What’s easier than downloading a convenient app or joining another social media site when the price is listed as free? We’ve all done it and likely enjoyed the app. But nothing is truly free. If you can’t tell where an app is getting its revenue from, then you’re probably the product they’re selling. Free apps come with consequences.
Read the Terms and Conditions
It’s important to know when your information is being passed from company to company, but many times those details are deep in a mass of text in the software’s terms and conditions. And companies know you don’t read the terms and conditions.
Over the years, tongue-in-cheek clauses have been placed in terms and conditions as jokes to prove how little people read them. These include examples like requiring users to hand over their first-born child or give the company their soul. One company even rewarded $10,000 to a woman who found a line hidden in their terms and conditions as emphasis of their importance.
Since you can’t change the terms and conditions to your liking, it’s simpler for the vast majority of users to just click accept and move on so you can use the app. Those terms and conditions can grant far more permissions than you expect, though, including the collection and sale of your data. This happens more than you can imagine and in apps or websites you might not even consider.
Once your data is sold, it’s out of your control.
What’s Really Free?
Companies that offer free apps or games, especially those without advertising, are most likely in the business of selling your personal information. Even those that do have advertising (selling your attention) may also sell your data. Facebook and Instagram are prime examples of that. The amount of data collected by these sites is staggering. It’s not only used for internal marketing, but also sold off to third parties.
According to a study performed by pCloud, “Instagram shares 79% of your data including browsing history and personal information with others online.”
But it’s not just the big companies that take advantage of your data. Ever wonder why a puzzle game needs access to make and receive phone calls? Or a flashlight app requests permissions for your internal storage? They want that golden data. You are far more profitable to them than the app or game you downloaded for free.
Have more questions about mobile device security best practices? Read on!
Data Sharing Is Bad, Malware Is Worse
Far more dangerous to you and your business are apps that include hidden code that can infect your mobile device with malware or spyware. Free—and sometimes useful or popular—apps can be fronts for installing malware or spyware onto your phone. The app itself may be functional so as not to expose what’s going on behind the scenes.
Once on your mobile device, this malicious software can do all sorts of things without you even knowing, such as
- Data Harvesting: Any data on your phone or tablet can be accessed, copied, and sent to the cybercriminals to be sold or used for identity theft.
- Ransomware: Mobile devices aren’t safe from the growing threat of ransomware, and malicious code in an app can trigger a complete lockdown of your phone until you pay the ransom.
- Monitoring: Just because you’re not using your camera or microphone doesn’t mean they’re not on. Meetings, conversations, and even images of your environment could be recorded and sent to cybercriminals. If you work with sensitive or confidential information, that could very well mean a nightmare of a regulation violation.
- Credential Theft: No matter how good the security on a website is, keyboard recording could reveal all your usernames and passwords and their associated sites.
People like free things, and cybercriminals have taken advantage of that to infiltrate your devices any way they can.
What Can You Do to Combat the Consequences?
It may feel hopeless to try to keep up with all the sneaky tactics used to collect or steal your data through the numerous free apps, but there are a few things you can do to reduce the risk to your data.
- Read the terms and conditions for free apps. It’s a bit of a hassle, but checking out what permissions they have to collect and sell your private data can save you a headache later on.
- Don’t download apps you don’t need. The app may seem fun for a while, but if you’re not going to use it often, do you really need it?
- Delete apps you aren’t using. If that app has become just another icon on your screen, delete it from your phone. Don’t let them continue to collect your data if you’re not even using it.
- Download from reputable developers. Sometimes it’s good to stick with known names. They may want to collect your data, but at least there’s less chance of malicious infection.
- Research developers you don’t know. If you really want that free app, do a quick search of the developer. Are they a legitimate company? Do they have a history of bad behavior? Are there warnings of scams associated with the app or developer?
And, most importantly,
6. Don’t give permissions that don’t make sense! If an app will never take pictures or record audio, don’t let it have access to your camera or microphone. If it’s a game app, don’t give it access to make and receive calls.
If the app can’t justify the permissions it’s asking for, don’t give it access. Some apps are made so that you must accept all permissions in order to use the app at all, but in those cases, is the risk worth the reward? It’s better to find a different app—one that asks for only the permissions it needs to function.
Business Devices Mean Business Security
While all the above advice is good for anyone, extra caution should be taken with business devices when it comes to the apps they allow. This includes devices that are for both business and personal use. Being less than vigilant could lead to serious problems down the line.
Free vs Enterprise-Level Apps
Businesses always want to remain frugal when they can, but there are some things you should never skimp on. The free version of a malware scanning app may seem like an easy way to protect your device without adding too many expenses, but the free version can never measure up to the enterprise-level paid version. Avoid cutting corners on apps needed for business. The last thing you need is your business device infected or spying on you.
When it comes to devices used solely for business, make sure that employees can only download authorized apps. A work phone shouldn’t have random apps not necessary for completing work, which could compromise your data. The best protection for work-only devices is not to have any more apps than necessary. That way you know that your devices are secure.
Things get murky when your employees use BYOD (bring your own device) for both business and their personal life. You want all devices that connect to your IT systems to be rigorously protected, but you also can’t police your employees’ personal phones too much.
In this case, you want to do a cost/benefit analysis about what kind of access employees have through their device and what you’re willing to do to secure their phones. This may mean not allowing specific untrustworthy apps from being downloaded, providing and enforcing enterprise-level encryption and antivirus/anti-malware , or limiting access from dual-use devices to simple data that can be separated from the rest of your IT systems (i.e., email).
Don’t let the lure of “free” blind you to the risks an app has to your business. You’ve worked hard to build a successful company, now protect it—even if it costs a bit more.
Doing a bit of research beforehand can protect your data and save you a headache in the future. If you’re not careful, free can cost you and your business dearly.
Need some help developing a mobile device policy, or clearing “free” apps from your systems?