Cyber … Part IV Apps and Privacy

By
Jonathan Jacobs
2,866 0 1

Application (App) security.

The following excerpt or observation if you will, is highly relevant to our multiple global crises and how this relates perfectly to our topic, app privacy.  A great example given today’s gas prices and app privacy. Do you know the app GasBuddy? Are you using it?
Just like the note I posted last week, it’s unfortunate that lots of useful and practical apps are some of the most serious threats to your own data security. Apps need data – that’s how they are kept low cost or free.
So, GasBuddy is meant to help you save precious cash at the pump by letting you compare prices at gas stations nearby—wherever you are—but that also means it’s gathering loads and loads of location data to make those calls.
The company recently told its users about a privacy policy change through an email and a push notification, the company’s general counsel told Popular Mechanics.
“If you access the Service through a mobile device, and if your preferences are set to permit the collection of the information, we will also automatically collect information about your driving habits, including, but not limited to, driving distance, speed, acceleration, and braking habits,”
Did you read the app’s privacy policy? That portion of the app’s privacy policy relates to a feature called “Drive,” which collects information to tell you about your driving habits.
GasBuddy said it’s an opt-in service. Still, if you want to use the app at all, you have to let the app access some of that precious data. That’s true of any services that use geolocation.
Sure, just the gas station location data could be used to triage locations like between where you work, live, and go out, but do you want them to know all that other stuff about your driving habits?

What are they going to do with it?

Do they need to know those things to provide what you need from them?
I don’t want apps collecting anything unless I am actively using them, how about you? I don’t like them doing stuff in the background when I am not. It’s bad enough I’ve got Facebook listening to me all the time and feeding me ad’s about what we are talking about 😔. Both can be battery killers as well.
The story above and the questions posed should make everyone realize just how much of “ourselves” we give up to use apps on our cell phones and personal devices.  Many of us do this without any 🤔 question or apprehension unless posed with the questions an article like this poses😊… of the types of data we blindly relinquish just to ‘participate’ or use an app.

Are all those ‘free’ versions of every app really ‘free’?

The security we give up or ‘agree’ to give up also follows you and me around. You know how we all now joke… or ponder… why ads for certain products and services seem to ‘pop-up’ on our browsers and within the apps we use (like the story above)?  This is of course NOT an accident or mere coincidence. This leads us to our discussion of real sensitivity and difficulty in another layer of our personal security when it relates to app privacy.

Being more secure

Before we talk about the apps and the security of such let’s cover a few terms near and dear to the topic. Information through the Internet we all know of and use and the IoT or Internet of Things are broken into the two groups described below.
PHI – Personal Health Information – Under HIPAA, PHI is considered to be any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity – a healthcare provider, health plan or health insurer, or a healthcare clearinghouse – or a business associate of a HIPAA-covered entity, in relation to the provision of healthcare or payment for healthcare services.

The 18 identifiers that make health information PHI are:

  • Names
  • Dates, except year
  • Telephone numbers
  • Geographic data
  • FAX numbers
  • Social Security numbers
  • Email addresses
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers including license plates
  • Web URLs
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full face photos and comparable images
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Any unique identifying number or code

 

PII – Personally Identifiable Information – Email addresses were the most common piece of PII shared with apps and were shared with 48 percent of the iOS apps and 44 percent of the Android apps analyzed. The next most common piece of PII was the username (which is usually someone’s full name as they’ve entered it on social networking sites or on the app), which was shared with 33 percent of iOS apps and 30 percent of Android apps. Phone numbers, meanwhile, were shared with 12 percent of iOS apps and 9 percent of Android apps. Finally, the user’s address was shared with 4 percent of iOS apps and 5 percent of Android apps.

But whether it’s hacked browsers, petty thieves at the coffee shop, or your own tendency to lose electronics in cabs (hey, it happens to the best of us), using your smartphone as a centralized source for all of your information comes with big risks, and the more you’ve connected and stored, the more you stand to lose. In fact, in the last year alone, at least 7.1 million phones were lost or stolen.

Some Tips

1. Use a Passcode

This may sound obvious, but according to a Consumer Reports survey, 64% of us don’t use our passcodes. (For the record, using the factory set passcode totally doesn’t count.) Quite frankly, not using a passcode is a horrible idea. You’re essentially handing over all of your personal information to anyone who swipes your phone.

2. Be Selective With Your Apps

That new app might look great, but with so many unknown third-party providers out there, it can be difficult to know how private and secure it may be. For that reason, it’s best to go through a trusted app store like iTunes, Android Market, or Amazon. But more importantly, read the privacy policies and reviews – before installing that app.

3. Don’t Click on Suspicious Links

Maybe it’s those tiny, almost indecipherable screens, maybe it’s a false sense of security, but for some reason, people are three times more likely to click on suspicious links on their cell phone than on a PC. Our best advice for that? Don’t do it. Look more carefully at the URL, especially if they’re asking you to enter personal information.

4. Enable Remote Wiping

Should your phone ever be lost or stolen, it would be great to erase your important data from afar. You can do this through remote wiping, and it’s relatively easy to do on most devices.

5. Keep Software Up to Date

Software updates often patch security and privacy holes users have found as they’ve tested the software out in the real world. Keeping your software up to date will mean you’ll have the very latest solutions

6. Use Security Applications

Both Spyware and Malware are becoming an increasingly formidable problem for mobile phone users. They track your whereabouts, send out your personal information, and slow down your phone. It can be difficult to avoid downloading these, and users often don’t know they’re running. To combat this, install security software, just like you might have on your computer, to protect your privacy against any unbeknownst mischief. Make sure that you keep this software up to date.

7. Stay Off of Open Wi-Fi Networks

Since smartphones are now acting like mini-PCs, avoid unknown open Wi-Fi networks, just like you would on your PC. As you type, malicious hotspots can transmit your credit card information and passwords without you even knowing it. If you have to use one, use a VPN (see note in our previous article).

8. Write Down Your IMEI

Every phone has a fifteen digits serial number called an IMEI (International Mobile Equipment Identity), which can come in handy if your phone is ever lost or stolen.

9. Back Up Your Phone Regularly

Backing up your phone means you’ll always have access to all of your photos, music, apps and whatever else. This is of course important in case your phone gets lost or stolen, but it can also come in handy when you’re doing an OS update and experience a loss of data (it happens)

10. Guard the Data on Your Sim Card

If you decide to sell your cell phone, there are a number of things you should do before shipping it off to a stranger. One of the most important is to remove both your SIM and your SD card, both of which contain a wealth of data.

Mobile App Security Requirements and Verification-for programmers!

The OWASP Mobile Application Security Verification Standard (MASVS) is, as the name implies, a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.

You can contribute and comment on the GitHub Repo. An online book version of the current master branch is available on Gitbook.

So in summary, try your best to follow some of the above rules and recommendations to protect your personal information when it comes to app usage and app privacy. The above discussion regarding Gas buddy should make us all ponder how we use apps and what really is free?

Before you click to download, think about what ‘types’ of data about yourself you ‘might’ be sharing?

App Privacy Report

What is an App Privacy Report?

With iOS 15.2 and iPadOS 15.2, you can turn on App Privacy Report to see details about how often apps access your data—like your location, camera, microphone, and more. You can also see information about each app’s network activity and website network activity, as well as the web domains that all apps contact most frequently. Together with Privacy Nutrition Labels, App Privacy Report helps give you a more complete picture of how the apps you use treat your data.

 

App Privacy Report includes information about the following:

Data & Sensor Access

Data & Sensor Access shows how many times and when an app accessed privacy-sensitive data or device sensors in the past 7 days. This may include details about an app’s access to Location, Photos, Camera, Microphone, Contacts, and more. You can tap each app and data type to learn more.

Network Activity

App Privacy Report includes information about domains that have been contacted either by apps you’ve used or websites you’ve visited within those apps. A domain is the name of a website that allows it to be found on the internet. This information also helps provide visibility into domains that may be collecting data about you across different apps and websites.

How to update privacy settings

App Privacy Report is designed to give you more visibility into how apps access your data. If an app appears to be accessing your data in a way or at a time that you didn’t expect, you can update your privacy settings or revoke permission.

Learn how to update privacy settings on your iPhone, iPad, or iPod touch or on your Mac.

How to Enhance Privacy on your Android Phone

Google ships a ton of free software with Android, but you’re still paying for it with your data when you use it. The company can create an incredibly detailed profile of your life thanks to all the details you share with it while browsing the web and using some Google apps. While it’s impossible to get rid of all that tracking completely if you don’t want to use a custom ROM or switch to iOS, there are a few things you can do.

  1. Disable Location History and Tracking
  2. Opt out of Google’s personalizations

  3. Turn off backups

  4. Use third-party software when possible

 

 

There will be one more piece in this series of articles regarding Browser Security.  Thank you for reading along. If you own a pharmacy to have a  direct discussion regarding our app from Point of Care Systems, llc. “iSalesTrax” and how it can help your pharmacy contact us at info@pocsrx.com

We used a bunch of emojis in this article. If you are not sure of their meaning (sometimes we see some that we are not quite sure of ourselves, here’s a great link smiling face with smiling eyes!

 

Below are links to Parts I, II, & III of this series Cyber, Internet, and Pharmacy System Security as well as a previously related article.

Part I 

Part II

Part III

Importance of the Delivery man is at an all time 

Please take a look below at these related and fun links and stay tuned for the last part of our current series Part V-Browsers.

Twenty Best Free email service providers and resources 

TOP 10 BEST ICE CREAM BRANDS 2022

Top 10 Popular Apps of 2022 for iOS and Android

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.