Consumer beware: Protect your privacy when installing new apps

Facebook got into hot water recently after two separate discoveries that it grossly violated privacy through the data-collection practices of its mobile app. First, TechCrunch found that Facebook paid users to share very sensitive data via a “research” app that had root access to network traffic. The app collected data such as apps installed on the device and how and when they’re used, and browsing activities including encrypted content.

Then, shortly after, the Wall Street Journal revealed how various third-party apps shared their collected sensitive information with Facebook. The apps — among them health apps, as well as popular apps with millions of users — transmitted the highly personal information unbeknownst to users. In one case, the app even stated in its privacy policy that it didn’t share the data with a third party.

Unfortunately, these kinds of consumer privacy incidents are not unique. Mobile app developers are becoming more audacious, both with the permissions they request and with the creative ways to circumvent the few safeguards that exist, such as app stores’ privacy policies for developers.

Even when the intent of the developers is to provide certain convenience and usability, consumers need to be more proactive in what permissions they delegate. It may get a bit tedious but spending a little time to understand app permissions can help individuals control their own privacy a little more, rather than entrusting it to app developers.

What you can do to protect your privacy

You can’t outsmart clever app developers. Someone will always push the envelope with either ridiculous permissions they don’t need or sneaky access without user knowledge. But a few steps can help you limit what you authorize.

Here’s what you can do, in a nutshell:

Get acquainted: Take the time to walk through the app permissions you already gave. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/8qM3HA6s9wk/