I would like to start by reflecting a bit. 10 years ago, how many devices with the ability to connect to the Internet did we have in our homes? How many could we carry with us at all times? And above all, how many had cameras, microphones or sensors? The reality is that very few people had more than one device with these characteristics, either because of its high cost or simply because the technological trend did not yet exist.
The possibility of acquiring this technology is no longer limited to a specific social status or profession. According to an investigation carried out in Mexico by the newspaper “El Economista” in 2018, 9 out of 10 people have less device with the possibility of analyzing and processing information that will be shared using the Internet network. So now we must ask ourselves, how many of us know and are specific about the risks we have problems with due to the improper use of technology?
A smartphone has different types of technologies that collect and process information. They generally have cameras, microphones, and the ability to identify movement, proximity, amount of light, and even geographic location, biometric features, and vital signs. This information is used and / or shared by the applications that we install on our smartphone to provide us with a better experience in terms of entertainment, health, work, communication or lifestyle.
Therefore, the possibility that a cybercriminal manipulates one of these applications and manages to access the resources of our smartphones to steal personal or financial information, plan a kidnapping and / or murder, is very high, so it is extremely important to know how we can protect ourselves.
At the time, the best recommendation was to download applications from official stores, either GooglePlay or AppStore, and avoid installing applications that reach us by text message or from any unofficial website. In these applications there is an increased risk that they have been manipulated for malicious purposes; A cyber criminal will look for a way to convince us to download and install an application from an unofficial page, offering us some feature that is not enabled in the official version and / or avoid paying a subscription for the use of the application. It will even convince us to disable the security functions that smartphones have by default.
In recent years, potentially dangerous applications have been identified that are distributed even from official developer stores, so what should we do to keep our information and privacy protected?
When we download and install any application on our smartphones, a message is automatically displayed on the screen requesting the user’s permission to access very specific resources on our devices, for example: geographical location, contacts, image gallery, microphone , cameras, etc.
It is at this time when we can identify if the application is malicious or not and what could be the impact on our information and / or privacy. There are applications that, by their nature, necessarily require some of these resources, for example:
- Uber – You need to know our location to be able to assign us a car and determine service prices.
- Whatsapp – You need to know our contact list to establish private chat rooms with them.
- A game – You need to access motion, light, proximity sensors, etc. to give us a more real and entertaining experience.
- Spotify – You need to access 4G / Wifi communication technologies to play your content.
A malicious application or one that was modified by a cyber criminal will ask us to authorize access to resources that are not essential for its operation, for example:
- Flashlight – You need to access the contact list, microphones, cameras, 4G / wifi communication technologies, image gallery, biometric data.
As it is a simple flashlight application whose sole purpose is to activate the device’s backlight to see in the dark, why do you need to access “contact list, microphones, cameras, 4G / wifi communication technologies, image gallery and biometric data ”?
Applications like this one are developed not only to fulfill a specific task, but to seize users’ personal and / or corporate information for malicious purposes such as identity theft, financial fraud, harassment, kidnapping, etc.
In conclusion, the most efficient way to protect our information is by knowing and understanding the permissions we grant to the applications that we install on our smartphones, to prevent them from accessing resources or peripherals that are essential for their operation and only imply a risk to the security. When installing and using a new application, we must evaluate the benefits vs. the risks and thus determine if it is worth using or not.