Fraud Alert: Mobile Apps Are Watching, Recording you!
The antivirus app installed on your mobile device is expected to protect you, right? But what if the same app is also handing over your browser history to a major marketing company? In January 2020, PC magazine found out that user data was being shared between Avast and its subsidiary Jumpshot. Avast terminated its agreement with Jumpshot shortly after that. But mind you, Avast is just one of the examples of mobile apps that may be listening and recording you and sharing or selling the data to a third party. 
Taking cognisance of the issue, mobile makers like Apple and Samsung (to name a few) come out with indicators or coloured dots in the notification bars which tell you if your app is using your camera or mic with or without your knowledge. For example, when you open an app with access to a mobile camera, a green dot will become visible at the top right corner of the notification bar. 
However, this only helps you identify the fact that you are being spied on or your conversations listened to. Is it illegal? It is possible that you may have been duped into granting permission through the endless fine print in the app agreements that nobody ever reads.  
In fact, almost all apps, especially the popular ones, ask for blanket permission. For example, 'bigbasket: Grocery App' collects data about user location, app activity, device or other IDs (!), financial information (user payment information) and personal information, including name, email ID, user ID, address and mobile number. It shares location, personal information, app activity, device or other IDs, financial info and name and user IDs with third parties. All with your consent! 
In case you deny it permission to access the data, the app simply won't work!
Another example is 'Blinkit: Grocery in 10 minutes'. This app collects all the info that bigbasket collects, but it also accesses files and docs, photos and videos, and voice and sound recordings from your device! It says the additional data collection points are 'optional'. Unfortunately, most users simply do not check privacy and security features to find out what data is collected from their phones and what is done with it. 
'Blinkit: Grocery in 10 minutes' says it collects data from photos and videos for "app functionality, fraud prevention, security and compliance." Seriously? How will accessing personal photos and videos of the user help prevent fraud or help with security and compliance? 
Did you know that the voice mode on OpenAI's ChatGPT mobile app runs automatically in the background, even when the app is closed? The app's new feature, 'background conversations', while saying that it 'enhances user convenience', also raises privacy concerns. This feature allows continuous interaction with the app even when the user is not using it or is using other apps. You can, however, turn off 'background conversations' from the settings if you are conscious of these issues.
According to Block Telegraph, an average smartphone owner uses 10 apps per day and 30 apps each month, so the potential for data collection is vast, and 60% of apps collect data to track users or their devices and share this data across different apps, advertising networks, and companies.
This is true of several apps available on Apple's App Store or Google Play Store. Apple, at least, follows strict norms and scrutinises apps before allowing them on board. On the other hand, given the massive number of apps on its Play Store, it would be very difficult for Google to verify and scrutinise each app with regard to data privacy norms and user safety. The result? Plenty of apps seek blanket permissions to access all functions.
A simple app like a flashlight (not many use it due to the built-in torch feature of smartphones) seeks as many as 25 permissions, on average, that are not even related to its actual use. The majority of free apps seek several permissions right at installation and then monetise your data by showing advertisements or sharing the user's personal data with third parties. 
Applications can request permissions to access data or features on devices they need to function properly. For example, the flashlight application needs access to the phone's flash to use it as a flashlight. However, many such applications seek far more permissions than they actually need. 
Remember, any mobile app seeking needless permissions to access data is dangerous and can potentially harm you financially or through misuse of your personal data, thus violating user privacy. 
Unfortunately, most users are quick and eager to download apps even for things they may use only very rarely. A very small number of phone users are even aware of privacy issues, the misuse of data, or that they can control what data can be accessed by apps, to some extent.  
I have also come across naïve users who justify their lack of concern by saying, "I have nothing to hide, so why should I not grant these permissions?" Such 'lazy' reasoning shows complete ignorance of the interconnected and greedy digital world that observes no boundaries. 
Apps sometimes request outlandish permissions, but that does not mean they will necessarily carry out malicious activities. However, permissions sought and granted by users to mobile apps are a grey area. For instance, some apps may not work correctly even if a single permission is denied. This needs regulatory attention.
Sometimes, developers who develop 'free' apps integrate software development kits (SDKs) into their code to earn money from advertisers. It allows these SDKs to target users with ads, and thus, the apps request or need countless permissions.
A few years ago, Facebook and Twitter (now X) admitted that the data of hundreds of their users was improperly accessed by some third-party apps on Google Play Store. Security experts found that the SDKs of two apps, 'One Audience' and 'Mobiburn', were leaking users' personal data when they used Facebook and Twitter. 
So, what should you do?
1. Before installing any mobile app, make it a habit to read about the app and its reviews. Notice if reviewers comment on whether or not the app does what it says it will do.  
2. Check the permissions that the app needs. Granting incorrect permissions can send sensitive data to cybercriminals, including information such as contacts stored on the device, media files and insights into personal chats. 
3. Do read the privacy policies and terms and conditions of the app, as mentioned by the developer.
4. Never use any third-party app to carry out critical tasks. If you must use a third-party app for anything on your mobile, check all the permissions required by the app. If you are not comfortable with the third-party app seeking unnecessary permissions, such as the Torch app seeking access to contacts, then do not install the app.
5. If you have already installed such a third-party app, remove it for accessing unnecessary data or information and features, like using a data network, Wi-Fi or Bluetooth. 
6. Do not install any app you may have downloaded or received other than from the authentic or official app store.
7. Install a trustworthy antivirus app which acts as a safety net and can identify apps infected with adware or malware. 
4 weeks ago
Several so-called genuine Apps make it imperative to share the location data if you want to use the App. All the payment Apps without exception seek the personal data. There must be a clear regulation to classify the Apps and the data limitations for each App legally to protect the user. Most Newspapers ask us to subscribe through Mobile app and they are not comfortable delivering it on mail. Regulation is imperative for the use of rather the indiscriminate use of AI. Several Newspapers also invariably dish out the data of the markets presuming that everyone markets in shares. All this data that comes to mobile clearly eats into the storage space. We can't keep on clearing the unnecessary data every day or even numbe of times a day if we subscribe to two or three financial dailies and two or three news dailies. When we subscribe through the site they ask invariably the mobile number without which the subscription is not cleared. Then, you have a hell of it.
Fraud Alert: Scammers Playing Longer 'Pig Butchering' Games
Yogesh Sapkale, 31 May 2024
Mumbai-based Shishir Kumar (name changed), a retired director of a public sector unit (PSU), wanted to dabble in online trading. By clicking a link on a Facebook ad, he was added to a WhatsApp group. He was also 'trained' by experts...
Fraud Alert: Beware! YouTube Is the New, Popular Playground for Scammers
Yogesh Sapkale, 24 May 2024
Everybody loves watching videos. You click on an exciting video shared by someone or find it on YouTube. The video seems legitimate, featuring a well-known personality and good production quality. You think, why not watch and check it...
Fraud Alert: 84% of Influencers Fall Victim to Deepfake
Yogesh Sapkale, 17 May 2024
Last month, after his deepfake video went viral on the internet, criticising prime minister Narendra Modi over unemployment and inflation, Bollywood actor Ranveer Singh reacted by saying, ''Deepfake se bacho dostonnnn". He is not the...
Free Helpline
Legal Credit