At this point, it's not surprising that apps that are spontaneously installed on our devices use our personal data in a number of ways.
The permissions granted when a user installs an application are responsible for these programs making improper and abusive use of our personal information. The risk increases when we install apps from non-official sources or pirate repositories.
The risk of wanting everything for free
There are really tempting applications that offer a premium version, either because they have so many more functions than the free applications or simply because there is only a for-pay version. As a result, some users go to non-official repositories outside of the App Store or Google Play, thinking that the only difference between the official app and the pirated version is the presence of some advertisements, and that they are obtaining the same functionalities as the pay version… but for free!
However, on the internet, you should follow the same standards as in real life: thinking that we're going to get the exact same thing without paying is a bit foolhardy. A pirated version and an official version of an app are not and cannot be the same. No one gives anything away for free.
The Spanish government agency CERTSI (CERT for Security and Industry) warns that installing cell phone applications of doubtful origin exposes the user to the following risks:
- Subscription to additional rate services, like SMS Premium.
- Following the locations of the device and recording audio or video to monitor the user.
- SMS monitoring from bank services.
- Theft of personal information such as contacts, images, videos or banking data.
- They simulate being useful applications when they're really not, like fake antivirus apps.
- Hijacking the mobile device.
When downloading an app on a site that does not offer guarantees and is outside of the official repositories, the user should follow these principles:
Similar is not the same: just because they look like the official applications does not mean they work the same, or that they provide the same guarantees for our safety.
Financing: if one app is for pay, and another that is practically the same is free, what is the difference? There is a maxim online: when something is free, the price is the user’s personal information.
Controls: official repositories have important requirements when controlling the applications that are stored here. Both Google and Apple control and monitor them to guarantee optimal levels of usability, legitimacy, quality and security. Many of the applications that are discarded in these repositories end up forming part of the alternative channels where anyone can upload an application without any type of filter or control.
Concealed aims: Many of the applications that are on the alternative repositories have only been designed to steal information from users (including banking data) for different purposes. Others https://www.bbva.com/es/proteger-movil-android-ataque-virus-2/ that is capable of activating SMS Premium services behind the user´s back and without them being notified. It is important to remember that many of these apps are just the bait to trap users and obtain benefits from their lack of knowledge in cybersecurity.
Updates: The official applications have periodic updates to improve their performance, especially for security. These updates include patches that resolve the vulnerabilities that are detected, offering a much more robust protection against malware. On the contrary, the pirated or non-official apps do not usually have these improvements, and are much more vulnerable to cyber attacks.
Advice to prevent information theft
To avoid the risks from these questionable apps, follow our recommendations:
- Before downloading an application, always choose those that come from trusted sources and official repositories, like App Store and Google Play. Although they're not 100% free of malware, they have many security mechanisms to keep malicious and insecure apps at bay.
- To avoid downloads that do not come from trusted sources, such as the ones that Android and iOS offer, within their security configurations, there is the possibility of blocking downloading applications of unknown origin.
- Check the permissions that the apps request and decide if they are really justified. If they are excessive, it’s better to opt for the less intrusive option.
- Always analyze the comments and evaluations of each application, both in the applications store and in online forums.
- Before downloading an application that imitates an original, analyze the risks and evaluate whether downloading it is really worthwhile.
- Don’t take downloading lightly. It’s much easier to avoid danger than to find a solution for the consequences.