Photo courtesy of elhombredenegro.
I recently confessed that my credit card information was stolen and talked about the importance of Internet safety while shopping online, but it wasn’t the credit cards that got me started. It was actually a snowball of events that happened one day, including the credit card.
It started when I was upgrading apps on my tablet for my daughter. Like usual, I was approving the upgrades, barely paying attention to what they were asking in return, but something caught my eye.
A popular app that my daughter and I love to play, Fruit Ninja, was requesting a lot more permissions, such as camera control and access to contacts, than it had in the past. A little research showed that I wasn’t the only one concerned.
As deal seekers, we’re often giving permission to Facebook pages to get a hot coupon and downloading free-for-a-day apps, it’s important to be aware of what you may be handing over to take advantage of these deals.
Why To Be Concerned
It’s starting to get scary. Logging onto websites with other accounts and accepting permissions to download apps or interact on Facebook is becoming a way of life. As we become immune and fly by these pages with barely a glance, companies are getting bolder.
You can’t count on marketplaces to protect you.
Unfortunately, you can’t always count on marketplaces to protect you. The Federal Trade Commission issued a warning back in February that smart-phone apps are invading children’s privacy taking contacts, call logs, phone numbers, locations and more. While iTunes, Amazon, Apple, Google, and other large app distributors agreed to take steps to help protect your personal privacy, such as requiring privacy policies, that only requires apps to disclose, not to stop.
Revoking permissions later may be too late.
I can’t count the number of times I’ve given access to an app on Facebook to quickly print a coupon or grab a freebie, then I remove the app, assuming that made me safe. I didn’t realize until today that it might just be too late.
Facebook applications can’t store information without permission. If you grant it you’ll have to contact the developer directly to get this information removed from their databases. Revoking only removes the apps access, but doesn’t undo the damage that has already been done (or get back what they’ve already taken).
You may be handing over more than just your own information.
By logging onto websites with your Google Account, websites can get access to your GMail contacts, your calendar to see where you’ll be and when, and even the photos you store on Picasa. Notice it says “such as”, which means these are just examples and not the full list.
Think of who is in your contacts? If you have your email address set to automatically add people you communicate with, it may be more than you know. It’s quite embarrassing when you start unknowingly spamming them.
We’re making it easier for hackers.
In the past, a hacker hacked your Google Account, Facebook, or Twitter, but by logging on with one account on multiple sites, we’re creating a network that can be easily accessed by simply hacking just one. Think about everything you can access with your Google Account password and how much you’d be handing over if someone else got that password.
While many trusted sites use this with the best of intentions, sites with the strongest security have been hacked and experts have already proven there are vulnerabilities with the single sign-on technology used by Facebook, Twitter, Google, and PayPal.
How to Protect Yourself (and Your Friends)
- Keep Accounts Separate: Always opt to set up a new account, instead of logging into websites with accounts you already have set up. I know, it’s more passwords to remember, but it separates accounts and makes you less vulnerable. When this isn’t an option, set up a GMail account specifically for this reason without any contacts or personal informational.
- Set Up Privacy Settings: While privacy settings won’t always keep out sites and apps once you give permission, it can stop your friends from accidentally sharing your information and may help in some situations. Take the time to double check your security settings are protecting your private information.
- Set Up Google 2nd Step Verification: It can be a pain, since you’ll have to grab your phone once a month to get into your GMail, but 2nd step verification requires your password and a unique code sent to your mobile to access your account and reduces the chances of releasing private information unknowingly.
- Use Application Specific Google Passwords: With Google, you can create application specific passwords to use with IMAP accounts like Outlook, installed applications, and other sites that may access your Google Account. By creating specific passwords for each application that accesses your account, you can stop a hacker from getting access to everything when they access just one.
- Never Type Your Password on Other Sites: When you type out your username and password on other applications and sites, you’re giving them your credentials. By using Open ID, sites and apps let you log in using your account without typing your login information and handing over your credentials.
Resources to Help:
- Understanding Third-Party Websites & Google Accounts: What Are You Sharing?
- How To Revoke Third-Party Google Account Access
- Getting Started with Google 2nd Step Verification
- Using Google Application-Specific Passwords
- Facebook App Help Center: Revoking Permission & More
- App for Android Permissions Explained