Sometimes mobile apps do more than we think they do.
Researchers at the Kromtech Security Center discovered personal data being collected by a smartphone virtual keyboard app on its 31 million users, as reported by The Hacker News.
The leaked information included:
- Full name, phone number, and email address
- Device name, screen resolution, and model details
- Android version, IMSI number, and IMEI number
- Mobile network name, country of residence, and even user-enabled languages
- IP address (if available) along with GPS location (longitude/latitude)
- Links and the information associated with the social media profiles, including birth date, emails, and photos
When you install a recommended app, do you read the list of items on your device the app will have access to? Are you comfortable with an app collecting your list of contacts, your location, or even your date of birth?
Even for relatively non-intrusive apps such as a keyboard app, the user needs to be cautions about what they allow access to on their mobile device. Unnecessary data may be collected without ill intent, but we now see it can be leaked and used nefariously.
When installing an app, don’t hurry through the sign-up process. Pay attention to what data the app is able to access.
Read the original article here.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.