Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New apps such as Be Like Bill raise a red flag when it comes to privacy.
January 27, 2016
4 Min Read
This is Mike.
Mike works in the security industry and is concerned about his privacy.
Mike wonders why people sign up for Facebook apps so quickly.
Mike doesn’t sign up for Facebook apps without a quick read of the terms of agreement.
Mike is smart.
Be like Mike.
A few months ago, people on Facebook were up in arms over a perceived breach of their privacy (which turned out to be a hoax), so they were posting the following status:
"As of September 29, 2015 at 10:50 p.m. Eastern standard time, I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, or posts, both past and future.” And so it went on for another 100 words or so. Aside from the fact that this was in response to a hoax, there was quite a lot of noise made about this supposed violation of their privacy. But my question is, how quickly do they give up their privacy when presented with a new app or new technology?
Many of these fun quizzes or posts go through everything that you have done on Facebook. That should raise a red flag about the potential privacy issues, but millions of people install them and trade their privacy for a brief moment of fun. Unfortunately, there’s a very fine line between an app that’s fun and one that can be damaging. Most fall in the fun category and ask for a limited set of information. However, at least one recent app asked for a bit more.
If you install that app and give permission, the developers can harvest your:
Name, profile picture, age, sex, birthday, and other public info
Entire friend list
Everything you have ever posted on your timeline
All of your photos and photos you are tagged in
Hometown and current city
Everything you have ever liked
Your IP address
Info about the device you are using, including browser and language
I am not saying that this particular app is malicious, but no quiz or app should need access to this level of detail. They may or may not promise in the user agreement not to store it, use it, or sell it, but either way you have lost control of your data and associated privacy. It is much better for apps not to ask for it in the first place.
Harmless Or Harmful?
As a consumer, how do you tell the difference between fun and potentially damaging? Look closely at what the app is asking for, and think about the potential risk of that data. Consumers are the big target of these apps, and where security and privacy are concerned, people are always the weakest link. This same info could be used to guess passwords, security questions, or even impersonate someone for a bit of live social engineering, all of which have serious business implications.
Now, people have not been reading terms of agreement for decades, and they are not likely to start anytime soon. What I would like to figure out is why didn’t the Facebook privacy hoax rampage provoke concern over other apps? Or more important, what do we need to do differently so that data requests by every app, device, and Web page are treated with appropriate levels of privacy concern? Because at this rate, it is only a matter of time before we might as well just publish everything and save our adversaries the trouble.
About the Author(s)
Michael Sentonas is President of CrowdStrike. Previously, he served as Vice President, Technology Strategy, at CrowdStrike as well as Chief Technology Officer. With over 20 years' experience in cybersecurity, Mike's most recent roles prior to joining CrowdStrike were Chief Technology Officer – Security Connected and Chief Technology and Strategy Officer APAC, both at McAfee (formerly Intel Security). Mike is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats.
He is highly sought after to provide insights into security issues and solutions by the media including television, technology trade publications and technology centric websites. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor's degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.
You May Also Like
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics