You just had a flat tire along a dark country road. Luckily, you downloaded a flashlight app into your cellphone and now can put it to use.
But that flashlight, handy as it is, may be just one of many doors you unwittingly opened to let spies take up residence inside your phone.
“Most free flashlight apps are creepware,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cybersecurity.
Creepware is malware that spies on you and your online behavior, and could pass along information to others.
For example, Goldenshores Technologies, the company behind the popular “Brightest Flashlight Free” app for Android phones, agreed in 2013 to settle the Federal Trade Commission’s charges that the software secretly supplied cellphone locations to advertising networks and other third parties.
The problem doesn’t begin and end with flashlight apps, though. Many seemingly innocuous apps that people carry around with them on their mobile devices have the capability to eavesdrop on their activities.
“Consumers trust first and verify never,” Miliefsky says. “As a result, most of their smartphones are infected with malware that they trust in the form of some kind of useful app or game.”
Miliefsky offers these tips for ousting those spies inside the phone:
• First, assume you’ve already been compromised. It’s nice to think all is probably well, but most likely it’s not. Somewhere in the phone the spies are at work and it’s time to take the privacy behaviors and privacy policies of these apps more seriously.
• Verify the behavior and privacy risks for apps before installing them. Do some research and ask the question: “Why does this app need GPS, microphone, webcam, contacts, etc.?” Most apps don’t need these ports unless they want to invade your privacy, Miliefsky says. Find an alternative before installing risky apps.
• Do a smartphone version of spring cleaning. Delete all the apps you don’t use that often. Replace the apps that take advantage of too many of your privacy settings, such as GPS, phone and text-message logs, with similar apps that don’t.
• Turn off WiFi, Bluetooth, Near Field Communication and GPS except when you need them. That way, Miliefsky says, if you are at a local coffee shop or in a shopping mall, no one can spy using nearby (proximity) hacking attack. They also can’t track where you were and where you are going on GPS.
• Check to see if your email has put a tracer on you and your phone. “If you use a Google email account and have an Android phone, you’d be surprised that even with your GPS off, it’s tracking your every move,” Miliefsky says. You need to go into the phone’s settings to turn off that tracking feature, he says. In your Android phone, go to “settings,” then “location.” Select “Google location reporting” and set “location history” to off.
Gary S. Miliefsky is CEO of SnoopWall (www.snoopwall.com) and the inventor of SnoopWall spyware-blocking technology. He is a founding member of the U.S. Department of Homeland Security and serves on the advisory board of MITRE on the CVE Program, and is a founding board member of the National Information Security Group. He’s also the founder of NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented.