We say it every year to mark the annual Data Privacy Day on January 28, and 2023 is no different. The potential of threat to your online data being accessed without your consent is more than it was last year. Smartphone and PCs, all apps you use, web browser, smart wearables, and even smart homes are accessing a user’s existing data and generating new data. A lot of it may be personal. Basically, nothing you’d want in the hand of a cybercriminal with nefarious intent.
There is no doubt we live in a hyper-connected world. That makes a strong online privacy layer crucial. Apps need to be able to keep your data secure while giving you as many options as possible to control what information other users can see about you. Secondly, devices that you access apps and the web need to have strong data privacy measures in place to complete the sequence.
“With cyber threats becoming increasingly sophisticated, businesses, people and communities at large are highly exposed to malicious attacks. Ransomware and data theft have been a persistent issue through the years globally as well as in India,” says Ripu Bajwa, director and general manager, data protection solutions, Dell Technologies India.
The latest numbers from the Norton Consumer Cyber Safety Pulse Report, which collects threat data from the LifeLock security software suite, give us a fair idea of the threat landscape.
The numbers indicate that between July and September last year, more than 769 million online threats were blocked on computing and mobile devices. These included more than 100 million file-based malware, 100 million fingerprinting attempts to track users and more than 330,000 mobile malware attacks.
Smartphones dial up privacy
The question needs to be asked, what are the tech giants doing to improve privacy measures on the software and apps they make, and the phones as well as computing devices they sell?
For Apple, efforts that started with App Tracking Transparency in iOS 14 a couple of years ago have steadily evolved into a much bigger toolkit for iPhone, iPad, and Mac users. Stopping websites from tracking you, blocking a gamut of trackers in emails, hiding your real email ID by generating temporary ones for online forms, encryption of messages and passkeys instead of passwords were additions with subsequent updates.
The latest iOS 16.3 update expands the scope of end-to-end encryption for iCloud backups, a new iMessage Contact Key Validation for conversation privacy and support for hardware security keys.
“Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications,” said Apple, in the statement.
Security firm Kaspersky points out, “If you just bought a new Apple device, you can only enable Advanced Data Protection from the previous one.” This is to prevent anyone with stolen Apple ID credentials from signing into a new iPhone, for instance, and enabling the Advanced Data Protection encryption.
“We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” says Kevin Roundy, researcher and technical director at Norton. That makes it imperative operating system must work in sync with the apps on it.
Google must match Apple’s fast paced moves to make its software more secure, but there is also the pressure of more than 2.5 billion users globally. Android is by far the most popular smartphone operating system.
There has been tactical strengthening of Android’s Advanced Protection Program, which includes anti-phishing in Gmail, safe browsing for Chrome and Play Protect that checks installed apps for integrity and for any bundled threats. App permissions too have become more dynamic on Android phones, with finer controls over whether you want to give individual apps access to location, storage, camera and more.
If a user doesn’t access an app for a significant period, these permissions are revoked to ensure the now unused app isn’t still able to access any user data.
How private are our apps?
The most popular instant messaging platform in the world, Meta’s WhatsApp, has expanded controls over who can see you online or the profile photo, blocking and reporting accounts and messages that disappear after they’re viewed once.
Late last year, Meta upgraded the WhatsApp privacy options, allowing users to exit groups without everyone else in the group getting a notification, as well as preventing screenshots of messages that were originally sent as ‘view once’.
“We’ll keep building new ways to protect your messages and keep them as private and secure as face-to-face conversations,” said Mark Zuckerberg, founder, and chief executive officer of Meta, at the time.
When we consider apps for four very distinct use cases, that is email, VPN, cloud storage and calendar, you will not get all under one umbrella. And most definitely not with this level of encryption and data safeguards. That is what Swiss technology company Proton has effectively changed. Proton Mail, Proton Calendar and Proton Drive offer end-to-end encryption for all communication and data. The VPN app runs a user’s web traffic through an excepted tunnel too.
Meta has also expanded end-to-end encryption features on Messenger, the second most popular messaging app after sibling WhatsApp. The latest set of updates rolling out now, will include link previews and active status, as all user chats are updated with the new encryption layer.
“Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption,” says Melissa Miranda, product manager at Meta.
NordVPN, a popular VPN service, warns against mobile games that collect a lot of user data. “Multiplayer games are all about interaction and player engagement. However, games like Words with Friends collect an obscene amount of personal data, making them one of the worst apps for privacy,” they say.
Words with Friends, for instance, collects and tracks a wide base of data, including the device user’s identity details, email, contacts from the address book, location data, use cookies to track app and web browsing as well as IP, or internet protocol addresses.
“Before downloading any app, check the permissions and see if you can run it without giving it any of the permissions it needs to track your data,” warn NordVPN. Apple and Google have updated the App Store and Play Store policies respectively, which makes it mandatory for app developers to provide this information to users on the app listing page. It is up to you, to read carefully before downloading an app.