With recent news about trustworthy apps such as SHAREIt and a popular barcode scanner app going rogue, you may be developing trust issues with your apps. Here’s what’s going on and how to protect yourself.
Annoying pop-ups on your phone? Scam texts? Phone acting strangely? Or perhaps you’ve been unlucky enough to fund someone else’s shopping spree? If so, it may be that one of your apps is working against you. The app itself could be bad, or it may have been compromised by a third party.
Recently, a simple barcode scanner app trusted by millions could have infected up to 10 million users. LavaBird Ltd is a company that makes and sells apps. Although they were the original publisher of Barcode Scanner, they sold the app to another company, ‘The space team’. Whether intentionally or not, ‘The space team’ released an update to Barcode Scanner that included malicious code – turning a once-trusted app into adware.
Using updates to launch attacks is sneaky, as this method makes it harder for you to identify the source of malware or adware on your phone.
If you have been happily using an app safely for weeks or months, you’ll be less likely to suspect it when things start to go wrong. Most apps are vulnerable to this kind of attack due to their use of third party libraries, or SDKs. These are often used by app developers to speed up the development of an app, or to get advertising into a free app, but can also make them less secure.
Good App Gone Bad
In another case of our trusted apps turning against us, earlier this week the SHAREit app was discovered to contain serious bugs. Not only does it have 1 billion downloads, but before ownership of the app changed hands to Smart Media4U Technology, it was pre-installed onto Windows laptops and Lenovo phones.
You would be forgiven for thinking such an app the epitome of trustworthiness. However, Trend Micro said that the Android version of the app could not only steal your personal information, but it might even be used as a backdoor to take over your phone.
App Stores: Is Google Less Safe Than Apple?
While going through an official app store is good practice, it’s not a 100% guarantee of safety, on either platform.
Apple is certainly not immune from dangerous apps. A developer called SourMint left a bad taste in the mouths of iOS users by endangering 1,200 apps (amounting to over 300 million downloads per month) with its malicious and data-leaking Mintegral SDK.
How Can You Defend Yourself?
Keep your friends close but your enemies closer is a saying that does not apply to mobile apps.
With an ever-increasing internet of things, from smart watches to everyone’s favourite robot – Alexa, our cyber enemies have more ways than ever to attack us.
It’s not surprising that 2020, the year where 5G has increased bandwidths and working from home has increased our flexibility around mobile use, cyber-attacks have also increased. According to the FBI, for example, there has been a 300% increase in reported cybercrimes in the USA.
But there are ways you can protect yourself against these attacks, even as attack methods become sneakier and harder to detect:
- Look for warning signs such as pop-up ads, slower running times, a surge in data usage, battery draining quickly, pop up ads or any kind of reduced performance.
- Think before you download an app and read reviews critically.
- Always download from an official app store like Google Play or App Store.
- Use mobile security software such as Traced that detects permissions abuse from apps that exist on your device
It’s likely that if you’re reading this, you’re already someone who downloads your apps from legitimate places such as Google Play Store or Apple’s App Store. This is a good security measure – but as we’ve learnt, not failsafe.
And I’m also guessing that you read reviews for apps before you download them. That’s also wise. But remember that even good apps may go rotten over time.
Also, be aware of ‘greyware’ which is basically legitimate, but can carry out unwanted actions, whether that’s unwanted ads or unnecessary snooping.
If you’re an Android user, Traced can be used to arm you against the good, the grey and the ugly of the app world, providing you with clear information on what your apps have been doing and when.
So remember, it’s not you… but it might be your apps. And there are plenty more in the sea, so be picky my friend.