Norton UK Blog
How to stop your phone from pulling a James Bond and spying on you
When you hear about spies you might think of the super slick James Bond and one of his many catchphrases. We’re usually pretty relaxed about installing apps on our phones but did you know that your phone could be hijacked and taken over by a spy?
Shaken not stirred, right?
We’re hearing more and more about the security and privacy risks involved with installing apps on our phones. The permissions asked for by some apps have nothing to do with their function – why does a flashlight need access to your contact list?
So what exactly are apps up to?
Who’s listening in?
You may think that apps downloaded from third party sites are the ones invading your privacy, but the Play and the App Stores are no safe haven.
One of the most famous app games ever, the innocent Angry Birds, has actually been used by the US National Security Agency (NSA) to collect your data unknowingly. In fact, The Guardian, The New York Times and ProPublica have all reported that documents provided by Edward Snowden, former NSA contractor, showed that the NSA and Britain's GCHQ collected data from many popular apps.
How do they get this data? Are they breaking into my phone?
It’s not actually as vicious an attack on your personal phone as you would think; the answer is so simple you’re probably in for a major face-palm.
The data transmitted to and from your phone is largely beamed across open radio channels. This means that all anyone has to do to collect the info being passed around is to switch on a receiver (so basically just put a cup up against the wall and listen in).
Warnings about this open access to networks have been given by security experts for years.
However, in addition to the large quantities of personal data being transmitted across the open networks by these oh-so-innocent apps, there are other tricks to get your data. Some companies were reportedly receiving even more intrusive information about users, such as a person’s marital status, religion and even their sexual orientation. But where were they gathering this information from?
The data was gathered by third-party advertising networks that placed ads within the apps.
So it’s not only the app itself you need to watch out for but the ads that are displayed within them.
How do apps get your personal information?
There are two standard ways that the apps themselves access your data. The first is the invasive method of rooting your device. The second method is, well, asking you for it. Yep, you give them the ‘permission’ to access certain parts of your phone.
Rooting a device is quite technical and invasive. It can be done by anyone with a bit of tech knowledge (but it will void your warranty). If an app manages to root your device it can completely take over the operating system of your phone.
Generally, if an app wants access to anywhere on your phone, such as your contacts list or camera, it must be given the permission to do so. But if your phone has been rooted then the app can do whatever it wants. It can access any location and file on your phone from which it can gather data, without your knowledge.
Sneaky, isn’t it?
Permission based access
As we’ve mentioned already, the simplest way for an app to get to your personal data is by asking you for permission upon download. For example, if you download an app for your camera it will ask for permission to access your camera (kind of a no-brainer). But then it might also ask you for access to your call log and contact list.
That’s a good sign that it might collect unnecessary data from your device.
The app may not take immediate advantage of these permissions as it might not have a use for them. But then, one day, an update gets rolled out. You download the update and suddenly the app begins to collect information on all your contacts, sells that info to interested parties (usually advertisers) who then use the data to push ads on to your device.
Before you know it your device has turned into an information machine for someone else. All of the data on your phone is worth something to somebody – your contact list, your location, who you are emailing, who you are calling.
How to stop apps stealing your data
Have you heard enough? Are you ready to protect your phone from these malicious apps?
Below are some tips to prevent and stop apps from collecting unnecessary information. Some are common sense, some you may not have thought of.
For some top quality protection look even further down for apps that will aid in your privacy protection. (Yes, ironic, we know!)
So, here’s what to do:
Learn to say no
Before downloading an app, read the permissions it asks for. If it wants far more access than common sense dictates then consider it suspicious and do not download it. When in doubt, leave it out.
It’s also good to read reviews on the app before downloading it as other people may complain about issues that will affect you.
When playing games, disconnect from the internet
This includes both mobile data and Wi-Fi. The majority of games don’t need the internet to run, but the ads do. To stop ads coming through and taking your data, switch your phone to airplane mode.
This will cut all network connections to your phone and may even give the added bonus of increased speed due to less processing work for your phone.
Disable Wi-Fi, GPS and geolocation when not in use
Wi-Fi, GPS and geolocation can be used to accurately determine your location, right down to a meter of where you’re standing. Only use them when needed, otherwise keep them turned off. This might involve going into each app that provides this option and switching the geolocation off yourself.
Ditch the smartphone
Yes you read that correctly. If you’re worried enough about your security you can always choose to head back to the good old days of technology and get a non-smartphone: a phone that only handles basic tasks like calling and texting. No cameras. No internet. You might get the classic noughties game Snake if you can dig out an old Nokia – so that’s a bonus!
It’s going to be much harder for someone to take your data if they can’t connect with you, beyond physically stealing it.
Apps to protect your phone
Snoopwall’s approach to protection is more stealth than sheer defence. They refer to it as “Cloaking Technology”, which means they make your app invisible to malware and cybercriminals.
Their Snoopwall Privacy Protection app has the following features:
• Audit apps for risk of spying or data theft capabilities.
• Finds all the apps with the ability to spy on you.
• Discovers vulnerabilities your antivirus software may have missed.
• Shows you which apps use your camera, Bluetooth, GPS, Wi-Fi, NFC, microphone and more.
• Works alongside your existing antivirus, firewall or other mobile security software.
They also have a Privacy Flashlight app. Due to other flashlight apps consistently asking for intrusive information they decided to make their own version for your benefit.
Open Whisper Systems
Open Whisper Systems offer two top quality apps for private messaging and private calling, TextSecure and RedPhone. The apps don’t access any of the content in your texts or calls, but encrypts them instead. Encrypting messages scrambles them to anyone trying to look at them without your permission.
All of the data encryption for your messages is done and stored on your device alone. You can even add an extra layer of protection if you have a password turned on. While encrypting your texts and calls are really only needed if you’re sending info you absolutely don’t want anyone else seeing, it is an option!
Check out the Open Whispers website for more details on these two apps.
Norton Security and Antivirus
Packed with free and premium features, Norton Security and Antivirus is the perfect app to keep your phone safe.
• Protection – keep your phone safe from viruses.
• Security – SMS to remotely lock a lost or stolen phone.
• Antivirus protection – remove apps that have malware.
The premium version of the app is super robust and comes with full antivirus protection, a range of security features, the ability to lock apps and your device, a scream alarm if it goes missing (trust us, it really does scream!), a device locator, and the ability to block unwanted calls and texts.
Sure what more could you want?
Use it with Snoopwall and no one is getting anywhere near your data anytime soon!
For more great advice, tools, and tips to keep you and your family safe, check out more of our blogs and our antivirus software. For news on all things tech and online security, come follow us on Facebook and Twitter.