In the mobile app world, when hackers want access to personal information, they need simply ask.
This is one of several key findings Symantec Corp. released today as part of the company’s “Mobile App Security” study. Conducted during a two-week period in October, the study surveyed more than 6,000 smartphone users in Canada and the U.S., as well as other regions such as Australia, Brazil, Germany, Italy, Spain, Japan, and the U.K. The study found that many are willing to forego privacy in exchange for free entertainment.
There’s a disconnect between how people understand physical and digital privacy, according to James Nguyen, product manager of mobile applications at Symantec. He cited one example where someone who may not want to take a personal document on the road – such as a birth certificate – would instead take a picture of it, and will have granted apps permission to access photos on their device.
“You would never let anybody go through your front door, go directly into your house and try to find this information, but in app form, you’re willing to download it, they have to ask you for it, and you don’t think twice about hitting ‘next’,” said Nguyen.
Symantec is hoping to change this by leveraging its Norton Mobile Security platform to help question the necessity of app permissions, and analyse app behaviour in real time. The company has implemented what it calls the “App Advisor” functionality to pre-emptively scan apps for privacy issues and alert users prior to the download process or, once downloaded, block intrusive behaviour, battery drain, data usage, spam and phishing attempts.
The new feature to Norton Mobile Security builds upon Norton Mobile Insight, a database of millions of apps that Symantec has analysed across 200 app stores to determine potential security risks.
“When you download an app, the term ‘free’ rarely comes without a cost,” Nguyen told CDN, adding that for developers, especially small ones who can’t monetize their apps, collecting and selling personal information often becomes their only means of income.
According to the survey, those worried about getting a virus or malware are also more willing to allow free apps to access sensitive device functions and personal information, while 94 per cent of consumers were not worried about fitness and health data being shared, which can be used to build individual profiles.
Canadians are also 10 per cent more likely than the global average to play games on their smartphones, which Symantec identified as at highest risk for privacy breaches.
“Most people say they do care about security, privacy leakage, in actuality what we’re seeing is that … people are really willing to allow collection of their information,” said Nguyen.
Despite certain developers – including Facebook for its Messenger app – coming under fire recently for increasingly ubiquitous data collection, and while services like Google Play becoming more transparent in displaying permission requests, Nguyen says that there needs to be more awareness about the implications of hitting ‘Ok’ for big and small apps alike.
“It’s good for users to sit there and think for minute and say ‘hey, is it really necessary for those apps to get this information and worth the trade off?” Nguyen said. “That’s a healthy question to ask.”
Related Stories
Canadians are also 10 per cent likely than the global average to play games on their smartphones, which Symantec identified as at highest risk for privacy breaches.” So is this ten percent more likely? Less likely?
Don’t know. That is what I want to know. You know?
Hi Joey,
It’s more likely. That was a typo. Thanks for catching it.
Smart phones are for suckers. You’re being tracked and exploited far more than this article alludes to and in Canada anyways, we pay dearly for that abuse.
… you are smart Betty, because it really IS a “Sucker’s game”…:-)
Symantec is the anti christ of security at one time Norton was an amazing product before symantec bought it started putting in their own spy ware and hidden programs piggy backing on Nortons good name.
youre an idiot, symantec’s owned norton from day one.
No they merged early on but both were distinct companies
No, you’re an idiot because you want to look good at the expense of someone else while not being intelligent enough to understand the main point of the message. Plus you are incorrect. Norton had a line of products out that was fantastic and very reputable. Peter Norton and his company were thought of very highly. Although technically Symantec started working on an antivirus software one year before officially merging with Norton, both companies were involved in developing Norton antivirus. In fact, 2/3 of the employees and Norton then worked at Symantec. Peter Norton got 1/3 of all Symantec shares hence owning an enormous amount of the company. Due to the great reputation of Norton and its people working on it, it’s name was used for the product. In fact, all that software was put under a Symantec division called the Peter Norton Computing Group. Unfortunately, Peter Norton was less and less involved and it became slimy. So, as I say, it’s you who is the idiot!
That’s why they are called SMART phones, because they are often “smarter” than their user, lol.
The question is, what do they do with this information?
A more viable solution, would be to force those who write the Smart Phone OS to secure OUR information. Disallow access to any of our information and/or provide us a means to enter information that we allow to be shared. Any app that wishes to access anything other than what we allow will be denied access by default. We (dumb users) cannot bypass the security and neither can the apps.