Dear Dave,
One other option is to only use Open Source Software.
Remember Eric Raymond's Law:
"Under 10,000 eyes all bugs are small"
Regards,
Flint
On Tue, 4 Nov 2014, Dave Wilson wrote:
Date: Tue, 4 Nov 2014 12:33:35 -0500
From: Dave Wilson <[email protected]>
To: Paul Flint <[email protected]>
Subject: Smartphone Flashlight APP may be more than you want
Dear Paul Flint,
To view online click here: http://www.invario.net/flash-light-app-may-want/
Right now I want to talk
about smartphone apps and how you may be getting more than you bargained
for. A recent study done by a group called snoopwall.com looked at the
10 most popular flashlight apps for android phones and found that ALL of
them did much more than simply turn on the light on your phone.
•iPhones have the same problem, but do come with a safe built in flash light.
•SnoopWall Threat report on Flash Light Apps.
•Table of Vulnerabilities from popular Flash Light Apps.
Snoopwall Analysis of top 10 Android Flashlight Apps
Snoopwall Analysis of top 10 Android Flashlight Apps
(CLICK TO ENLARGE).
If an app is free to use, its business model could involve selling customer data. Some
apps could also be "developed by professional cyber criminals, enemy nation states
for spying, or by hackers for malicious reasons",snoopwall warns.
In the report from the link above, they recommend 5 steps to secure your phone.
Unfortunately most involve drastically reducing the functionality of your
phone, like turning off the GPS locator, Bluetooth and putting masking tape
over the camera. Personally, I think those measures go too far in reducing
functionality of your smartphone. In this day in age, who of us is going to
turn on GPS, and wait for satellite acquisition to find out how long we will be
stuck in traffic? Our lifestyle demands answers as fast as possible and these
functions will likely not be turned off for long. So what can we do to get what
we want without being a sitting duck?
Invario Recommendations to protect your Smartphone
1.Have the screen lock when idle and type a quick code to open the phone. Very
important if your phone is ever lost.
2.Get in the habit of paying for apps. Even though this is no guarantee that
you will be installing a ‘safe’ app, you are much less likely to have “extra
features” if you are paying for what you want. Most apps cost less than $5 so
this should not be a great financial burden. Encourage you kids to buy their
apps as well. Then as a parent and bill payer you will know what is on their
phones without snooping.
3.The smaller the size of the application the likely better. The popular free
flashlight apps are 1-5MB in size when the code needed to do this function need
not be over 150kb. Makes you wonder what the other 90-95% of the code is doing.
From what I have been able to find out, nobody knows what the code does except
the makers of the app. At the very least this extra code will negatively affect
your battery life.
4.Snoopwall.com has released a free app that they claim as a private flashlight
app that does not do any snooping. Total size 72k
5.Read the fine print. This is easier said than done. The Federal Trade Commission found
that a popular Android app, "Brightest Flashlight Free" has been collecting
users' personal data including location and device ID and sharing it with advertisers
without their consent. The only result of this investigation is now “Brightest Flashlight
Free” has a long disclaimer describing how your information will be shared with
advertisers. So consider yourself warned, I guess. Read more:
6.At this time, I would recommend against doing any online banking or anything
that could affect your wallet on your phone. Avoid using your e-mail contact
list for storing passwords, Credit Card Numbers and account numbers or be
extremely careful about what apps have access to your contacts.
7.Finally, I would suggest moving to two-factor authentication when accessing
anything that requires a password on your smart phone.
TWO Factor Authentication
Two Factor Authentication is a more secure way to logon to computer system. It
works like this. First you are asked to authenticate with something you know
and then a second authentication with something your have.
What you know would be your username and password to your account.
What you have is a cell phone or e-mail address. A verification code is sent to
these devices to complete logon. The good news is this only has to happen once
per trusted computer and browser.
•Windows Phone
•Android
•iPhone (Same app as the Android, but here is a tutorial for the iPhone.)
Below is a link to a good article on how to secure your Facebook account with
the authenticator app. I was able to set this up pretty easily and it worked
for me. However, I suggest setting up some trusted friends in Facebook, so if
you do get locked out of your account, they will be able to send you a code
that will get you back in.
Link to setup Microsoft Authenticator with Facebook.
Snoopwall Analysis of top 10 Android Flashlight Apps
Facebook Security Settings
Final Thoughts
Having information leave your phone on to an unknown third party without your
knowledge or consent is certainly a violation of privacy, but when does it
become a crime? The stealers of information protect themselves with a long a
cryptic license agreement that we must accept in order to use the app. I may
not care that Walmart knows I shop at Target, but I certainly don’t want to
give just anyone access to my bank account, credit cards or Facebook page. What
the license agreement does not disclose is how the data they collect will be
used or sold. It is the use of the data that is harmful. The collection is only
the first benign step.
So be very careful with passwords on your smart phone. Assume your phone is
insecure and the more apps you have the more likely you are transmitting your
personal information. If in doubt, ask your Invario Network Engineer for help.
INVARIO REFERRAL$
If you know of a company that would be interested in the services of Invario
Network Engineers, please reply to this e-mail with your suggestions, and with
whom we should contact.
That is all you will have to do! Upon receipt of the first payment from a new
customer, Invario will pay 10% of the retainer or labor portion of the first
project to the referring person or company. If a new customer signs up for a
Worry-Free IT or Server contract the referring party would receive the
equivalent of one month of the agreed to contract.
Recipients that cannot or do not wish to receive a referral payment may elect
to have the referral fee donated to a charity of their choice or put into a
company entertainment fund.
FEEDBACK
If there is an IT topic you would like to know more about please e-mail me your
suggestions.
Dave Wilson
Message sent by: INVARIO
Unsubscribe
https://ww1.autotask.net//autotask/Popups/Unsubscribe.aspx?pageType=0&credentials=0x010000008fa7bd6100ba973932dea947a973588525f89c330c20288c41e9a1aa13323777d23fb795f3c44e324b3a3682c16cd09515deb0409477d1ef762eb4cc3d952804
Kindest Regards,
Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell
/************************************
Based upon email reliability concerns,
please send an acknowledgement in response to this note.
Paul Flint
17 Averill Street
Barre, VT
05641
