We have all been there - got excited by trending apps, downloaded them in a hurry and ended up giving them access to our data without being overly concerned. Unlike feature phones, smartphones store a huge amount of information, not just product preferences or shopping history, but also crucial financial and personal details if these are connected to banks and social media accounts.
And it definitely feels creepy when 'idle' apps on our phones run in the background, secretly tracking our locations and listening to our conversations on behalf of marketers. Worse still, there could be malware hidden deep within them, which initially grabs data and then spreads the spyware.
Researchers predict more invasive risks. Voice-controlled personal assistants like Siri, Alexa, Cortana and Google Assistant may pose privacy threats as they are always ready to listen to what we say.
Security experts are also worried about voice-command hijacking which could compel voice assistants and voice-command apps to open websites, make purchases or turn off security systems. These malicious commands are usually hidden in white noise and background noise as both are 'audible' to smartphones.
"Digital devices can reveal a lot more about users than they think. That apps use phone cameras and microphones is a well-known fact, but not many users are aware that cybercriminals can also hijack these and use them for malicious purpose," says Sanjay Katkar, Co-founder, Joint MD and CTO of IT security solutions firm Quick Heal Technologies.
"The most important aspect of securing these features is to check the apps seeking permission and whether they really need it. One should also check app reviews and negative feedback. Users should instal security software which comes with webcam protection. This feature will regularly monitor the apps trying to use your phone camera and block the unauthorised ones. It means only safe and trusted apps will be allowed to use your web cam."
Most Android apps seek access to storage, camera, mic, call logs, SMS, location services, sensor data and more. Caution should be the watchword here to stay safe. Refrain from downloading weird apps and be extra careful when granting mic and camera permissions.
Thankfully, given the growing number of attacks, hacks and data breaches, most of the operating systems (OS) give users some kind of control. Managing these permissions is no longer complicated, and dedicated settings make the job easy. But in some cases, revoking permission could break an app's functionality. A voice search app cannot work without a smartphone's mic; a card scanner or a photo app requires the camera, and a ride-hailing app like Uber needs location information. So, keep these requirements in mind instead of putting a blanket ban. Here is a quick look at how you can control permissions across iOS, Android and Windows 10 devices to block snoopers and hackers.
iOS and Mojave: The Privacy settings on any iOS device will help you control apps' access to various built-in features such as location settings, contacts, calendars, photos, camera, mic, Bluetooth, health data and more. Opening a specific category, say camera, displays the apps which have requested access and a toggle to enable/disable permission appears next to each app. If you are not sure about a particular app and its requirements, check it out under Settings. For instance, Amazon Music uses mic for voice search while Amazon Alexa uses mic, camera and location for video calls. Managing permissions is also easy on Mojave, the latest OS for Mac devices. Go to System Preferences>Security and Privacy for the list of apps seeking access and turn it off.
Android OS: As discussed before, most Android apps seek a host of permissions which may not be required to function properly. If your smartphone is running on any version lower than Android 6.0 (Marshmallow), go to Review App Permissions to allow/deny access. However, privacy features improved after Google rolled out the sixth-generation Android in 2015. As of now, anyone using a device running the Marshmallow or up has it easy as a developer must request permission for every new feature and the initial permission, granted at the time of the first installation, will not suffice. In this case, go to the Apps section under Settings and tap the option called App Permissions to review and revoke access. You will also come across a list of built-in features (much like what we find in iOS) which might be used by apps. When I checked it, there seemed to be a strong demand for camera access. Even an entertainment app like Zee5 or an OTA app like MakeMyTrip asked for it.
Windows 10: Windows devices are not immune to app overreach either. Hence, Microsoft allows users to review and change permissions. If the device comes with a camera light, it will turn on when the camera is in use. In case there is no camera light, you will get a notification whenever the camera is turned on or off. To manage these apps, go to Start>Settings>Privacy>Camera/Microphone. From the App Permissions tab, you can see which ones are accessing your camera/mic and deny permission for the same. But there is a catch. Even when camera access is turned off for each app, some of them may still be able to open the camera to let users take snapshots or record videos. However, the camera will not capture images or videos unless the user selects the photo/video button. Besides apps, some websites may try to use your camera/mic, but the Microsoft Edge browser can prevent it. Go to Settings>View Advanced Settings>Website Permissions and click Manage. Select the website to disable camera and mic access.