We say every year to celebrate our annual Data Privacy Day on January 28th, and 2023 is no different. The threat of access to your data online without your consent is more likely than it was last year. Smartphones, computers, all the apps you use, web browser, smart wearable devices and even smart homes access existing user data and generate new data. Much of it may be personal. Basically, nothing you want in the hands of a cybercriminal with nefarious intent.
There is no doubt that we live in a very interconnected world. This makes having a strong layer of privacy online so crucial. Apps need to be able to keep your data secure while giving you as many options as possible to control what information other users can see about you. Second, the devices that apps and the web access need robust data privacy measures to complete the chaining.
“With the increasing sophistication of cyber threats, companies, individuals and societies in general are highly vulnerable to malicious attacks. Ripu Bajwa, Director and General Manager Data Protection Solutions, Dell Technologies India says, “Ransomware and data theft have been an ongoing problem over the years globally as well as in India.
The latest numbers from the Norton Consumer Cyber Safety Pulse report, which collects threat data from the LifeLock security software suite, give us a fair idea of the threat landscape.
The numbers show that between July and September last year, more than 769 million online threats were blocked on computers and mobile devices. These included more than 100 million file-based malware, 100 million fingerprint attempts to track users and more than 330,000 mobile malware attacks.
Smartphones ask for privacy
The question must be asked, what are the tech giants doing to improve privacy measures on the software and apps they make, the phones as well as the computing devices they sell?
For Apple, efforts that began with app tracking transparency in iOS 14 two years ago have steadily evolved into a much larger toolkit for iPhone, iPad, and Mac users. Preventing websites from tracking you, blocking a series of trackers in emails, hiding your real email ID by creating temporary forms for online forms, encrypting messages and passkeys instead of passwords were additions with later updates.
The latest iOS 16.3 update expands end-to-end encryption for iCloud backups, new iMessage contact key validation for conversation privacy and support for hardware security keys.
“Conversations between users who have iMessage Contact Key Verification enabled receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, successfully compromises cloud servers and inserts their own device to eavesdrop on these encrypted communications,” Apple said in the statement.
Security firm Kaspersky points out that “If you just bought a new device from Apple, you can only enable Advanced Data Protection from the previous device.” This is to prevent someone with stolen Apple ID credentials from signing in to a new iPhone, for example, and to enable Advanced Data Protection encryption.
“We expect fraudsters to continue to exploit people’s vulnerability as economic pressures intensify in 2023,” says Kevin Round, researcher and technical director at Norton. This makes it necessary for the operating system to run in sync with the applications on it.
Google has to match Apple’s fast-paced moves to make its software more secure, but there’s also pressure from its more than 2.5 billion users globally. Android is by far the most popular smartphone operating system.
There has been a tactical boost to our Android Advanced Protection program, which includes Gmail anti-phishing, Chrome Safe Browsing and Play Protect that checks installed apps for integrity and for any bundled threats. App permissions are also becoming more dynamic on Android phones, with more granular controls over whether to give individual apps access to location, storage, camera, and more.
If a user cannot access an app for a long time, these permissions will be revoked to ensure that the now unused app still cannot access any user data.
How private are our apps?
The world’s most popular instant messaging platform, Meta WhatsApp, has extensive controls over who can see you online or your profile picture, blocking accounts and messages that disappear after you’ve viewed them once and reported them.
Late last year, the Meta upgraded WhatsApp’s privacy options, allowing users to leave groups without anyone else in the group receiving a notification, as well as blocking screenshots for messages originally sent as “view once.”
“We’ll continue to build new ways to protect your messages and keep them as private and secure as face-to-face conversations,” Mark Zuckerberg, founder and CEO of Meta, said at the time.
When we think of apps for four very distinct use cases, namely email, VPN, cloud storage, and calendar, you don’t get it all under one umbrella. Certainly not with this level of encryption and data protection. This is what Swiss technology company Proton has effectively changed. Proton Mail, Proton Calendar and Proton Drive provide end-to-end encryption for all communications and data. The VPN application runs the user’s web traffic through an exempt tunnel as well.
Meta has also expanded its end-to-end encryption features on Messenger, which is the second most popular messaging app after sister WhatsApp. The latest batch of updates rolling out now will include active link and state previews, as all user conversations are updated with the new encryption layer.
“Over the next few months, more people will continue to see some of their chats incrementally upgraded with an additional layer of protection provided by end-to-end encryption,” says Melissa Miranda, product manager at Meta.
NordVPN, a popular VPN service, warns that mobile games collect a lot of user data. “Multiplayer games are about interaction and player engagement. However, games like Words with Friends collect an enormous amount of personal data, which makes them one of the worst privacy apps,” they say.
Words With Friends, for example, collects and tracks a broad base of data, including device user identification details, email and contacts from the address book, location data, and the use of cookies to track applications and web browsing as well as Internet Protocol or IP internet addresses.
NordVPN warned, “Before you download any app, check the permissions and see if you can run it without giving it any permissions it needs to track your data.” Apple and Google have updated their App Store and Play Store policies respectively, requiring app developers to provide this information to users on the app listing page. It is up to you, to read carefully before downloading the app.
