Is Your Smart Phone Spying on You?
Is your smart phone spying on you? In short, yes. Follow the simple guide below to find out how to protect yourself.
Apple
Frequent Locations
iPhones track your location data down to the minute.
Who uses this information:
- Third party advertisement: If you visit a shoe store, you might receive shoe advertisements.
- Apps: Apps may request permission to access your frequent locations. This may be useful for some things such as viewing local weather or calculating ETAs from your location.
How to stop it:
- Settings > Privacy > Location Services > System Services > Frequent Locations
- There is a toggle for turning on and off frequent Locations and Improve Maps
Identifier for Advertising (IDFA)
This allows developers and marketers to track your activity. They use this data for targeted advertising on apps and web pages.
How to stop it:
- General > About > Advertising
- There is a toggle to turn on Limit Ad Tracking
Microsoft
Windows 10
The new updated Windows 10 tracks just about everything you do.
Here is a section of the Windows 10 terms:
Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
How to stop it:
Many methods are available, with varying effectiveness:
- InPrivate Mode – Setting you browser to InPrivate mode does not completely cover your tracks
- Unchecking all tracking pages upon opening – This has been tested (even with a DisableWinTracking tool) and found it still tracked some information.
Google/Android
Voice Commands
Every voice command you make on your android phone is logged. These recordings should only be available to you but the idea of possibly having any personal information stored may be unnerving to some. Every Google device records and stores voice commands.
How to stop it:
- Settings > Account > Google > Sign In > Personal Info & privacy > Activity Controls > Voice & Audio Activity
- There is a toggle to turn this off. You can also delete all saved recordings.
Location Tracking
Just Like Apple, Android tracks your location. Google doesn’t limit their tracking to cell phones. They continue tracking you from your desktop computer, if you leave your Google account logged in.
Who uses this information:
- Third party advertisement: If you visit a shoe store, you might receive shoe advertisements.
- Apps: Apps may request permission to access your frequent locations. This may be useful for some things such as viewing local weather or calculating ETAs from your location.
How to stop it:
- Settings > Account > Google > Sign In > Personal Info & privacy >Google Location History
- The you can toggle this off and you can delete location history
Android Advertising ID
Similar to Apple’s Identifier for Advertising, Google takes information from your search activity to use for targeted advertising. You see these within apps downloaded from Google Play.
How to stop it:
- Settings > Account > Google > Sign In > Personal Info & privacy > Ads Services
- This will take you to a web page to manage the ad settings. Then you can toggle it off.
- You can also reset the ID which clears past data. This can be helpful if you still want to see ads tailored to you but not about something you recently searched about. You can even delete and add interests to better tailor the ads.
This will not stop the ads but will stop the targeted ads based on your search history.
How to Download Apps Safely
As of July 2015, the Google App Store has 1.6 million apps and the Apple App Store has 1.5 million apps. With an ever-growing universe of apps available, the chances of getting a compromised or infected app are on the rise.
More than 85 billion apps have been downloaded from the Apple App Store since October of 2014 and that number is growing substantially. All that traffic leaves a lot of room for hackers to gain a footing. To stay safe, you should take precautions, learn which download sources are reputable, and do a little research.
Take Precautions
Before even looking for apps for you device you need to guard yourself against any malware that might get through. Before installing anything new, make sure that your device’s operating system and existing software are fully up to date.
Anti-virus and Firewall – Use an anti-virus application that scans every app you install. It should also scan updates and block malware.
Stay Updated – Update your web browsers and operating systems. Updates to these often include important security patches. Once a security patch is released to the public, you have very little time to apply the update before hackers have figured out how to exploit it. This is why it is so important to update early and often!
Where to Buy and Not to Buy
Buy from Here…
Google App Store, Apple App Store, Windows Store – For all devices, use the default app store that comes installed with the device. Most app stores have a screening process which weeds out most malicious code. If you do happen to find something bad, you can report the app to: Google, Apple, or Windows
Not from Here…
DarkSideLoader
The DarkSideLoader is a rogue app store for iOS phones and tablets. This app store lets user download unusual, unapproved apps alongside normal apps which are offered free of charge (as in stolen).
What are the Dangers?
Downloading compromised apps from DarkSideLoader can make you lose control of your phone and receive unwanted installations. Compromised or malicious applications can be very dangerous to your phone and personal information. Here are a few examples of what these “rogue apps” can do to your phone:
- Operating System Access Through API Access
- Root Devices
- Install Apps Without Permission
- Communicate With Malicious Sites on Internet
- Malware Installation
Any third party app store can have these potential problems
Check if you have a rogue app on your Android device
Do Your Research
There are many things you can look for to check if an app is dangerous. While it can be easy to just click download, you should do a little research beforehand. Here are a few common safety checks:
Reviews – Read some reviews about the app. If there is a known problem it will most likely be expressed in a review. You can find reviews in the app store you are using.
Developer Information – Research the developer to find out how popular they are. Make sure the developer exists in the real world. Usually there is a link in the app store to the developer’s website. Browse through some of the top app developers of 2016.
Permissions – Make sure to read and understand the permissions before granting anything to a new app. Learn more about permissions and why apps need access to certain things.
Star Ratings – Similar to reviews, a star rating will most likely be fairly low if users experienced problems with the app. Again, this is available on the app store you are using.
Download Count – If an app has a high download count the chances of it being safe are higher.
Outside Forums – Still not sure? Google the app and find out what others are writing about it. Users love to post information like this to Reddit or other discussion forums.
Masque Attack
Masque Attack was a recent vulnerability involving Apple’s mobile operating system that would allow hackers to use web pages, text messages, and emails to trick people into downloading fake apps that disclose personal information.
The concern is that fake apps resembling real apps such as banks or email program could replace genuine apps installed through the App Store, and siphon personal data without user knowledge. Obviously there is a potential for a sneaky vulnerability on any device, but it’s noteworthy for Apple, which many of its users consider more resistant to hacks and problems.
There is no evidence the vulnerability is being used in the US, but the bug affects iOS 7 or later. 95 percent of Apple mobile devices could be vulnerable.
Apple issued a statement about the matter, that it does not know of any customers who were affected by the issue, and to only download apps from trusted sources.
How To Avoid This, whether you use an iPhone, or an Android or Windows device:
- Don’t install apps from third party sources. Only use Apple’s App store (or the appropriate one to your device) or your own organization if it has apps.
- Don’t click ‘install’ from a popup, even if the popup seems legitimate.
- If iOS says “Untrusted App Developer” click on “Don’t Trust” and uninstall the app.
iCloud Hack and Compromising Data
Take a photo – it will last longer. But do you really want it to?
By now practically everyone has heard about the hacker that managed to acquire private, compromising celebrity photos and post them to distribute on websites. While all the details are still being worked out, the most common theory is that the hacker managed to get to these photos through the use of brute force software and an exploit or hack in iCloud, Apple’s iPhone cloud service.
This particular episode in questionable internet security is making news because of the enraged celebrity targets and the wildfire pace at which the images are making their rounds, but this sort of data breach could happen to anyone. And until Apple and investigators figure out and announce just what happened, users are left trying to keep things secure as possible.
What can you do to keep your data secure?
Strong Passwords
Email is inherently unsecure. Do you really need a backup of all of your emails sent up to a vulnerable cloud too? It’s likely your work email is backed up by your employer and usually personal email providers backup their own email servers, so don’t allow your email to be copied to a cloud too. If you truly need an important email for reference later? Go old school: print it out and store it in a safe or forward it to an encrypted email server for storage.
Photo Stream
Cloud storage is not inherently the most secure way to keep data, and it’s also known as a potential target for hackers. Incidentally, if you have an Apple phone or tablet, Photo Stream may be active and you might not even know it.
You can disable the Photo Stream by doing the following: Go to “Settings,” then “Storage & Backup” and stop the “Photo Stream” feature. This will stop all your photos from automatically uploading to the cloud.
Android and other phones have their own means of cloud backups to check into as well. Some require setting up manually, and others may prompt you to activate them. Read the messages you are given, and check into your settings from time to time.
2-Step Verification
Although it may not have helped in the case of the iCloud hack, 2-Step Verification increases security in devices, and many services including Apple, Twitter, and Gmail have it. 2-Step verification requires that after the user enters a password, you go through an additional step of verification (such as entering a code you are texted) on new devices.
Precautions
Without blaming the victim, keeping compromising photos off easily accessible devices warrants mentioning as well. While phones make it easy to take and send a quick snapshot, this is not inherently secure. And on the user-end, even if your own tech is secure remember that any photo you send to someone else could end up on the wilds of the internet.
If you want to take those potentially compromising photos? A camera may be a better option.