How Mobile Apps are Invading Your Privacy Infographic

Every week it seems like there is a new story about a popular mobile application having privacy issues that put its users at risk. With millions of mobile apps receiving billions of downloads, it is important that users are aware of the risks they face when downloading and using apps. This infographic uses real world cases to outline the threat to user privacy posed by mobile apps.

How Mobile Apps are Invading Your Privacy


Add this Infographic to Your Website for FREE!

Small Version

Large Version

Infographic by Veracode Application Security

There is no doubt you’ve heard about privacy issues related to Facebook, Google, and other major websites. But have you considered the privacy issues that could be occurring right on your mobile device?

About 25 billion Google Play and iOS apps were downloaded in 2011

At the end of 2011, the millionth mobile app hit the market.

With the popularity of mobile apps increasing, what privacy concerns should users be aware of? There are 4 levels of potential risk:

  • Application Layer – Apps with vulnerabilities and malicious code have access to your data and devices sensors.
  • Hardware Layer – Attackers use memory corruption defects in firmware to gain administrative access to your device.
  • Network Layer – Information can be intercepted over the air. Mobile WiFi has all the same problems that laptops have on WiFi.
  • Operating System Layer – iPhone and Android jailbreaks exploit defects in your phone’s operating system.

Application-Related Risks

  • Some mobile apps upload users’ contact lists and store them without permission
  • In mid-April, researchers discovered that a fake version of the instagram app for android installed malware on users’ devices after being downloaded from third-party sites
  • Fake applications are a common method used by attackers to spread malware. Only download apps from trusted app stores.
  • Also in February, the mobile social network Path was discovered to be uploading whole address books to servers without the app users knowing.
  • A developer noticed this was occurring. In response, Path said they deleted all of the data they had stored but continued to collect anonymized/hashed data per users’ permission.

Ad Libraries Accessing Your Data

  • Smartphone users should be aware of the risks some mobile ads pose.
  • In a study of 100,000 apps in the Google Play market, more than half had ad libraries. Of these apps 297 had aggressive libraries that could run code from remote servers.
  • In-App ad libraries can retrieve ads remotely and come ad libraries have the same permissions that users grant the app during installation.
  • Some ad libraries can access:
    • A users location
    • Phone numbers
    • Lists of all apps on the phone
    • Call logs

Public Response?

  • Privacy concerns have led to legal action.
  • In March of this year a class action lawsuit was filed on behalf of 13 plaintiffs, naming 18 companies, some well known, as allegedly negligent (including Facebook, Instagram, LinkedIn, Foursquare, and Yelp!)
  • The complaint involves the plaintiffs’ concerns that some apps are allegedly taking information from users in a “surreptitious” manner.
  • This information and data could be used for commercial reasons.
  • No cases to date have proven that data is being used for reasons aside from the normal usage of the app.
  • In another move toward privacy, the Federal Trade Commission (FTC) has proposed extending the Children’s Online Privacy Protection Act to mobile apps that allow kids to:
    • Receive targeted ads
    • Participate in social networking
    • Play network-connected games

Find your own balance of privacy vs. functionality and delete apps that do not allow you to change privacy or sharing settings.

Veracode Security Solutions

Vulnerability Assessment Tools
Web Vulnerability Scanner
Apple iOS Security
Website Security
Mobile Phone Security
Online Internet Security
Facebook Security Issues
SDLC Phases
SQL Injection Attack
Android Application Security
 

Infographic: How Mobile Apps Invade Your Privacy | May 31, 2012 2:59 pm

[...] Combine the rapid adoption of mobile devices with the behavior of some companies developing applications for them, and what do you get? A pocket-sized, portable privacy liability. Veracode explores the consequences of rampant data-mining and the importance of finding the balance between function and privacy in this infographic published today. [...]

Infographic: How Mobile Apps Invade Your Privacy | infosec360 | June 1, 2012 4:48 am

[...] Combine the rapid adoption of mobile devices with the behavior of some companies developing applications for them, and what do you get? A pocket-sized, portable privacy liability. Veracode explores the consequences of rampant data-mining and the importance of finding the balance between function and privacy in this infographic published today. [...]

#INF GRPH – Mobile World: How Mobile Technology is Changing World Travel « TUTA | June 4, 2012 9:30 am

[...] How Mobile Apps are Invading Your Privacy Infographic (veracode.com) vuoi condividerlo?MoreLike this:Mi piaceBe the first to like this post. Contrassegnato da tag Airbnb.com, Facebook.com, foursquare.com, Hipmunk.com, Infographic, infographics, IPhone, jpg, Mobile marketing, Social media, TUTA, tutaonline [...]

For Liberty | April 22, 2013 5:13 pm

Our tools have become privacy liabilities. We all need information and plans to protect our privacy.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

RSS feed for comments on this post