Categories
CyberSecurity

App Privacy

I was going to write about something completely different today but sometimes life kicks you in one direction and you just have to keep going.

Yesterday I was very excited to receive my new video lights! They do some pretty fantastic stuff including changing to millions of colors, building effects, light grouping I was so excited to set them up. All the lights could be preset and controlled through an app on your phone. I opened them up and set them on their tripods turned them on and installed the phone app.

The app required I create an account. Fine, I’m used to this; it’s annoying but I have trash email addresses I use specifically for this purpose. Then, I got to the login setup page and they are asking for my birthday and gender? Both of these are required fields, I am unable to move forward without them. I’m now moving from annoyed to a little disturbed. Frustrated, I enter myself as a 28 year old woman. I used the email code sent to my trash account and I’m in the application. That was annoying, but mildly painless.

Next, I need to sync my phone via Bluetooth to the light. I push the “Add new device” icon and:

Permission request – All files.

Wait, what? You can save settings without full access to all the files on my phone.

Deny

Permission Request – Camera

Deny

Permission Request – GPS Location

Deny

Cannot add device: Permission error

Seriously? It’s an app which changes the color or brightness of a light. That’s all it’s supposed to do. You don’t need access to all the files on my phone, my camera and my location to do that.

I got around all of this by turning off my GPS and granting temporary access, adding the devices then turning off access which seems to have worked.

Just a reminder everyone, these messages pop up on your phone for a reason. Think about what your app is doing. Think about what it ACTUALLY needs access to. Control the permissions from your app manager.

In addition, if someone what’s to add a new product to there company an app sandbox would be fantastic. When you open an app, the software would make it think it had permissions it didn’t have. For example, only allow it access to only the directory you specify instead of all files. Feed it fake camera and GPS information but only to the one application in the sandbox. This really should be a built-in security feature but it’s not.

Google, get on that!

I’ll add this to my list of projects I need to work on…

Companies don’t realize how harmful this is to the user. Many think they are keeping their customer data safe not realizing what’s going on in the background.

They lay off an employee who had access to it and sells it online.

Someone breaks in and steals it.

Someone gains control of their app and all the permissions it has.

The possibilities for fraud and misuse are almost endless and the general population doesn’t really understand what they’re agreeing to when they allow these permissions.

I’m not listing the name of the company because I’ve found pretty much every company’s app is doing the exact same thing. It’s really time we start pushing back on these companies. Give poor reviews for privacy issues, file customer complaints, support consumer rights legislation. This problem is more out of control than most people realize.

Everyone keep safe out there!

Leave a Reply

Your email address will not be published.