Apps and Privacy: Secure Your Mobile Data


Apps and Privacy graphic cover how to secure your mobile data and tips and tech to protect your data from hackers and bad actors.


apps and privacy
Share this graphic on your site!

Apps & Privacy: How To Secure Your Mobile Data

More than 9 in 10 Americans feel they’ve lost control of their personal data to companies who mine data from social media, connected devices, and more

Is Your Data Private?

Each day we generate 250 million terabytes of new data

Americans On Social Media:
Facebook: 68%
Instagram: 35%
Snapchat: 27%
Twitter: 24%

Every Second On The Internet:
946 Instagram photos
8,690 tweets
77,783 Google searches
2,845,459 emails

Are Your Apps Tracking You?

Google tracks much more than your search history and email

  • What apps you use and when
  • Android devices, Login with Google
  • What you watch, read, and search
  • YouTube, News, Books, & Google Search
  • Where you go or plan to go and when
  • Google Maps, Calendar
  • What you say after “Ok Google”

In one case, the file containing all Google’s data on a single person was 20 gigabytes, equal to a 12 million-page text file So, why bother tracking users? Developers use your data to generate more ad revenue from their apps

The Data Economy

By 2025, the market for in-app advertising will reach $234 billion

Advertising ID
Your “Advertising ID” is linked to your phone’s permanent hardware identifiers
MAC address, IMEI and Android ID
Google Privacy Policy allows developers to collect hardware identifiers and Advertising ID
BUT developer’s can’t combine these identifiers without consent
And permanent hardware identifiers can’t be used to target ads

According to one study, 1,700 Android apps collected permanent identifying information in violation of Google’s privacy policies
Fewer than 1 in 3 follow collect only the user’s Advertising ID
“We take these issues very seriously . . . and will take action when [apps] do not comply with out policies” — Google
BUT, Google also admits they’re unable to enforce privacy policies outside of their own ad networks
Each Google user’s data is worth about $182 — For Facebook, it’s $158
Ad networks will pay more to reach iPhones than Android, leading to rampant fraud

Click Fraud

  • Generates revenue for ad developers by placing false ad calls
  • Rather than disrupt the user experience, ads are played in the background
  • As a result, the device uses more data and drains the battery faster
  • Could potentially install more malicious code without the user knowing

In 2018, researchers identified:

  • 13 apps — with over 500K downloads that served no purpose except to install click fraud malware and used a hidden home screen icon to avoid detection
  • 22 apps — with over 2 million downloads containing click fraud malware undetected by Google Play protections
  • Apps that were legitimate may add malware later on
  • Hackers acquire an app with an existing user base
  • Develop bots that mimic real users using data tracking
  • Send bot traffic to the app to generate more ad revenue

You don’t need to use social media for your data to be compromised:

In one experiment, researchers could predict what someone would post on social media with 95% accuracy, even if that person never had an account


The Worst Apps For Privacy & How To Avoid Them

Facebook

In 2013, Facebook admitted to accidentally leaking information gathered on users — including phone numbers and email addresses that users hadn’t shared

Try This Instead

  • Review your permissions and privacy settings regularly
  • Choose the most limited settings to maintain functionality
  • Avoid sweepstakes and quizzes that require access to your account
  • Participating can share your data AND your friends
  • 270,000 people used the “This Is Your Digital Life” app for Facebook — but the app was able to gather data on 87 million people on behalf of Cambridge Analytica

Flashlight Apps

In 2013, the developers of “Brightest Flashlight Free” settled with the FTC after allegations that the app failed to inform users it shared location data and identifiers.

Try This Instead

  • Use the flashlight built into your operating system
  • iOS and Android have their own flashlights
  • Ask yourself if it makes sense that an app would need access to data
  • Requesting access that isn’t related to its core function is a red flag

Rideshare & Delivery Apps

In 2015, Apple CEO Tim Cook threatened to remove Uber from the App Store after learning the app was collecting iOS users’ hardware identifiers

Try This Instead

  • Turn off location data when you’re not using the app
  • There’s no reason these apps need to know where you are when you’re not using them

Avoid using “Sign in with Google” or “Login with Facebook”
Linking your accounts give apps access to huge amounts of personal information

Games

In 2019, New Mexico sued Tiny Lab Productions, and ad networks run by Google and Twitter, alleging their games compromised children’s right to privacy

Try This Instead

  • Monitor your phone’s battery life and data usage after installing a new app
  • Sudden changes are sign something isn’t right
  • Research the app before you download, to see if it’s legitimate
  • Search for the app or company and “data scandal” or “scam”

Tips & Tech: How To Protect Your Data

Use a Password Manager
Best passwords aren’t memorable – instead use a random string of characters
Reusing passwords leaves all your accounts vulnerable if one is breached

Try This
Keychain[iOS]
1Password [iOS & Android]

Virtual Private Network (VPN)
A VPN prevents other users on the same network from accessing your data
AND, a VPN keeps the internet open — getting around filtering and censors

Try This
ExpressVPN [iOS & Android]
Never trust a free VPN — maintaining a secure VPN is costly and free versions frequently harvest your data for themselves

Check For Data Breaches
Data breaches happen, periodically check if your data was leaked

Try This
Have I Been Pwned & Pwned Passwords: Securely search for your email and frequently used passwords in a database of recent hacks
Login History: Facebook and Google will show you what devices have signed on to your accounts and all active connections
Don’t be fooled by fake security checks into giving up your password — only use services recommended by a reputable source

Your data belongs to you. Be aware of what you share.

apps and privacy

Related: