Pokemon No’—Mobile apps put personal information at risk

Apps that access users’ data leave some more worried than others, survey finds

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Poke­mon Go” lets you catch ’em all. But it demands as much.

The mas­sive­ly pop­u­lar game app, cre­at­ed by Niantic Inc., has come under fire for its strin­gent terms of ser­vice. It con­sid­ers users’ per­son­al infor­ma­tion it col­lects “to be a busi­ness asset” that can be trans­ferred to a third party.

Beyond loca­tion infor­ma­tion, it also wants access to your Google Play billing account, have the abil­i­ty to delete the con­tent of USB stor­age, and gen­er­al­ly have full net­work access. You also are required to go through arbi­tra­tion in a legal dis­pute unless you sub­mit an opt-out request via snail mail.

test id pie2 mortarBut a major­i­ty of users may not care, accord­ing to a new IDT911 sur­vey. (Full dis­clo­sure: IDT911 spon­sors ThirdCertainty.)

Some risk accepted

A large swath of the mobile pop­u­la­tion is now accus­tomed to the price you pay—privacy and per­son­al information—for the con­ve­nience and fun of smart­phones. Con­sumers’ height­ened knowl­edge and grow­ing com­fort with the ins-and-outs of smart­phone set­tings also may be dri­ving users to low­er their guard about apps’ encroachment.

Accord­ing to IDT911’s sur­vey, 56.4 per­cent of U.S. mobile users say their atti­tudes about mobile data access will not be affect­ed by the “Poke­mon Go” phe­nom­e­non. That includes 40 per­cent who said they already are cau­tious about allow­ing access to data via mobile apps, and anoth­er 16 per­cent who are not wor­ried about allow­ing access.

The sur­vey asked a sim­ple ques­tion: “ ‘Poke­mon Go’ exposed users to pri­va­cy risks due to how much data the app accessed on phones. How do you feel about mobile apps that access data/other apps?”

The ques­tion was posed to 3,037 adults and gen­er­at­ed 2,014 respons­es, a 66.3 per­cent response rate. The sur­vey was weight­ed against the U.S. Cen­sus Bureau Cur­rent Pop­u­la­tion Sur­vey for age, gen­der and region of the U.S. to be rep­re­sen­ta­tive of the population.

Dan­ger? What danger?

A major­i­ty of the survey’s respon­dents seemed non­plussed by mobile secu­ri­ty chal­lenges, but many may not be ful­ly aware of new lay­ers of scams emerg­ing to exploit the app’s surge. The fact that the app is avail­able only in the Unit­ed States, New Zealand and Aus­tralia also has opened a door to scam­mers look­ing to exploit the demands of Poke­mon fans in oth­er countries.

Adam Levin, chairman and co-founder of Credit.com and IDT911
Adam Levin, chair­man and co-founder of Credit.com and IDT911

Imag­ine for a moment how much more secure our iden­ti­ties could be if we ded­i­cat­ed the same amount of time and effort to mit­i­gat­ing pri­va­cy risks as we do search­ing for a rare Poke­mon,” says Adam Levin, chair­man and founder of IDT911, and author of Swiped: How to Pro­tect Your­self in a World Full of Scam­mers, Phish­ers, and Iden­ti­ty Thieves.

Eager Poke­mon fans who are will­ing to look beyond autho­rized sources can stum­ble upon clone apps—including some that are infect­ed. An altered and infect­ed “Poke­mon Go” app, with a remote access tool called “Droid­Jack,” has been found in online stor­age ser­vices, though it’s not in the Google Play store. Once down­loaded, the mal­ware enables scam­mers to access users’ per­son­al information.

The inter­net also is rife with tuto­r­i­al soft­ware and oth­er “help­ful” appli­ca­tions for “Poke­mon Go” fans, which also can be sources of mal­ware. Such tuto­ri­als typ­i­cal­ly are APK files, which are apps in the for­mat used for the Android oper­at­ing sys­tem. In try­ing to side­load APK files, users would have to mod­i­fy their phone’s secu­ri­ty set­tings, thus mak­ing them more vul­ner­a­ble to mali­cious codes.

sh_pokemon_pikachu ‘Poke­mon Go,’ albeit a mas­sive suc­cess and the cur­rent ‘it’ game, is just the newest fla­vor of the month in the con­tin­u­al­ly evolv­ing sweet shop we call app stores,” Levin said. “From clone apps that infect devices with mal­ware to third par­ty-enabled key­boards like Bit­mo­ji that have the pow­er to record user key­strokes, con­sumers are enthu­si­as­ti­cal­ly per­mit­ting unfet­tered access to their high­ly sen­si­tive data in exchange for reach­ing the next lev­el, uncov­er­ing the newest clue, or obtain­ing an addi­tion­al pow­er sup­ply for their favorite vir­tu­al character.”

Cau­tion comes with age

The sur­vey also found that users’ wari­ness about mobile secu­ri­ty height­ens with age. More than a third (34.4 per­cent) of mil­len­ni­als, or 18- to 24-year-olds, said they were not wor­ried about allow­ing mobile app data access. Only 7 per­cent of the 55- 64-year-olds said the same.

More than 65 per­cent of mil­len­ni­als said they either already are cau­tious about mobile app data access or are not wor­ried about allow­ing access. The per­cent­age drops to 59.7 per­cent for the 25- to 34-year-old set, and about 55 per­cent for the 55- to 64-year-olds.

Men were less con­cerned than women. Near­ly 19 per­cent of men said they’re not wor­ried about allow­ing access ver­sus 13.9 per­cent for women.

Still, there’s evi­dence to show that con­sumers are aware of the price they pay for smart­phone usage. More than a third (39 per­cent) say they will be more cau­tious when it comes to allow­ing apps to access their data. One in five (22 per­cent) say they are much less like­ly to give apps per­mis­sion due to pri­va­cy risks.

Every time a data-seek­ing app goes into craze phase, and invari­ably pri­va­cy and secu­ri­ty issues bub­ble to the sur­face, it pro­vides us with a crit­i­cal oppor­tu­ni­ty to edu­cate mobile users on how to best pro­tect them­selves and avoid being the ones caught,” Levin said.

Read more sto­ries about apps and mobile security:
Threat of ran­somware grow­ing for mobile phones

As mobile bank­ing explodes, finan­cial insti­tu­tions beef up app security
Emerg­ing expo­sure: Ris­ing use of cloud apps cre­ates data leak­age pathways


Posted in Data Privacy, Data Security, Featured Story