Be wary of data-stealing Mobile Apps:
There is a suspicion that Chinese Mobile Device manufacturers might be accessing consumer data from the smart-phones / devices, without user permission and sending it to Chinese servers which is out of Indian jurisdiction. It had recently asked these mobile handset manufacturers to submit compliance reports on safety and security implemented by them to safeguard the information and to allay the fears of consumer sentiments and protect critical data.
It is not just the Mobile device manufactures we have to wary of but also the mobile apps developers. Mobile Apps have been aggressively developing apps which require permissions to access the sensitive information under the garb of assisting their referral programs or better user experience.
Does it imply that we should be raising our guards the moment a device manufacturer or mobile apps developer transfers the sensitive data to a Chinese controlled server? We have to be judicious in our approach and trust plays an important role in matters concerning Privacy. Privacy invariably is protected by the law of the land, but hard evidence is required before we can conclude that the law has been broken.
Malicious mobile apps have been stealing sensitive data from the devices and storing them on servers, however very recently, researchers discovered a Chinese App for Smartphones, siphoning off with sensitive user data and storing them on private servers. The app in question is the “DU Antivirus Security”, it collected the personal information about its users viz. unique identifiers, contact lists and call logs which was then relayed to two different servers, with one of them belonging to an employee of Baidu. The data was reused commercially by their sister app “Caller ID & Call Block – DU Caller” and as the name suggests is related to providing Caller ID Information.
It’s a long known fact that mobile apps developers have access to user data, furthermore, they use this data for developing and building services, but how much of this is shared with Third-Party is never known unless they suffer some kind of breach or someone stumbles upon it. The third party could be Governments or Advertisement Networks, one cannot be simply sure of this back-door alliance.
It is imperative for all the Governments to wake up to the fact that it’s not just the Device manufactures but also the App Developers who may siphon off the much coveted Citizen’s Personal Information. They also need to introspect about the data being accessed by rogue governments and is the most worrying factor which has had everyone on tenterhooks.
Read More – Blog eScan