Be careful of permissions given to third-party apps on smartphones, warn experts

Team Udayavani, Mar 25, 2018, 12:34 PM IST

New Delhi: It’s not just social media platforms that could be stealing your data. Security experts have warned users to be cautious about the level of access they provide to third-party apps on smartphones as they run the risk of handing over their sensitive personal information to cyber crooks.

Users across the world this week were rocked by revelations that Cambridge Analytica, a data firm with ties to US President Donald Trump’s 2016 campaign, had accessed personal data of 50 million Facebook users without their knowledge.

A massive uproar across countries and #DeleteFacebook trending on Twitter forced Facebook CEO Mark Zuckerberg to apologise for the “major breach of trust” and he vowed to take steps to protect user data. Altaf Halde, Global Business Head of Network Intelligence, told PTI that users should not only be concerned about security on social media platforms but also the kind of access they provide to third-party apps on their smartphones.

Citing an example, he said many games ask users for permission to access their contact list or read text messages. “The game has no use of accessing my address book. Often users won’t think too much of it and provide access. But this can have repercussions,” he warned.

He added that apart from strengthening cyber laws in the country, the Indian government also needs to implement a “public bug bounty programme” and reward researchers who find issues, especially with the focus they have on digitising the country.

“The Facebook incident is a lesson for all of us when it comes to being cyber safe. We don’t realise how grave a threat is until we experience its consequences… if a tech giant like Facebook is vulnerable to such data breaches, then how can we ensure that our personal data is not being misused by the cybercriminals? At the time of stepping into digitalisation, we can’t afford to be vulnerable,” Shrenik Bhayani, General Manager at Kaspersky Lab (South Asia), said.

Industry watchers say that incidents like that at Facebook are not the first and certainly would not be the last. “This is not the first time that a data breach has happened and certainly not the last time. It is very important that governments and private players give the due importance to the data they have of citizens and take appropriate steps to protect it,” another expert said.

Frost & Sullivan Industry Analyst Digital Transformation (ICT) Practice Rajarshi Dhar said given the large consumer base in India, it becomes an attractive destination for third-party app developers, marketers and data harvesters.

“Users should put in minimum personal information on their account profiles that could be used by these data scraping apps… For the sake of getting more hits, likes or shares, users should not take a chance and reveal a lot of personal data,” he added.

A cyber security executive pointed out that while large enterprises may have robust security in place, they need to undertake vendor risk assessment to ensure that there is compliance at the partners’ end as well.