Study Finds Our Personal Information May be Leaked to Anyone Who Wants It

A company that provides a mobile device gateway product, Wandera, has found that the apps we install on our devices leak a surprising amount of information to anyone who chooses to capture it. It doesn’t take an experienced hacker either, but merely someone who may be sitting in the corner of a café logging traffic crossing an unsecured WiFi connection.

The study found that 200 popular apps were exposing sensitive information, mostly user names and passwords unbeknownst to the users. However, any information that was entered into the apps was subject to being leaked. Nearly 60% of the apps giving away the information were news, sports, or shopping apps; the apps many of us use every day without a second thought.

It’s worth thinking about, however, what information we enter when we download the apps and what apps we do indeed install on our devices. Think about what is asked for in order to put it on the device. A free news app, for example, doesn’t need your social security number or payment card information. It also doesn’t need your age or address. If it doesn’t allow use of the product without it, perhaps it’s wise to choose a different one.

In addition, pay attention to the reviews and number of downloads for any application. If there are very few of them, have a bit of patience and wait for the kinks to be worked out first. When Wandera contacted the developers of the vulnerable apps, some of them did fix them right away. Others didn’t even acknowledge the communication attempts. Reviewers usually will indicate any problems that are found in initial releases and if they are not on the positive side, reconsider if you want to be an early adopter.

Also, because most of the time it was a user name and password that was leaked, don’t re-use passwords across multiple sites and applications. Each one deserves its very own password. Then, if a hacker does get ahold of that information for one app, it doesn’t have it for any others. Password reuse was blamed for some rather high profile incidents such as the “naked celebrity” leak a few years ago. Spotify also accused this as the cause for strange activity on some users’ accounts in 2016.

News, sports, and shopping weren’t the only apps to leak information. Thirty percent (30%) came from travel, entertainment, lifestyle, and technology apps. The biggest offenders were adult sites. Of the top 50 of these types of sites, 80% exposed personal information.

These types of issues with mobile apps likely occur for a variety of reasons. One is possibly the rushed timelines under which developers are often asked to work. It may also be due to bugs in the code or general ignorance of how to make code secure. Whatever it is, it puts user data at risk of being stolen.

© Copyright 2017 Stickley on Security