Print Friendly, PDF & Email

I know it has been a while since the last post went out. A lot has changed at Invario since May. The major being that Gladys Pope has retired after 18 years of dedicated service to Invario to spend more time with her husband, children and grandchildren. We thank her for all she has done for Invario and wish her the very best, while struggling to accomplish what she did so well.

More about changes at Invario in future posts, right now I want to talk about smartphone apps and how you may be getting more than you bargained for. A recent study done by a group called snoopwall.com looked at the 10 most popular flashlight apps for android phones and found that ALL of them did much more than simply turn on the light on your phone.

If an app is free to use, its business model could involve selling customer data. Some apps could also be "developed by professional cyber criminals, enemy nation states for spying, or by hackers for malicious reasons",snoopwall warns.

In the report from the link above, they recommend 5 steps to secure your phone. Unfortunately most involve drastically reducing the functionality of your phone, like turning off the GPS locator, Bluetooth and putting masking tape over the camera. Personally, I think those measures go too far in reducing functionality of your smartphone. In this day in age, who of us is going to turn on GPS, and wait for satellite acquisition to find out how long we will be stuck in traffic? Our lifestyle demands answers as fast as possible and these functions will likely not be turned off for long. So what can we do to get what we want without being a sitting duck?

Invario Recommendations to protect your Smartphone

  1. Have the screen lock when idle and type a quick code to open the phone. Very important if your phone is ever lost.
  2. Get in the habit of paying for apps. Even though this is no guarantee that you will be installing a ‘safe’ app, you are much less likely to have “extra features” if you are paying for what you want. Most apps cost less than $5 so this should not be a great financial burden. Encourage you kids to buy their apps as well. Then as a parent and bill payer you will know what is on their phones without snooping.
  3. The smaller the size of the application the likely better. The popular free flashlight apps are 1-5MB in size when the code needed to do this function need not be over 150kb. Makes you wonder what the other 90-95% of the code is doing. From what I have been able to find out, nobody knows what the code does except the makers of the app. At the very least this extra code will negatively affect your battery life.
  4. Snoopwall.com has released a free app that they claim as a private flashlight app that does not do any snooping. Total size 72k
  5. Read the fine print. This is easier said than done. The Federal Trade Commission found that a popular Android app, "Brightest Flashlight Free" has been collecting users' personal data including location and device ID and sharing it with advertisers without their consent. The only result of this investigation is now “Brightest Flashlight Free” has a long disclaimer describing how your information will be shared with advertisers. So consider yourself warned, I guess. Read more:
  6. At this time, I would recommend against doing any online banking or anything that could affect your wallet on your phone. Avoid using your e-mail contact list for storing passwords, Credit Card Numbers and account numbers or be extremely careful about what apps have access to your contacts.
  7. Finally, I would suggest moving to two-factor authentication when accessing anything that requires a password on your smart phone.

TWO Factor Authentication

Two Factor Authentication is a more secure way to logon to computer system. It works like this. First you are asked to authenticate with something you know and then a second authentication with something your have.

What you know would be your username and password to your account.

What you have is a cell phone or e-mail address. A verification code is sent to these devices to complete logon. The good news is that this second factor happens only once per trusted computer and browser.

Below is a link to a good article on how to secure your Facebook account with the authenticator app. I was able to set this up pretty easily and it worked for me. However, I suggest setting up some trusted friends in Facebook, so if you do get locked out of your account, they will be able to send you a code that will get you back in.

Link to setup Microsoft Authenticator with Facebook.

Facebook Security Settings

Facebook Security Settings

Final Thoughts

Having information leave your phone on to an unknown third party without your knowledge or consent is certainly a violation of privacy, but when does it become a crime? The stealers of information protect themselves with a long a cryptic license agreement that we must accept in order to use the app. I may not care that Walmart knows I shop at Target, but I certainly don’t want to give just anyone access to my bank account, credit cards or Facebook page. What the license agreement does not disclose is how the data they collect will be used or sold. It is the use of the data that is harmful. The collection is only the first benign step.

So be very careful with passwords on your smart phone. Assume your phone is insecure and the more apps you have the more likely you are transmitting your personal information. If in doubt contact you Invario Network Engineer.

INVARIO REFERRAL$

If you know of a company that would be interested in the services of Invario Network Engineers, please reply to this e-mail with your suggestions, and with whom we should contact.

That is all you will have to do! Upon receipt of the first payment from a new customer, Invario will pay 10% of the retainer or labor portion of the first project to the referring person or company. If a new customer signs up for a Worry-Free IT or Server contract the referring party would receive the equivalent of one month of the agreed to contract.

Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

FEEDBACK

If there is an IT topic you would like to know more about please e-mail me your suggestions.

Dave Wilson