Memorial Day has come and gone, and our family is planning its summer vacation. Bet yours is, too. One lesson we learned the hard way recently is that the mobile devices every family member carries contain WAY too much personal information, and that if they are lost or stolen, it can create a significant privacy and financial risk.
But did you know that one of the biggest risks to your privacy (and safety) isn’t a lost or stolen mobile device — it’s the apps you install on that device? A recent Bitdefender study analyzed 836,021 Android applications available in the Google app store, and found:
- 35% of the apps analyzed can track a user’s location
- 3% can track a user’s location without their knowledge even when the app is running in the background
- 6% can send the device location over the Internet
Lest that last number seem small, consider this bit of data from the report: 3% of the apps analyzed in the study can divulge e-mail addresses over the internet – and of these, 1,749 apps uploaded the address over an encrypted connection, while 1,661 sent the information over an unencrypted connection that could easily be intercepted. How many of these apps are on your phone — or your child’s? In a press release about the study, Catalin Cosoi, chief security strategist at Bitdefender says, “Our latest study shows that most smartphone or tablet owners have at least one app – and probably several – that could be used to siphon sensitive data that could put the owners at risk.”
And think about this for a minute. Most of the apps you (and your kids) download from the app stores are free, right? So how are the companies staying in business? Many of them offer “in app purchases”, and make their money that way. Some sell ads to third parties, which support the app.
But one of the games my grandson likes best has no visible means of support — no in app purchases, no ads, no cost to download or play. On the other hand, when I checked the app’s technical specs, it was collecting a ton of data about my teenager, from his location to his contacts, to how much time he spent playing the game and where he was when he was playing. What are they doing with the data? Who are they selling it to? I don’t know — but that game is no longer on his cell phone, and he’s blocked from downloading it again. If you can’t clearly identify where the product makes its money, and what they’re selling, then information about you is probably the product being sold.
What kind of risks are you running with your mobile device usage? How about:
- An unhappy ex or stalker tracking your location and showing up unannounced (It happened to a friend, whose 18-year-old daughter was the victim of a deranged stalker who followed them on a vacation, using the girl’s “check-ins” on Foursquare to figure out where they were.)
- Your home being burglarized while you’re on vacation (USA Today says that home burglaries are highest during July and August, and that social media postings are a contributing factor in many break-ins.)
- Financial fraud or identity theft (If you are using a mobile device to buy an airline ticket or print a boarding pass, and someone intercepts your traffic, they may be getting your credit card and personal identification information, too.)
Staying Safe on Vacation
If you’re like me, when you go on vacation, you want to forget about everything except enjoying your family and your travels. But it’s important to think about online security, too. Here are some tips that can help keep your family and your personal information safe while you travel.
- Use secure Wi-Fi hotspots: When you travel, the lure of a free Wi-Fi hotspot can be hard to pass up, but free Wi-Fi hotspots are prone to traffic sniffing and malware distribution. That guy sitting next to you at the airport, hotel lobby, or even on the beach may be a hacker intercepting your online activity. This kind of “man in the middle” attack can let someone see every bit of information you access, including your banking credentials. It’s a very real threat, and it’s as easy as turning on a personal hotspot on a cell phone and letting others use it while you run a program that captures their data.
- Pay close attention to mobile apps: If you need to download apps to help you navigate a strange city, be sure to install only mobile apps from trusted, reputable sources. Otherwise, pirated apps might share your contacts, location services, photos, microphone or webcam, and other sensitive data and features.
- Backup your personal data at home or in the cloud: If your device is used for both business and personal data, don’t put yourself in the position of losing personal data if your employer has to remotely wipe a lost or stolen device (or if you leave your job for any reason). Companies are required by law to take steps to protect customer data that might inadvertently be on your mobile device, and more and more employees are finding themselves up the creek because they didn’t back-up their personal information and contacts.
- Password-protect and encrypt your device: If someone steals or finds your device, blocking that person from accessing your private pictures, contact list or text messages is definitely reassuring. It is vital to lock your mobile device screen with a PIN, strong password or even your fingerprints. Strong passwords protect your privacy.
- Do not access links or open attachments from random e-mails or texts: E-mails and texts received on a mobile device can carry malware in attachments or include links to dangerous pages. Ransomware and other financial malware are also known to spread via especially crafted social engineering schemes. Ransomware is when the hacker locks up your device, and you have to pay a fee to get it “repaired” — and it’s increasingly popular. One of my sons has been faced with that several times, and we still haven’t figured out where he’s getting the malware. It must be from a website he visits fairly often, because we’ve had to clean up his laptop four or five times in the last year. Just don’t click on links from someone you don’t know — and if there is anything odd about the text or email you get from someone you do know, check with them to make sure they sent it and weren’t the victim of a hijacker, before you open it. A good antivirus solution — I use Zone Alarm, of course — is also important.
- Be careful about revealing your location: Checking-in at restaurants, bars, hotels or landmarks may be fun, but it is not privacy-friendly. Mobile device users should disable GPS technology before taking photos with smartphones if they later plan to post these photos online.
Last, but not least, be careful where you keep your cell phone while you’re on vacation. Don’t leave it in a bag next to your beach chair while you nap — and be wary of shoulder bags and easy-to-snag purses, since those are common targets of thieves and pickpockets. If you wear pants with front and back pockets, keep your phone (and your wallet) in your front pocket. And consider a more secure solution (like one of the pouches you wear under your clothing) for passports and cell phones if you’re travelling to Asia or Africa, where American tourists are often considered prime targets for pick-pockets.