Security pros don’t put these apps on their smartphones

Tech news headlines have been filled in recent weeks with ominous warnings about data breaches, sketchy phone apps threatening to steal private information on your phone, hackers on a rampage, and the like, and things will no doubt only heat up from here the deeper we get into 2021.

In recent weeks, we also reported about an app called SHAREit, which lets you share files with other users who have the same app on their phone. Despite being named as one of the most downloaded apps in 2019, a report from the security firm Trend Micro found unpatched security bugs in the app that apparently went unfixed for a few months, which the researchers said means that the Android version of the app could be used to hijack phones as well as to steal personal data.

Today’s Top Deal Amazon finally has 6-layer KN95 masks made in the USA! Price:$39.99 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Beyond all that, there’s also plenty to worry about even from legitimate or legitimate-sounding phone apps, the sort that we use every day and generally without even worrying too much about how they’re handling our data. Through a mix of aggressive permissions to working behind the scenes to snoop on your online activity, here’s a look at how some of these apps nevertheless spy on you or have the ability to do so, even without being the dodgy kind of app that tends to wind up being excoriated by the press for siphoning off data for hackers or part of a big data breach.

Reader’s Digest put together a rundown of some of these problematic phone apps to be aware of. They include:

An app called CamScanner, which one cybersecurity expert told the publication has been found to have malicious components within it. Indeed, a Kaspersky report noted that malware had been found in the app, which nevertheless racked up tens of millions of downloads from the Google Play Store.

Sometimes, it’s app categories in general that can be worth some extra caution. TechLoris CEO Shayne Sherman told the publication that multiple weather apps, for example, have been found to carry Trojans and various malware, and they essentially fool people into sharing information or giving up too many permissions by saying it’s all needed to make the weather report that the app gives you more accurate. Instead, Sherman recommends that you simply follow local news sites’ weather forecasts, as one alternative to generic weather apps.

Another category that’s included problematic apps in the past: Flashlight apps. ExpressVPN vice president Harold Li told Reader’s Digest that, believe it or not, “free flashlight apps are often high cybersecurity risks. Many of these apps are free but ad-supported, and they often request permissions, such as audio recording and contact information, to apparently function properly.” You’ve got to ask yourself, why does a flashlight app need to, for example, access my contacts — especially when the main function is to essentially just shine a light? Check out a previous post we did along these lines, regarding an investigation that found some Android flashlight apps requesting as many as 77 permissions from the user (and besides, most modern smartphones already include flashlight functionality anyway, obviating the need for a standalone app).

Facebook’s family of apps is also mentioned in this report as a category of their own, since they include the main Facebook app, as well as Instagram, Facebook Messenger, and Facebook-owned WhatsApp. For example, Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access,” according to Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence. Both the iOS and Android versions of WhatsApp, meanwhile, have been targeted by exploits that involve sending a message that the recipient opens and then, unbeknownst to the recipient, it allows an attacker to gain access to all the things WhatsApp has access to, like the camera and phone contact list.

Bottom line: Caveat emptor is not just a Latin phrase that sounds cool. Its meaning, “buyer beware,” is a solid piece of advice that should extend to the decisions we make about what we allow onto our smartphones or not. Unfortunately, not enough of us are doing that these days.

Today’s Top Deal Amazon shoppers are obsessed with black AccuMed face masks – now at the lowest price ever! Price:$19.99 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.