It’s easy to notice that there are a plethora of threats to our personal data in today’s modern world. When we sign up for a new service, we’re risking our personal data falling into the wrong hands. But the worst part is that typically, there is no indication that our data has leaked.
Today, there are three potential leak sources that you should make sure you’re cautious of:
This is a problem that is more prevalent on Android, owing to the fact that anyone can develop, download, and install an Android app. Apple has iOS locked down quite tight but that doesn’t stop the occasional bad app from making it through the net. There are several different attack vectors that a mobile app can use to acquire your personal data.
Most of us live a significant portion of our lives on our smartphones, making them absolute treasure troves as far as our personal data is concerned. In some cases, apps will ask directly for the information that they want, although they aren’t always completely honest about what they intend to do with it.
As well as stealing personal and financial data, the same apps that used to leak user data are now beginning to steal user photos and use them to commit identity fraud. Most of us have enough data stored in our smartphones for someone to be able to identify us with relative ease.
A lot of app developers have chosen to fund their or support their apps through the use of advertising. After all, there are now a number of advertising networks that offer code app developers can freely add to their apps. This code will handle everything for the developer, leaving them with nothing to do but collect the revenue that they earn through it. In principle, it’s a great system – app developers get to earn enough money to maintain their apps, while advertisers get to display their ads to large numbers of people.
However, there are also a number of illegitimate ad networks operating. These often have the appearance of being legitimate advertising networks and the majority of them will even pay out what appears to be a fair sum to the developers.
The businesses that pay to be on the network, under the impression that their ads are going to be displayed to mobile users, pay the advertising networks according to the number of views or interactions an advert gets, but it is difficult to verify that ads are being displayed properly. There are ad verification services that can help advertisers to verify their ads are displayed properly. Unfortunately, cybercriminals are using very sophisticated methods to hide more ads on the page and make it look like they are being displayed legitimately.
These malicious adverts have been known to infect legitimate apps, unbeknownst to their developers. This is done by inserting malicious ads into the supply chain of a legitimate ad network. This attack is difficult to pull off but devastatingly effective.
Malicious actions performed by the app include showing ads outside of the visible area, constantly opening a browser using a legitimate link within the app in order to engage in targeted spear-phishing of the user, and stealth downloading malware.
Free Proxies and VPNs
A nefarious proxy is more of a threat than a VPN because with a VPN there is some degree of encryption, limiting what VPN providers can find out about their users. They can still monitor your activity, but with a compromised proxy, they will be able to read all your unencrypted data.
Data is a very valuable resource, so it is only natural that it would attract organized crime. However, few people realize just how prevalent it is and how at risk they might be. Always be careful what apps you install on your phone, especially if they aren’t from an official app store.