The Federal Trade Commission (FTC) reports that in one year alone, $57 million was lost through phishing schemes. Many hackers manipulate email, smartphone apps, online ads, and web browsers to gain access to sensitive data.
Although mobile phones and apps can be convenient ways to get things done, communicate, and be entertained, they can also come with security risks. Most recently, the popular social media app Tik Tok has come under fire for its questionable practices.
Tik Tok Controversy
The Wall Street Journal reported in early August 2020 that Tik Tok was tracking the activity of Android users under the radar. While the app has also reportedly stopped tracking smartphone users’ activities, the tactic went against privacy guidelines and Google’s stipulations. The app not only tracked the phones’ MAC addresses, but did not allow users to opt out of ad tracking.
A phone’s MAC (media access control) address is a unique hardware identifier that is used by online networks to send and receive data packets. While this may not sound like it matters much, ad tracking is something your Smart TV, smartphone, tablet, or computer can do because of a MAC address. Ad tracking is normally something owners of these devices can turn off or opt out of.
Some smartphone users do not mind ad tracking software since it can create a more localized and personalized ad experience. However, others do not want advertisers to have access to web browsing or content viewing habits. While ad tracking is not necessarily malicious in and of itself, it can raise privacy concerns.
Tik Tok’s practice revealed the concern that specific devices can be identified as being tied to specific users or user profiles, instead of being anonymous to advertisers and other organizations that may have access to advertisers’ data. Another concern is the social media app reportedly hid the practice of tracking MAC addresses from Google, which would have likely acted against the app, according to Forbes.
Common Methods Hackers Use
The social media app may not be the most egregious example of troublesome apps, but it does highlight the need for users to be aware of what they’re installing. Various types of malicious apps and sites can impact mobile phones. Trojan horses, spyware, phishing sites and emails, and processes that run in the background can all impact cellular phones, according to Hacker Combat.
Wandera lists infected applications, malvertising, scams, and direct to device as the main techniques hackers use. Malvertising occurs when malware is embedded into online ads and the malware infects the device once the user clicks on the ad. While it is rare for infected applications to make it on to Apple’s App Store or the Google Play Store, it has happened in the past. Most infected applications are typically distributed through third parties.
Scams can consist of links in emails, pop-up messages with links, or even links within a page that appears to be legitimate. When the message or link is clicked on, the malware downloads on your phone or you’re redirected to a page to capture one of your account’s login information. As hackers have become more sophisticated in their techniques, these pages have come to closely resemble legitimate companies’ pages.
Malware can also sneak in through legitimate apps and web browsers installed on your smartphone. This can include apps like Adobe’s PDF Reader or MS Office apps like Word or Excel. Hackers not only study these apps to find security vulnerabilities, but then write executable files that exploit them to install malware. Security vulnerabilities can also exist within your phone’s operating system, which is one of the reasons why it’s important to install system updates.
How Can I Protect My Phone?
Besides making sure your phone has the latest OS updates installed, there’s a few other steps you can take to protect yourself. Forcepoint lists some general tips, including:
- Keeping all installed apps up to date
- Activating screen lock features with a password, fingerprint or facial recognition options in case your phone becomes lost or stolen
- Use a firewall
- Restrict app downloads to official sources like the Google Play store
- Install anti-malware and mobile security apps
Also, keeping tabs on what permissions you grant various apps and the privacy settings within apps can help. For instance, if you have Google Chrome installed, you can browse in Incognito Mode. When browsing in Incognito Mode, Chrome will not install cookies, save any information you enter into online forms or save a history of what sites you’ve visited.
Other browsing apps like Firefox Focus can automatically block all ad tracking and ads. You can also periodically have the app delete all your cookies, browsing history, and stored passwords through the app’s interface. While most browsers will let you do these same things manually, the process is slightly more tedious as each action needs to be done separately. Most browsers will also let you manually block pop-ups, certain types of content, and certain types of ads in the privacy and security settings.
To help prevent unauthorized access to your accounts, you can set up two-factor authentication. This often requires you to enter another means of verification besides your username and password. A common method is to configure two-factor authentication to send a verification code via text to a mobile phone. However, some apps may allow you to set up fingerprint verification methods as well. The idea is that even if a hacker has your username and password, he or she won’t have access to the verification code or your fingerprint.
You may also want to install a VPN (virtual private network) app and use the service if your phone frequently connects to public networks. A VPN helps keep your device and your internet activity anonymous when using public networks. Some even use a VPN on a private home network since it can provide an additional layer of encryption and security.
As the techniques and methods hackers use continue to achieve new levels of sophistication, the precautions we take to protect ourselves will likely become even more robust. As phishing and social engineering are some of the top ways people are tricked into installing malware or providing sensitive account information, the FTC has published an entire site on the subject. To learn how to recognize phishing, what to do if you suspect you’ve been a victim, and how to report it, you can look at the tips here.
Have questions about apps or your smartphone?
Locate your nearest Viaero Wireless store today! Our team of wireless experts is ready to help, even if you’re not a current Viaero customer!
Tell us about your experience with smartphone security and apps. Share below!