7 security tips to stop apps from stealing your data

By February 14, 2019News

We asked data privacy experts how to protect your personal information when downloading and using apps on your phone.

We regularly see news about ways our personal information has been compromised after a data breach — and apps can be part of the problem. Apps have been unmasked as malware, used to commit click fraud or to sell your data to third parties in recent years.

You might feel nervous every time you download a new app. How can you trust that it won’t steal your data? Unfortunately, there’s no way to tell at face value if an app has darker motives and no protection is foolproof in today’s world of ever-evolving technology. An app that behaves well today could turn into a bad actor tomorrow if the company behind the app is sold or changes its direction.

We reached out to data privacy experts for their top tips to protect your personal data when using apps. Here are their seven suggestions.

1. Use a password manager

Yes it’s a cliche, but having a strong password is the first step to keeping your personal data safe. “Password” and “123456” took the top two spots on SpashData’s Top 100 worst passwords for 2018.

You might think you’re being clever by replacing letters with numbers or symbols, but it does little to make the password stronger. In actuality, a password’s strength is measured based on its ability to withstand a brute force attack, a systematic onslaught of guesses by a hacker.

The strongest passwords are random strings of characters. A series of letters, numbers and symbols in no particular order is less likely to be found in the dictionary and harder for a computer to crack with brute force. The downside is that these complex passwords are much harder to remember.

This is where a password manager app comes in handy. Password managers keep all your passwords in one encrypted and password-protected app. They also generate and remember strong passwords.

It’s also best to avoid using the same password for multiple accounts. If one account is compromised in a data breach, all the accounts are compromised. With a password manager, each one of your accounts can have a different, complex and hard-to-crack password.

Joe Baker, an IT Systems Administrator at Anderson Technologies recommends LastPass (download for iOS or Android).

2. Use a VPN on public Wi-Fi

Using a virtual private network (VPN), especially when you’re on public wi-fi, is an important part of keeping your data safe.

VPNs can keep your data from being snooped on by other people lurking on the same public network. They can also mask your data transmissions, avoid filtering and censorship on the internet and allow you to access a wider variety of content around the world.

When looking for a provider, it’s important to research the company to find out if it’s well-known and trustworthy. The Apple App Store and the Google Play Store have dozens of VPN apps that are free but have questionable practices.

Regardless of how frequently you plan to use a VPN, it’s important to read through the service agreement so you know what data might be collected and where it will be stored. See CNET’s guide to the best VPNs.

3. Be mindful of app permissions

One tip that almost all of the experts mentioned was double checking which permissions the app asks for.

“If you grant an app permission to access your contacts list, GPS data, pictures — or anything else — you must assume it is using that data,” Ray Walsh, a digital privacy expert at BestVPN.com told CNET. “Always check all permissions during installation and revoke as many permissions as possible in your device settings.”

You should also ask yourself whether it makes sense for an app to be asking for certain permissions. Stephen Hart, CEO of Cardswitcher told CNET that if an app asks for access to data that isn’t relevant to its function, that’s a major warning sign.

“[If] you’re downloading a simple app for a pocket calculator for instance and the app is requesting access to your contact list and location,” Hart said. “Why would a calculator need to see your contact list and location? Requests like that should ring some alarm bells.”

In addition to paying attention to permissions that you grant to an app, it’s also important to monitor how your phone behaves after you download it. Shlomie Liberow, a technical program manager and security guru at HackerOne said that drastic changes in your device’s battery life are another red flag.

“If after installing an app, you notice your battery life decreasing faster than usual, that may be a tell-tale sign that the app is up to no good and is likely operating in the background,” Liberow told CNET. “Often, malicious apps would constantly run in the background to repeatedly upload user data such as contacts from the phone.”

Last December, digital security firm Sophos released a list of almost two dozen apps that were found guilty of click fraud resulting in data overages and dramatically draining the device’s battery life.

4. Research the app or company

While you can’t tell at face value if an app has sinister motives, a quick Googlesearch can help you better understand if an app is safe. The experts suggested searching the name of the app and the phrase “data scandal” or “scam.”

Hart said the results should tell you if the company has experienced any recent privacy or data leaks.

“This search should also tell you if data breaches are a common occurrence at that company and, if they have experienced any, how they have responded to them,” Hart said. “If the company has been affected several times and done nothing to address the problem, steer clear of the app — it suggests that they aren’t taking the issue seriously.”

Baker said it’s wise to avoid an app if it’s the only one a developer has produced or if the developer was responsible for any other shady apps.

5. Limit social media exposure

This tip might be the most difficult to implement since social media apps are among the most-used apps on phones.

Facebook’s Cambridge Analytica data scandal put the social network in hot water. The fallout resulted in a mass exodus of the site’s younger users. But even people who’ve freed themselves of Facebook’s siren call (or never created a profile in the first place) might still be at risk for privacy invasion.

If you appear on a friend or family member’s account, you’re still visible online. After those accounts are observed, companies can construct a “shadow profile” that details a person’s likes, dislikes, political leanings, religious beliefs and more.

It’s wise to limit the amount of information you share on social media, regardless of what the site asks for on your profile. The more information you share, the more data that’s available to create advertisements for you. Only fill out the absolute minimum amount of information necessary and don’t volunteer extra data just to make your profile more “complete.”

“Smartphone apps are generally more ‘thorough’ when it comes to targeted advertising. There’s even concern among some about those programs accessing your phone’s microphone (presumably for more targeted advertising),” Bobby Kittleberger, head of Legal Software Help, told CNET.

And don’t forget that the more information you provide in a profile, the more information is at risk in the event of a data breach.