It has been reported that the NSA and GCHQ have designed techniques to access mobile apps including the popular Angry Birds to collect personal data from users.
Previously undisclosed documents released by Edward Snowden revealed that both agencies had accessed ‘leaky’ apps that reveal users’ location, age and gender, amongst other information.
Some insist that users need to be more careful about the types of apps they install, especially if they are free as they will usually rely on advertising revenue. These apps can then take the user’s data without their knowledge.
Tony Dearsley, computer forensics manager at Kroll Ontrack UK, said that users should be especially careful with free apps:
"Apps like Angry Birds, which are ostensibly free rely upon advertising revenue to exist. The advertising is typically targeted at the user by virtue of their online activities and profile gathered by the app supplier. There is risk inherent with many such ‘free’ apps and when you install them they ask/demand access to many areas such as contact list, network, internet and a plethora of other running services on the device. Most people answer yes to the prompts, not realising the level of information to which they have given access."
Should it be down to the user to check every request made by the app for information?
Grayson Milbourne, security intelligence director for internet security company Webroot believes that it falls on consumers to be more wary about app information:
"Consumers are very trusting of the likes of Facebook, Twitter and Angry Birds – they are apps they know and have used for some time. The fact that the NSA is able to access the data will come a shock. To protect themselves, consumers must think about the data they’re giving away. If they’re playing a game and it asks to access their microphone or geo-location – question why the app would need that. If it makes no sense, don’t agree. Certain data – location, photos and so on – can only be taken if consumers agree. If apps store that information without permission then that is a whole other issue and one that will only ever end in court."
The general feeling is that we can’t control what these companies do, but we can be more aware about their intentions and what data they are seeking. We can then monitor our mobile apps more carefully, only allowing them access to the information that they truly need.