Internet security & privacy 101 for apps

Know thy apps

Social media and mobile app vetting has been at the top of my list of pet peeves in Internet security and privacy for the past few years now. For the most part — I am angry that too many apps find their way onto the Internet from companies and developers that do not provide company and developer information, including full names of the developers and the geographical location of their company. I feel that before I use any app that I should be able to:

  • Verify that a company is legitimate and reputable
    • Has a physical location that I can find on Google maps
    • Has employees that I can locate on LinkedIn
    • Has a valid website that is not masked behind a privacy shield
    • Has a state business license
  • Review a site privacy policy that lists:
    • Who is collecting the data
    • How the data will be used
    • Who is receiving the data
    • Who the data is shared with
  • Review an app privacy policy
    • What purpose(s) the app is collecting data for
    • The kinds of personal data collected
    • Who the data is shared with
    • What permissions the app uses
    • Include the company site name and address
  • Have knowledge of the company/App developer reputation
  • Get app reviews from trusted and reliable sources

There are exceptions to the list above; such as a developer who works from home. I’ve known developers who have great coding reputations and app reviews, who do not work for a company and are self-employed.

Crap apps skinny-down

I was ecstatic earlier this year when 60,000 crappy apps was booted from Google Play. It was awesome to see the crap app population decrease. This still does not resolve app security and privacy issues though. I see situations of app-laxness as a top-down problem. The problem always begins with a company, or its developers, or both. For example: If Facebook or the app store allow crappy apps to proliferate their inventory, it is up to the rest of us to out the bad apps. If we can’t initially validate an app via a company or it’s developers, don’t download that app.

Internet Responsibility

I have an internal rule that tells me to never litter because it is bad for the environment and aesthetically displeasing. I also have an external rule that states that I will be fined if I litter. I now know that litter can pollute the environment, ugly it up, and that there is the possibility of monetary consequences if I choose to litter. What does my litter analogy have to do with crap apps?

If I download a crap app I could be exposing myself to potential privacy and security violations. This app could potentially mess with my device operating system (OS) and perhaps put an excessive drain on my battery too. It could also put my contacts at risk. If it is a spammy app, it could litter social media platforms and compel my connections to overshare. Overall, by downloading this crap app — from some unknown company/developer, I have opened myself and my social media connections to the possibility of who-knows-what.

Why I won’t promote unknown apps

If I do not know your company or the developers, and I can’t verify your company or the developers online — why would I promote your app? I’ve known plenty of awesome social media gurus and it is extremely rare for me to promote any of their products either. Just because I perform certain roles in social media with my consulting business, does not imply that I am into-that-markety-marketing-stuff. My reputation relies upon choosing quality over quantity; opting for honesty over financial gain; outing social engineering tactics, Darkhat affiliate marketers, malware distributers, etc —and all those who take advantage of the digital matrix to further their own financial gains.

Want the short-winded version of no?

When I am asked on a social media platform such as twitter to retweet something  — I am placing my online reputation behind that specific retweet. I do not retweet blindly. I first look at how I am connected to the account that wants me to retweet their tweet. If they are a known, and a horde of my followers follow them, and my followers also retweet them  — it is very likely that I will retweet them. So, when I am asked to retweet a blog post about a new email app that is not out yet — the answer is no. When I can’t get a straight answer (actually, no answer) on where the company that is developing the app is located, that sets up huge warning flags in my brain.

Internet security: My followers know why they follow me

Since early 2009, I’ve been big on Internet security — specifically how it pertains to social media. I’ve managed to piss quite a few people/groups off with blog posts in the past  — to the point of DDoS attacks for days on end. My stance against Blackhat affiliate marketers; bad Twitter bots; rogue apps; and the like are part of who I am. I’ve never been one to pretty up a tweet or a social post if I think there is something rotten in the state of Denmark.

In Conclusion

Anyone can become anybody on the Internet. That is why social engineering is so trendy. Though they talk the talk,  sometimes I check out their walk. Ex-hackers are like that sometimes…



Leave a reply