The wonderful world of apps


We looked at apps a little on the mobile security page but they are well worth having a page all by themselves. On this page I’ll take you through what to look out for when choosing, installing and using apps.

If you own a smartphone then you’ve used an app, short for application. Apps provide a great deal of customisation and utility to smartphones. Don’t like the default messenger app? Change it. Want a more comprehensive settings menu? Download a new one. You can find an app for more or less anything.

Just like a program you install on your laptop or desktop PC, apps carry their own inherent security risks and you should bear this in mind when using them.


Permissions

View Google Play's app permissions here

First things first, say you want a new calendar app, you’ll most likely search “calendar” and be presented with a long list of potential candidates. If you don’t have a specific app in mind, then take your time to compare a few. Look at the reviews, the ratings, the number of downloads etc. If an app has a high number of downloads and a consistently high rating you’ve most likely got a winner. Even so, read a few reviews maybe other users have a specific gripe that would get to you as well, perhaps there’s a key feature you need that it doesn’t have.

Once you’ve chosen the app you want from the sea of similar apps, checked the reviews, read a few and are happy with your choice, you’ll click install. But the vetting process doesn’t end there! Next you’ll be greeted by a page asking you to provide certain permissions to said app. But what do they mean?

Some are quite self-explanatory and other sound downright devious but understanding roughly what each one means is key to choosing the right app for you. Taken directly from Google’s support pages, here is a list of the permissions you might come across and a brief explanation of what they mean and an example of where you might see them used.

It isn’t necessary to read the following in its entirety, simply look for permissions you aren’t sure about for a brief description and common usage. For full descriptions see Google’s support page.

  • In-app purchases – commonly seen in freemium games, which might allow you to buy an in-game currency or digital items, and apps which might allow you to disable ads for a small fee.
  • Device & app history – you might see this permission come up in third party task manager apps for example.
  • Cellular data settings – this could be used in an app which automates your mobile data connection based on times/locations.
  • Identity – social media apps will ask for this permission, particularly those that provide the option to sync contacts, like Facebook for example.
  • Contacts – again, social media apps are likely to use this permission, or apps which can write directly to your contacts, an email client for example.
  • Calendar – third party calendar apps, social media and event planning apps will use this permission.
  • Location – more and more apps have a location based aspect to them, like attaching your current location to a post or changing your settings based on your location. These options are usually toggle-able however.
  • SMS – used by any third party messaging apps or an app which allows you to block spam texts.
  • Phone – potentially used by apps which allow you to block numbers; third party phone apps; could also cover any app that allows you to call from within the app itself.
  • Photos/Media/Files – device/file managers will ask for this permission also anything else that might access your files: a gallery, music or video app for example.
  • Camera – anything that uses your camera. Like a video chat or photo sharing app.
  • Microphone – anything that records or uses the microphone. As above, video chat apps, phone apps or dictation.
  • Wi-Fi connection information – similar to Cellular data settings, a third party app may automate turning your Wi-Fi on or off.
  • Bluetooth connection information – an app which allows you to connect to a TV, games console, or PC via Bluetooth may ask for this permission.
  • Wearable sensors/activity data – this covers apps which make use of onboard heartbeat sensors, pedometers and other such items.
  • Device ID & call information – a lesser used permission which might pop up in activity monitors and other such apps.
  • Other – covers the ability to read your social media streams, write to those streams and access subscribed feeds, amongst others. This one is interesting because you will be prompted to review an app if it updates and adds a permission in the “other” category.

As I’ve hopefully illustrated most permissions are actually quite logical: a messaging app needs access to your messages and video apps needs access to your camera etc. Bear in mind that just because an app askes for a certain permission doesn’t mean it will use it by default, often you have to enable, or can disable, features you don’t like. For example the Facebook app asks for permission to view your contacts but will only use this is you choose to sync contacts using Facebook. Generally speaking it’s only dodgy apps which have nothing to lose that will abuse permissions.


Where are your apps from?

The vast majority of people are likely to just get their apps from Google Play or the App Store, depending on their operating system. On Android, more so than iOS, it is very simple to get your apps from elsewhere. There are a fair few third-party app stores out there, including Amazon and Samsung’s stores. More often than not these app stores are quite safe. If you want to make doubly sure then check out the given app stores review process for apps: some are very strict other are more lenient and may let nasty apps slip through the net.

Outside of app stores it is very simple, particularly on Android, to install apps from almost anywhere on your device. All you need is to allow installing from “unknown sources” and access to the .APK of the app you want. It’s pretty much that simple. The downside of Android’s open nature is that you can unwittingly install dodgy apps which haven’t been vetted by an app store. By no means are app stores infallible but it’s certainly better than nothing.

iOS, as an operating system, doesn’t fall foul of this issue. As an out-of-the-box OS it is extremely secure and very difficult, or virtually impossible, to mess with. It is only when users start Jailbreaking their phones that they become truly vulnerable. Jailbreaking is similar to “rooting” on an Android device and allows the user to remove some of the limitations put in place by the device manufacturer. Once jailbroken an Apple device is potentially vulnerable to infection and exploitation by nasty apps, as the very same limitations you are removing protect you. Disclaimer: From a security standpoint it is not recommended to jailbreak your device and you do so at your own risk, this goes for “rooting” an Android device as well.


Conclusion

Mobile devices are everywhere. You are considered strange if you don’t have, at the very least, a smartphone. This proliferation of mobile tech has unfortunately made them a prime target for malware. Android malware is certainly on the rise and it’s only a matter of time before the same can be said of iOS and Windows. Be sure to get protected sooner rather than later: a strong anti-virus solution as a minimum; anti-theft and encryption as next steps. Defending your mobile devices is as important as defending your desktop.