Symantec released new research this morning on mobile app privacy
and fraudulent Google Play apps
that you may find useful for any mobile device and privacy stories.
While most are eager to click “accept” and “next” when we download a new app, we really should take the time to
understand what information we are sharing, how it’s used and if the app developer is protecting our privacy.
One such example is an Android flashlight app that has more than 10 million downloads and requests access to users’
calls, messages, camera, and more. Do you really want to give that app developer access to such personal information to
use a flashlight? Probably not.
After analysing the top 100 free apps in the Google Play and Apple App Stores, Symantec found many apps may be
requesting risky permissions or excessive access to user’s personal information:
• 45 percent of the most popular Android apps and 25 percent of the most popular iOS apps request location tracking.
• 46 percent of popular Android apps and 25 percent of popular iOS apps request access to a device’s camera.
• Some Android apps even ask to access SMS messages (15 percent) and phone call logs (10 percent).
• Other apps employ very poor security and privacy practices, requesting risky permissions yet do not have any kind of
Below is a list of best practices for choosing and downloading apps, along with easy steps for users to take back
control of their privacy. I also have a security expert on hand if you have further questions.
Before you install an app, Symantec encourages asking a few questions:
1. Do I know what information and permissions an app is asking?
2. Am I comfortable sharing personal information with this app developer?
3. Does the app really need the device permissions it is requesting?
How to avoid granting excessive permissions if you have already installed the app:
• In the case of Android apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on
Permissions. Removing permissions may cause a poorly designed app to stop working. Well-designed apps will indicate if
they need a permission when you attempt to perform the function that requires it.
• In the case of iOS apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on
How to protect your personal information:
• Ideally, don't sign into an app using your social networking site account. If you do, check what data the app will
receive from the social network account.
• If you do sign into apps using your social network account, be frugal about how much information you provide in your
public profile on social networking sites.
• When you post data to a social networking site from an app, think about whether you want the social networking
site to have this information about your app.
How to check what apps are using data from your Facebook account:
• Go to the small down-arrow at the top right of the homepage and select Settings.
• Select “Apps & Websites in the menu on the left to discover what apps are actively using your data.
• Select each app to view and edit the permissions on the data it uses.
How to check what apps are using data from your Google account:
• Here you can review and edit what third-party apps have access to your Google account.
• You can also review and edit which apps are using Google for sign in and what information is being shared with