January 2, 2014

Beware of Snoopy Technology Apps

When I wrote this blog, I suspected it was just the tip of the iceberg. With the disclosure of what our National Security Agency (NSA) is collecting about us, it should be no surprise that our technology companies are doing the same. They are collecting information about you and making it possible in some cases for others to do the same. Some of this is through ignorance, but some is not. Sales or additional income drives much of this collection of data about you.

This article from PC World is rather disturbing about how Americans and others are being used to collect data. When the president of the United States is not allowed to have an iPhone, but is limited to a BlackBerry, you know security is behind this. Of course, neither the president nor the Secret Service is willing to say exactly how security could be compromised with an iPhone. One security risk is the unpredictable nature of both iPhone and Android apps. An information security company called Trustwave said this month that file-sharing apps for iPhones and iPads can compromise user security —even simple picture-sharing apps or apps that enable users to exchange documents.

Hewlett-Packard conducted a study about the security of business apps and found that more than 90 percent of those apps had privacy or security flaws. Many of them give themselves permission to access phone features and user data that make no sense for the apps. Many of the flaws coincide with unencrypted data and insecure protocols. About 20 percent of the apps send user data via unprotected HTTP and about the same use HTTPS, but don't get it right. Other problems were found that could compromise user security and privacy not through malice, but through incompetence.

Another report from Trend Micro is disturbing also. The company found that there are now one million “malware and high risk apps” in the wild. These apps are those that aggressively serve up ads that lead to dubious sites and are about one quarter of the total apps. A good number of these apps open up an insecure file server on the device, which makes the file vulnerable to copying and even for malicious crackers to upload files of their own because many apps don't require user authentication. This can be compounded by apps running on older versions of the operating system.

Anyway you slice this, security problems grow with added apps regardless of the platform they are installed on. We all need to be cautious and not rely on an app being secure because it is highly rated or popular. Education is the best defense and even then we are not infallible. The best defense is that users need to realize that the Apple App Store, the Google Play Store, and other Android stores are laden with apps that can compromise your security and privacy without you even knowing about it.

Even if this is not about diabetes, you still need to know that your diabetes data stored or transmitted via cell phones, iPhones, iPads, and Android cell phone and tablets may not be secure.

No comments: