September 2015: Security Risk of Overreaching App Permissions

Using personal smartphones and tablets for business purposes carries the risk of inadvertently leaking sensitive data such as contacts, text messages, pictures, documents, or location information. Malicious groups and individuals are using third party applications that users install to harvest data. Most apps are well intended, but others are designed specifically to spy on users and capture data.

When third party applications are installed, they request permission to access different functions of the phone (camera, location, etc.) Most of the time the apps need access to these functions in or for a certain feature of the app to work. For example, to take and upload a photo to a social media site, that social media app may need access to the phone's camera. The security risk emerges when apps request permissions beyond the needs of the application. This is called "Application Permission Creep." Once an app has access to your areas of your phone that contain sensitive data, that data could become compromised.

To avoid this, be sure to note what permissions an app is requesting access to. If the application requests access to areas of your phone that contain sensitve data, decline to install the app and consider other alternatives.

<-Read more back-issues of the Security Awareness eNewsletter