For the last few years, I have used an app on my Android smartphone to log my training runs. It tracks the distance I ran, the route I took, my running pace, and calories burned. If I want to, I can link it with Facebook or other social networks and share my workouts, or I can pay to have my stats broadcast live, so for example, during a race, my family can follow my progress.
Using an app like this is motivating and helps me to organize my training better, but until recently I had never considered the privacy and security issues surrounding fitness tracking devices and apps.
“Privacy advocates warn that consumers aren’t always aware of how sensitive the data the apps collect can be or what privacy protections exist,” reported The Washington Post yesterday.
My smartphone is protected by avast! Mobile Security, so I decided to take a closer look at my apps with the Privacy Advisor feature. Privacy Advisor scans the apps in my device and tells me what kinds of information they collect. Application Management tells me what permissions individual apps require. My fitness app requires me to give these permissions:
- Track GPS location
- Read contact data
- Access accounts
Not too bad; at least when I compare it to the fitness app that came with the phone.
My fitness app respects my privacy, but many health and fitness apps sell personal information like usernames, names and email addresses, and information like medical symptom searches, zip codes, geo-location, gender identifiers, and dietary and workout habits. A Federal Trade Commission (FTC) study revealed that ad companies and data miners are among the third parties that buy this data.
Already some employers are rewarding their workers with cheaper insurance plans for joining fitness programs. But there is worry that the data collected could be pieced together to create profiles that would backfire. It’s fine when you’re healthy for your fitness, health and medical data to determine things like insurance rates or drug pricing, but what if your health declines?
The FTC “is concerned consumers could be penalized based on health data; for instance, a financial institution might adjust credit ratings based on the fact someone has a disease.”
“Information about consumers most intimate health conditions is going to be sold to the highest bidder,” Jeffrey Chester, the executive director of the Center for Digital Democracy, told the Washington Post. “Employers might get access to it, insurers might get access to it, or mortgage lenders — which could lead to a vast array of negative discriminatory practices.”
Know what your apps want
Check what the apps that you have allowed on your smartphone require with avast! Mobile Security. Install it free on Android devices from the Google Play store.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our avast! Business Solutions.
Recently, we have seen many Facebook posts with links leading to applications called Give Hearts, Drink It Up and Daily Horoscope. The applications are very popular – they have over 5 million monthly users – and are managed by the same provider called App Discovery Engine. The posts attracted my attention because they seem to be posted automatically. The entire post consists of the URL which contains quite long text separated with ‘+’. (Later we will see that the text is a horoscope that you see on the page of the application).
To begin investigating these apps I follow the link leading to the Give Hearts application. It redirects me directly to the application. But before I can use it I am asked to grant Give Hearts access to information on my Facebook account like my email or friend lists.
A few months ago, Google announced a new feature in Android. Version 4.2 Jelly Bean has an integrated real-time app scan which should be able to check if applications you install are clean or malicious. But is this enough? Sleazy Android app developers continue to sneak their fake apps by the Google Play gatekeepers. These guys rip off popular apps in an attempt to fool unsuspecting users.
“In the start of this week, Google released a few applications from a developer called GILBERT8332 which pretend they are legitimate applications. Between these applications you can find quite common games such as The Sims 3, Asphalt 6, Ninjago Lego and so on. And compared to original developers they are free,” said Filip Chytrý, a researcher from Avast Virus Lab.
The common result of downloading a bogus app is that personal information like your email address and mobile phone number are stolen and you are served an unending stream of spam and unwelcome offers.
Chytrý warns, “When you download them and install in your android device you will be surprised. All of them are malware. They all start quite innocently with a license agreement of AirPush advert. (AirPush is a advert system which allows to show advertisement in notification bar of your Android device.)”
“And then the funny parts come up. The Game will ask you if you want to change your main page in browser and put a search icon on desktop. Even if you decline, it’s too late. Your browser is already changed for another search page and your device is filled with uncomfortable adverts and as a bonus, the device will send personal information to a third party,” said Chytrý.
Block fake apps
avast! Free Mobile Security blocks fake apps and our new signature targeting protects you against
malware distributed with them. Our popular anti-virus/anti-theft app for Android stops downloads of fake apps and games, so you won’t be duped.
“All of these apps use multiple advert services, steal your personal data and they even are hidden under different creators. But don’t worry. Avast detects all of the mentioned applications as Android:FakeInst-DL, and urls of fake searchers are blocked also,” said Chytrý.
Get avast! Free Mobile Security for your Android device from Google Play. Please add a review and share with your friends if you like it!