Many of the apps we download for free can be a way for marketing companies to profit from our personal data or even a gateway for thieves to steal our personal information.
Sophos security expert Chester Wisniewski warns nothing is truly free.
Your “free” app comes with a price, he says, and that price is your personal information.
“If it’s free, they’re going to have to make money somehow. It probably means they are making money by taking your personal information and selling it.”
Wisniewski conducted an investigation for Global News by breaking into his own phone, as an attacker, to find out how much personal information some of the most popular free apps are taking.
The results may have you thinking twice about the apps you load on your phone.
When Wisniewski tested the Facebook app, he noticed that it captured “your exact GPS location, what cell phone company you’re using, what Wi-Fi access point you’re connected to and even strange things like the signal strength of your wireless connection to your carrier.”
He’s says a lot of that personal information is likely used to generate advertisements that then get posted on your profile. Our personal data, he says, is valuable in the marketplace.
“If you can get two or three million downloads, and if you can make five cents for every per person who installed it, that adds up to a lot of money,” he says.
Snapchat, a popular video messaging application, could pose serious privacy risks for iOS and Andriod users.
When the application was examined, information like your phone number, your date of birth, your password and even the amount of battery life left on your phone was taken, according to Wisniewski.
“As a security expert, we know companies should never be transmitting your password in a way that can be intercepted. So that was rather concerning,” he adds.
Many free apps like children’s games, and even the Bible and the flashlight app may be collecting your personal data as well.
Wisniewski downloaded a free popular flashlight app on his iPhone. At the time, the app had about 800 positive reviews. Despite the glowing reviews, Wisniewski made some shocking discoveries.
“When I dove into it a little deeper, the first thing it did was connect to a strange server in China that associated with voice services and dating websites, in China, and started sending encrypted information off into this random website,” Wisniewski explains.
But it didn’t end there.
“Then after that, it connected to 16 different advertising networks in order to sell whatever information it was taking from the phone and it was grabbing everything that it could and it didn’t have to ask for permission.”
A recent study conducted by researchers from the University of California, Riverside found that almost nine per cent of popular apps downloaded from Google Play interacted with websites that could comprise users’ security and privacy.
“I think the fact that nine per cent of the good apps we analyzed interacted with at least one website that distributes malware is very worrisome,” stated Michalis Faloutsos, one of the lead researchers of the study in a statement.
How to protect yourself:
“You’re taking your chances,” says Wisniewski.
If you don’t want your identity to be sold off, Wisniewski recommends that you limit the amount of personal information on your phone.
“You’ve got to think twice about each thing you’re doing and understand that how much personal information do you have on your phone and how uncomfortable would you be if that were shared with these app companies.”
He says it’s important to read the fine print, no matter how long it may be, to know what you are signing up for.
If you have an app that you no longer use, erase it.
Always get your apps from the official stores that Apple and Google provide.
“Apple and Google do their best to screen out things that are illegally capturing your information.”
When it comes to a free app versus a paid app, Wisniewski says paid apps generally give away less personal information.
The next time you download a free app, think twice, you may be paying for it with your privacy.