Do Your Research Before Downloading Free Applications

ChatMail   |   December 1, 2021

Do Your Research Before Downloading Free Applications

Modern smartphone technology is incredible in many ways, but it’s also full of hazards that often go relatively unnoticed. It seems like there's an application for every purpose imaginable.

Unfortunately, apps are often the target of crooks and scammers. There are many malicious apps that exploit users, endangering your privacy and even taking your money. While most of these apps may seem safe you can learn to recognize the red flags.

Here's a few examples of how third-party apps have harmed unsuspecting users.

GriftHorse Campaign

How can an ordinary person who is surfing the web spot a scam if Google couldn't? Although the company has worked hard in recent years to keep malevolent apps out of the Google Play store, Wired reports a recent takedown that involved about 200 apps and more than 10 million potential victims.

Attackers managed to sneak malicious features into seemingly benign apps, offering services for everything from translations to heart-rate monitoring. Users would download the app thinking it was perfectly ordinary and then they'd receive up to five notifications an hour, urging them to confirm their phone number to claim a prize.

The apps managed to evade detection from Android by loading the prize claiming page within an in-app browser. Users were signed up automatically for monthly recurring charges that went directly to criminals. These scammers used sophisticated camouflaging methods, like not reusing URLs, which is a red flag for security researchers. They also used high-quality content free of typos and grammatical errors, which are often a tip-off that the site isn't legitimate. The apps in question are still available through third-party app stores and have been downloaded by hundreds of thousands of users.

People today need to be extremely careful about the app permissions they accept to ensure they aren't giving companies the green-light to access their data. They also need to be on their toes to spot outright scammers. Both these hazards are real and by the time people learn of the damage it's too late.

You're safest when you use a phone that doesn't allow any third-party apps on the platform, ensuring you are protected against these types of threats.

Spying Instead of Skype

People who live in countries like the United Arab Emirates can't access popular apps like Skype and WhatsApp because they're banned by the government. Instead, the UAE offered citizens what they claimed was a secure messaging app called ToTok.

It was downloaded by almost 8 million users. However, it was far from secure. It turns out ToTok was a spy app that tracked all messages and pictures.

ToTok was removed from the Apple and Google Play stores, but the latter quietly reinstated the app, only to remove it again. Its creators denied ToTok was made for spying and stated the set of permissions requested from users was consistent with those from other messaging apps, like Facebook or WhatsApp. Facebook and WhatsApp have also had major privacy breaches, some of which were accidental and others that were simply carried out through its business model.

Everybody's data is valuable to hackers, so people need a secure encrypted phone for their day-to-day communications.

WhatsApp and Facebook

Did WhatsApp commit an ethical breach by reading encrypted messages reported by users as spam or abuse? With 3.6 billion users worldwide, it's time Meta improves the privacy and security of Facebook and WhatsApp users.

Consumers are understandably becoming wary about companies that promise end-to-to encryption like WhatsApp, which has rebranded to show it is owned by Meta a company that makes all its money harvesting user data. ProPublica reported WhatsApp undermines the privacy of its users in a fundamental way, even if it doesn't technically break the encryption. Here's how it works.

When a WhatsApp user reports another user for abuse or spam a moderator or AI software will then have access to that message. Because the message was flagged by a user and then sent to the company, it isn't technically a violation of the end-to-end encryption.

The idea of more than 1,000 hourly contract workers in cities like Austin, Dublin and Singapore using special software to sift through millions of private messages, images and videos is not what people think of when they hear end-to-end encryption. These workers usually take less than a minute to determine whether whatever flashes on their screen is fraud, spam, child porn, terrorist plotting, or nothing at all.

With most free apps, the end-to-end encryption only works in transit from your device to the company servers, then from the servers to your contacts. It isn't encrypted on the device itself, which is why WhatsApp can access messages that users think it can't.

In a reliable smartphone security system, users don't have to worry about a privacy breach. WhatsApp may not technically violate end-to-end encryption but, the fact they are accessing content users think is private is of great concern.

You can't trust your privacy and security to a company that is notorious for data breaches and damaging the fabric of society. Secure communications platforms don't have business models that revolve around selling user data to marketers or promising privacy one minute, then snooping on users the next.

Entrusting privacy to a free app is risky as they are a common entry point for companies, hackers and even governments to get an inside track of your communications. Use a hardened device with a private server and other methodologies designed for security and nothing else.