When searching the app store (on a budget), we come across millions of “free” apps and we are inclined to download them. What is the difference between paying for an app or using the free version?
Most people don’t care about the application requirements to download, it’s all about quick access to the app vs. security awareness – aka the permissions you are granting this application pertaining to the access that will be granted to your potential PII (Personal Identifiable Information).
When you download an app, regardless of the cost, you should ensure that the permissions being granted are necessary and fair for the nature of the application. For example, I once required a scientific calculator so I opted for a free app vs. spending $3.99 for a similar product. Upon install, the app wanted access to;
- Contacts
- Location Services (GPS)
- Camera/Album
- Audio/Video Capability
- Storage
This was troubling because the nature of the application was to ultimately be a calculator, so why would I grant the app that level of access to my personal information? The answer was clearly to look for another app that didn’t ask for content that was not required of it to run.
PERFORM THIS CHECK! By agreeing to those terms/requirements, you are providing an external entity access to PII and a lot more. The app can pull metadata on where you are, potentially who you are with, record audio, and much more. This is an overuse of express consent, which is strictly defined in PIPEDA (Personal Information Protection and Electronic Documents Act). This is an invasion of privacy at its core, this is not something to take lightly as we must ensure personal content remains protected.
This doesn’t mean you cannot download free apps, it means you should remain situationally aware to what you are installing so you can help protect your personal data.
Additionally, there are often hidden fees and/or hidden libraries of other applications that install themselves as part of the download without the user knowing. Conversely, the permissions you grant the parent application, apply to all those installed in this hidden bundle.
Take those few extra minutes to deeply examine what you are installing. Read reviews, look at publication information of the app, and ensure that the permissions being requested are needed for the nature of the app.
Doing this will help to raise your overall security awareness, build a stronger resiliency to mobile/cyber threats, and ultimately help to protect your personal information.
We must be vigilant, we must be ready, and most of all, we must be educated!
Adam Zimmerman, Security Solutions Architect
CDW Canada
With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is helping organizations build strong security practices and prepare for potential attacks.
Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa. Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.
Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.