While the use of apps on mobile devices is certainly a convenient and often entertaining way to engage with cyberspace, there have always been dangers associated with them. From apps that are actually used to spy on their users, to apps that can be utilized to create a botnet zombie in the Internet of Things, there is always an inherent risk. It is this point that Kaspersky Lab researchers were able to highlight in a recent discovery that should cause app developers to raise the alarm. As reported by Kaspersky’s blog Threatpost, Roman Unuchek of Kaspersky Lab introduced research at the RSA Conference that indicates millions of apps are leaking private data. The cause of this is due to app developers not “protecting ad-targeting data transmitted to third-party advertisers.”
Unuchek described the issue in depth as follows:
The scale of what we first thought was just specific cases of careless application design is overwhelming… millions of applications include third-party SDKs, exposing private data that can be easily intercepted and modified — leading to malware infections, blackmail, and other highly effective attack vectors on your devices.
A lot of these issues stem from, if I may put it bluntly, laziness on the part of app developers. The Software Development Kits being employed are predefined, reused, and connected insecurely to highly popular advertising networks. While these SDKs save time, they ultimately show many flaws that “send unprotected user-profile data between the app and the advertisers’ servers” over HTTP. HTTP is phased out in many places on the Internet for the simple reason that it is easy for cybercriminals to collect data via man-in-the-middle attacks through the protocol.
With roughly 4 million APKs discovered to be leaking private data to the Internet, it is imperative that app developers be proactive in making more secure products. To protect yourself in the meantime, Roman Unuchek recommended limiting unnecessary app permissions and also using a VPN.
Photo credit: Flickr / Blogtrepreneur
