Our world of Smartphones and Apps
View(s):Today, the application ecosystem is empowering our lives in ways which it was not possible a few years ago. The mobile web surfing has declined while the mobile app usage increased in recent years. This is primarily because the native app usage on smartphones has continued to grow at the expense of the mobile web. Currently, there are more than 25 billion apps which exists across platforms and organisations; we have moved more towards living in an app based economy and our dependence on Internet and applications have surged to new heights.
The smartphones have become very addictive because of these apps we use every day. The amount of apps people use each day is significant; some use as many as 10 apps while the others use more than 50 apps per day. Here are some examples of the apps people use on a daily basis:
Wake up in the morning – WAVE Alarm Clock app
Check email – Gmail, Yahoo
Check the weather – AccuWeather
Routine tracker to check the daily scope of work – Any.do
Daily dose of news – Daily Mirror, Sunday Times, News 360, The Verge App, Economic Times App, Flipboard and Twitter
Daily fitness regime – Fitbit, Sworit and Runtastic
Feel happy – Headspace, Happier or Sketchbook
Navigate to work – Google Street View
Getting around the city – Kangaroo or UberCabs.
Maintain relationships – Without, Couple, Between or Touchnote
Find dates – OkCupid, Tinder or Coffee Meets Bagel
Order food – PizzaHut, Swiggy, Zomato Order, FreshMenu
Impress people – Linkedin
Store pictures and other information – iCloud, OneDrive, Google Drive
Phone Directory Services – Truecaller
Similarly, people use many collaboration apps like Mango Apps, Pocket, O365, Jabber, Google Keep, Dropbox and Evernote to name a few to get work done during office hours. These amazing apps help people take notes, make project plans and share it with fellow colleagues as and when required. As for the daily dose of distraction, people use Facebook, Twitter, Instagram, Apple Music or Musixmatch in between tasks. There are mobile apps to remote control of things in the home, such as lights, air conditioning, locks and garage doors, tracking energy usage in the home, remote car start and apps that can charge purchases directly to a mobile phone bill.
Bugs and open-doors in the apps leave sensitive information open for viewing. Most of these apps including the collaborative apps are used by millions of users. They are prone to cyber-attacks and suffer from bugs and open doors. Who knows what can happen if your classified information falls into the wrong hands? Dropbox was the most targeted cloud service by the hackers. It was found that Dropbox users unknowingly allowed private data to be read by third parties as their files were indexed by search engines Google, Yahoo! and Bing. This allowed anyone who searched for a matching keyword on your link, to click and open your files without you knowing.
Saving any company or personal sensitive information with Dropbox or any similar cloud services offers significant risk for users and organisations. The information should be protected using technologies such as Digital Rights Management and Encryption prior to sending them to the cloud. Truecaller too had an unauthorised access of its database by the hackers. It is a service that collects contact information stored in the users’ phones or on their social networking profiles. Some users are known to store sensitive information such as bank account numbers, passwords of email and internet banking systems in their contact list. This app is available on the web for the iPhone, Android, Blackberry, Symbian and Windows phones. The users should be cautious not to save sensitive information in the contact list.
There was a lot of interest in the iCloud incident, where apparently several “celebrity” accounts were compromised. It turned out that the API for the “Find My iPhone” app did not have protections against brute force attacks. Further, the victims had iCloud photo synching and iCloud backups turned on and the damage was significant. Many people are using technology that they don’t fully understand – and that is nothing short of dangerous. And enabling every feature, option, service by default is simply adding fuel to the fire. I suggest having everything turned off by default, except for the bare minimum required. And then let the users decide what they need or what they don’t need. Then at least it’s a conscious decision when they turn something ON.
It is also important to use strong complex passwords and change them often. The two-step verification security facility remains an opt-in choice only. The users should also use the two-step verification when using the apps or cloud services. While these mobile apps help us immensely, our day to day life revolves around various apps completely and this feels so less human. Some of these app, access your browsing history, favourite URLs, pictures and message folders. Let’s use the Apps judicially.
(The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He is the founding member and Secretary of the (ISC)2 Chennai Chapter, Founder/President of Information Security Professional Associates (iSPA) and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com)