Cyber … Part IV Apps and Privacy
- Jonathan Jacobs
Application (App) security.
What are they going to do with it?
Are all those ‘free’ versions of every app really ‘free’?
Being more secure
The 18 identifiers that make health information PHI are:
- Dates, except year
- Telephone numbers
- Geographic data
- FAX numbers
- Social Security numbers
- Email addresses
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Web URLs
- Device identifiers and serial numbers
- Internet protocol addresses
- Full face photos and comparable images
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Any unique identifying number or code
PII – Personally Identifiable Information – Email addresses were the most common piece of PII shared with apps and were shared with 48 percent of the iOS apps and 44 percent of the Android apps analyzed. The next most common piece of PII was the username (which is usually someone’s full name as they’ve entered it on social networking sites or on the app), which was shared with 33 percent of iOS apps and 30 percent of Android apps. Phone numbers, meanwhile, were shared with 12 percent of iOS apps and 9 percent of Android apps. Finally, the user’s address was shared with 4 percent of iOS apps and 5 percent of Android apps.
But whether it’s hacked browsers, petty thieves at the coffee shop, or your own tendency to lose electronics in cabs (hey, it happens to the best of us), using your smartphone as a centralized source for all of your information comes with big risks, and the more you’ve connected and stored, the more you stand to lose. In fact, in the last year alone, at least 7.1 million phones were lost or stolen.
1. Use a Passcode
This may sound obvious, but according to a Consumer Reports survey, 64% of us don’t use our passcodes. (For the record, using the factory set passcode totally doesn’t count.) Quite frankly, not using a passcode is a horrible idea. You’re essentially handing over all of your personal information to anyone who swipes your phone.
2. Be Selective With Your Apps
That new app might look great, but with so many unknown third-party providers out there, it can be difficult to know how private and secure it may be. For that reason, it’s best to go through a trusted app store like iTunes, Android Market, or Amazon. But more importantly, read the privacy policies and reviews – before installing that app.
3. Don’t Click on Suspicious Links
Maybe it’s those tiny, almost indecipherable screens, maybe it’s a false sense of security, but for some reason, people are three times more likely to click on suspicious links on their cell phone than on a PC. Our best advice for that? Don’t do it. Look more carefully at the URL, especially if they’re asking you to enter personal information.
4. Enable Remote Wiping
Should your phone ever be lost or stolen, it would be great to erase your important data from afar. You can do this through remote wiping, and it’s relatively easy to do on most devices.
5. Keep Software Up to Date
Software updates often patch security and privacy holes users have found as they’ve tested the software out in the real world. Keeping your software up to date will mean you’ll have the very latest solutions
6. Use Security Applications
Both Spyware and Malware are becoming an increasingly formidable problem for mobile phone users. They track your whereabouts, send out your personal information, and slow down your phone. It can be difficult to avoid downloading these, and users often don’t know they’re running. To combat this, install security software, just like you might have on your computer, to protect your privacy against any unbeknownst mischief. Make sure that you keep this software up to date.
7. Stay Off of Open Wi-Fi Networks
Since smartphones are now acting like mini-PCs, avoid unknown open Wi-Fi networks, just like you would on your PC. As you type, malicious hotspots can transmit your credit card information and passwords without you even knowing it. If you have to use one, use a VPN (see note in our previous article).
8. Write Down Your IMEI
Every phone has a fifteen digits serial number called an IMEI (International Mobile Equipment Identity), which can come in handy if your phone is ever lost or stolen.
9. Back Up Your Phone Regularly
Backing up your phone means you’ll always have access to all of your photos, music, apps and whatever else. This is of course important in case your phone gets lost or stolen, but it can also come in handy when you’re doing an OS update and experience a loss of data (it happens)
10. Guard the Data on Your Sim Card
If you decide to sell your cell phone, there are a number of things you should do before shipping it off to a stranger. One of the most important is to remove both your SIM and your SD card, both of which contain a wealth of data.
Mobile App Security Requirements and Verification-for programmers!
The OWASP Mobile Application Security Verification Standard (MASVS) is, as the name implies, a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.
So in summary, try your best to follow some of the above rules and recommendations to protect your personal information when it comes to app usage and app privacy. The above discussion regarding Gas buddy should make us all ponder how we use apps and what really is free?
Before you click to download, think about what ‘types’ of data about yourself you ‘might’ be sharing?
App Privacy Report
What is an App Privacy Report?
With iOS 15.2 and iPadOS 15.2, you can turn on App Privacy Report to see details about how often apps access your data—like your location, camera, microphone, and more. You can also see information about each app’s network activity and website network activity, as well as the web domains that all apps contact most frequently. Together with Privacy Nutrition Labels, App Privacy Report helps give you a more complete picture of how the apps you use treat your data.
App Privacy Report includes information about the following:
Data & Sensor Access
Data & Sensor Access shows how many times and when an app accessed privacy-sensitive data or device sensors in the past 7 days. This may include details about an app’s access to Location, Photos, Camera, Microphone, Contacts, and more. You can tap each app and data type to learn more.
App Privacy Report includes information about domains that have been contacted either by apps you’ve used or websites you’ve visited within those apps. A domain is the name of a website that allows it to be found on the internet. This information also helps provide visibility into domains that may be collecting data about you across different apps and websites.
How to update privacy settings
App Privacy Report is designed to give you more visibility into how apps access your data. If an app appears to be accessing your data in a way or at a time that you didn’t expect, you can update your privacy settings or revoke permission.
Learn how to update privacy settings on your iPhone, iPad, or iPod touch or on your Mac.
How to Enhance Privacy on your Android Phone
Google ships a ton of free software with Android, but you’re still paying for it with your data when you use it. The company can create an incredibly detailed profile of your life thanks to all the details you share with it while browsing the web and using some Google apps. While it’s impossible to get rid of all that tracking completely if you don’t want to use a custom ROM or switch to iOS, there are a few things you can do.
- Disable Location History and Tracking
Opt out of Google’s personalizations
Turn off backups
Use third-party software when possible
There will be one more piece in this series of articles regarding Browser Security. Thank you for reading along. If you own a pharmacy to have a direct discussion regarding our app from Point of Care Systems, llc. “iSalesTrax” and how it can help your pharmacy contact us at firstname.lastname@example.org
We used a bunch of emojis in this article. If you are not sure of their meaning (sometimes we see some that we are not quite sure of ourselves, here’s a great link smiling face with smiling eyes!
Below are links to Parts I, II, & III of this series Cyber, Internet, and Pharmacy System Security as well as a previously related article.
Please take a look below at these related and fun links and stay tuned for the last part of our current series Part V-Browsers.