party sources that include alternate download scheme or using USB cable to install apps from a PC. However, Apple only allows installation of apps in its OS only by sticking to the App Store. Some Android apps are able to access data from other apps and giving sensitive information to third parties without the user’s permission whereas in iOS apps are unable to access data from other apps thus restricting any leakage of sensitive data (Kelley, Consolvo, & Cranor, 2012).
Android software development and the Google Play are relatively open and unrestricted. It allows any app developer, whether of good intention or not, to publish their app for download on the store. It creates more app options thus exposing users to vulnerability of falling victim to malicious apps whereas Apple’s App Store has a strict approval process in place that discourages malicious app developers (Sørensen, 2013).
Preventive measures against potential security loopholes
As security deals with risk, there is no impermeable or perfect solution. However, as prevention is better than cure some preventive measures can be taken to prevent falling victim to malware attacks and leakage of sensitive data. Some of them are discussed below.
Before downloading an app, the user should endeavor to read app reviews from other users. One should also download those with at least three stars and are from renowned developers. Users should also meticulously examine the permissions that an app is requesting. There is no reason a gaming application should be requesting to access contact information, or location details. Shady apps should be avoided. Accessing links embedded in mass broadcast emails or messages on your phone or web browsers especially from unknown sources is a practice that should be avoided. Regularly updating your apps and OS is a good practice to do away with malware. Updates habitually contain security patches that protect the user’s information and mobile device from the most recent malware (Straub & Welke, 1998).
In the case of rooted mobile phones, there is an option of giving apps super user access. It is the highest level of access possible on the device and hence users should be careful with the apps allowed to gain such access. Downloading a good antivirus free or for a small fee is advisable as these antiviruses are able to detect malware or malicious apps whereby the eradication process begins hence protecting your information and mobile device (Tadjbakhsh & Chenoy, 2007).
Take necessary steps to secure your personal data
In conclusion, people are so over-dependent on mobile devices that they have unsurprisingly intertwined with our social and work lives. Subsequently our personal information is constantly at risk from web browsing or downloading malicious apps. Privacy is never 100 percent secured, but several basic preventive measures, as discussed above, can be taken to avoid falling victim to malware.
- Kelley, P., Consolvo, S., & Cranor, L. (2012). A conundrum of permissions: installing applications on an android smartphone. … Cryptography and Data …. Retrieved from http://link.springer.com/chapter/10.1007/978-3-642-34638-5_6.
- Schilit, B., Theimer, M., & Welch, B. (1993). Customizing mobile applications. … Mobile & Location-Indendent …. Retrieved from http://sites.google.com/site/schilit/usmlic-93-schilit.pdf.
- Smulders, T. (n.d.). applications on mobile phones. Alexandria.tue.nl. Retrieved from http://alexandria.tue.nl/extra1/afstversl/wsk-i/smulders2004.pdf.
- Smulders, T., & Vink, E. (n.d.). Security threats of executing malicious applications on mobile phones. Alexandria.tue.nl. Retrieved from http://alexandria.tue.nl/extra2/afstversl/wsk-i/smulders2004.pdf.
- Sørensen, C. (2013). Digital Platform and-Infrastructure Innovation. Mobile Strategy Challenges (In Japanese). H …. Retrieved from http://digitalinfrastructures.org/publications/Sorensen2012-Preprint.pdf.
- Straub, D., & Welke, R. (1998). Coping with systems risk: security planning models for management decision making. Mis Quarterly. Retrieved from http://www.jstor.org/stable/249551
- Tadjbakhsh, S., & Chenoy, A. (2007). Human security: Concepts and implications. Retrieved from http://books.google.com/books?hl=en&lr=&id=N9HRyP1fg3IC&oi=fnd&pg=PR5&dq=Preventive+Measures+against+Potential+Security+Loopholes&ots=vfh8v1CiT4&sig=VS7TlGBnEIkWZR4FwKuUJ73wEVs.