We’ve always advised our readers to carefully scrutinize the apps they use and make sure they do only what they say they’re doing. A post on SecureList shows that many trusted apps are in fact transmitting data using the unsecure HTTP protocol over the internet.
The culprit appears to be third-party services called SDKs (Software Development Kits) that app developers plug into their programs. SDKs collect user data to show ads, but many fail to secure the data when transmitting to their servers. In fact, many are transmitting unencrypted data using HTTP which sends information in plain text.
The information being leaked includes:
- Device information
- Network and ISP-related data
- Device coordinates
- Owner name, phone number and date of birth
- User Likes, posts and pages visited
Leakages of this type are very dangerous and give hackers multiple avenues from which to stage attacks. For instance: hackers can use network and ISP data to attack routers to gain access to systems; and unsecure HTTP allow hackers to intercept requests and replace innocent links with infected ones.
The issue is widespread. Kaspersky reviewed 13 million packages and found that over 3 million of them transmit unencrypted data over the internet.
Here’s what to do:
- As we’ve said many times before―ALWAYS check app permissions BEFORE downloading them. If an app is asking for permissions that seem out of whack for what it is supposed to be doing―don’t download it!
- Kaspersky recommends that you do not use free versions since they support themselves by serving up ads (using SDKs). Paid versions don’t show ads.
- Use a VPN especially for your mobile devices. A VPN creates a secure connection that will protect your data in transmission.
We must all take personal responsibility in protecting our data from hackers. Identity Theft is a huge problem today further enabled by the internet and the advent of mobile computing. If developers and programmers are not going to protect us, then we have to. Don’t become a victim.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 300+ Petabytes of data with over 800 employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.