There’s a lot of talk these days about being cautious when downloading new apps to your mobile device. How, exactly, can an app compromise your personal information? You may think the stuff on your phone doesn’t have much value, or that it’s so obscure that no one would even recognize it. And, you may be one of the lucky people who never downloads a noxious app, but don’t count on it.
A recent Nielsen study shows that the majority of smartphone owners do download apps, especially games. Since thousands of people are successfully using thousands of apps, what’s the risk? If an app is free or cheap, what’s the harm? A good rule of thumb is to remember that nothing is free, so avoid those tempting offers. But also be aware that even apps that aren’t offered for cheap-or-free can introduce malware into your wonderful mobile device.
Most of us heard about the Netflix scam that surfaced in November of 2011. A rather inept criminal replicated the Netflix logo and sign-on screen well enough to fool lots of people. It didn’t look threatening, and had all the familiar characteristics of Netflix, however, the fake app, which detonated when downloaded, released a Trojan – a piece of code that opens up and releases malware. When the user logged in with a password, the malicious software sent the login data to an obscure URL. As it turns out, the Netflix scam didn’t do much damage, since all it gathered was sign-in data. Maybe its greatest achievement was to serve as a wake-up call to mobile users.
•Truly malicious code often hitches a ride on an app that appears harmless. Once released, it silently cruises through your device and gathers the email addresses of your contacts, your location history, your calling and browsing history, your texts, your photos and, perhaps most damaging, your purchasing history, including PINs and passwords. The data is smoothly and quietly transmitted to an obscure site where cyber-criminals either use the data themselves, or sell it to thieves who make use of it. What does the end-user cyber-criminal do with it? First, they may make huge purchases of merchandise with your credit card or bank information. All the information in your texts, emails and voice messages can be scanned for anything that might be of value. Your contacts’ addresses may be used for spreading viruses or spam, and text messages can be used as a spreading tool for malicious worms.
•Cleverly built stealth tools can begin dialing premium phone numbers at great expense to you, without your knowledge, consent or any sign of what’s taking place until you see your bill at the end of the month. These premium numbers pay the receiver of the call immediately, and can mean big dollars for the owners of the numbers. You’ve seen these numbers before – we used to call them “900” numbers. It costs money to call them.
•One of the worst scams involves replicating the style and logo of banks, retailers and credit card institutions. These fake screens, which may look very familiar, prompt users to contact them immediately. Usually, the message seems urgent, and wants you to verify your personal information — for your own good. The truth is, if your bank or credit card company needs to contact you, they will never send you a popup or email notice on your mobile device. Never, ever fall for this kind of phishing attempt. The good news is that these ploys have been around long enough that most users know not to buy in.
•Finally, some malware that travels on apps is able to dig down to the root of your mobile device, and actually reconfigure the system to its own advantage. It makes copies of your email and text transmissions and sends it on to be used for fraudulent purposes.
Apps are an essential part of owning a mobile device. What can you do to protect your information, your assets and your mobile phone? Always use secure sites, and check on your bank or retailers’ encryption status. Look carefully at your bills and monitor your phone’s battery use. Download apps that come from reputable developers and retailers. Note any odd behaviors on your mobile device. Never, ever update personal information over your phone for banks or retailers.Protect your device with a strong security package that will snag malware or alert you to threats. Read everything you can about an app before downloading it. By taking precautions, you can plan on hours of fun enjoying your new apps.