As Facebook changes Messenger, 'risky' app behavior on the rise

A new report out says that the risks associated with mobile apps is continuing to rise, particularly for free apps on the iOS and Android platforms. 

Han Sang-kyun/Yonhap/AP/File
A man walks past banners advertising smartphones by Samsung and Apple at a mobile phone shop in Seoul, South Korea, Nov. 22, 2013.

How secure is the data on your smart phone?

That's the question posed by a new report from Appthority, a mobile app risk management company based in San Francisco. Taking the top 100 free apps and the top 100 paid apps from both iOS and Android, the report analyzed "risky behaviors" that include apps sharing users' information with advertisers, allowing for in-app purchases, and tracking users' location.

According to the report, these risky behaviors are on the rise. In a poignant example, Facebook has been forcing users to switch to its Messenger app instead of sending messages from within the Facebook mobile app. This practice has caused concern among users, particularly among Android owners, because in order to install the app, Facebook requests access to a variety of features on users' Android devices, such as contacts, calendar, and location settings. 

By way of explanation, Facebook says it needs access to this type of information to enhance the user experience. "We use these permissions to run features in the app," reads a Facebook post detailing the reasons the Messenger app requires information stored on a smart phone. 

For its part, the Appthority report shows that more iOS paid apps pose risks than Android paid apps. Ninety-three percent of all top iOS apps demonstrated risky behavior, as opposed to 89 percent of Android apps. But 99 percent of free apps on both platforms demonstrate some sort of risky behavior, the report states. 

A key cause for concern stems from the trend in people downloading apps onto personal devices that they also use for work. As people's personal and corporate data intermingle, outside parties such as advertisers can access information users have stored on their devices, according to the report. And that could include an entire address book of business contacts or meeting minutes stored in your calendar. 

"Work data now lives on the device next to personal data," says Domingo Guerra, Appthority president and co-founder. He says that having important business data transmitted to third parties not only increases the amount of spam an office receives – from advertisers targeting people’s corporate contacts – but also increases the likelihood of corporate secrets being leaked.

"Advertising networks and the app developers themselves, they're not specifically targeting corporate data," he says. "But they're targeting app data and user data, which might include corporate data." 

Still, users tend not to be as vigilant in protecting their mobile data as they would with, say, their computers, according to Mr. Guerra. With computers, he says users have learned over time to begin guarding against potential viruses and hacks, evidenced by the recent discovery of a Russian group that has allegedly amassed more than a billion usernames and passwords.

Nevertheless, there's an "inherent trust" in smart phones. 

"We carry the device with us 24/7," he says. "It's always on, we have our family pictures, our social information, our corporate information, our games, our banking information, on our device. But then we don't really seem to care about what apps we're installing." 

He further noted the risks associated with in-app purchases, which have become an important line of revenue for developers looking to monetize their apps. Because users often opt to download free apps, developers feel compelled to make money in other ways. This typically takes the form of sharing users' data with advertisers. But it also comes from creating avenues for users to spend money within the app itself, be it downloading app upgrades, or adding "premium content" to the app. Fifty-eight percent of the top free Android apps and 55 percent of the top free iOS apps allow for in-app purchases, according to the report. 

Recent months have seen a string of complaints targeted at these types of purchases, notably from unknowing parents whose children have purchased items in apps that were ostensibly "free." Last month, the US government filed a lawsuit against online mega retailer Amazon for taking in millions of dollars through in-app purchases. This primarily came from children racking up purchases on games downloaded from the Amazon App Store that their parents later found on their bills. Similarly, the European Commission, responding to large numbers of consumer complaints, is pushing to make developers omit the word "free" from any app that allows for in-app purchases.

But Guerra says that individual consumers also have the ability to influence how apps are built and when they get access to sensitive information stored on phones. He says it begins with stepping back and questioning why an app is asking you to hand over information.

"My advice would be to step back and ask, 'why does a flashlight app need access to my address book or my calendar?' " he says. As consumers "we have the opportunity to change how the apps are going to be built in the future by raising our standards of what we accept into our devices." 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.