Security News

The risks of following deplatformed apps into the wilderness

Christopher Budd, 10 February 2021

Here's where Parler has ended up — learn the risks connected with using deplatformed apps that return to service

In mid-January, Amazon, Apple and Google ended their commercial relationships with the social media app “Parler”, citing inadequate moderation policies. Over the course of two days, Parler was removed from the App Store, the Google Play Store and Amazon Web Services (AWS). This removed both the app and the web and cloud infrastructure it relied on, effectively wiping it off the internet. Because these companies removed Parler from their platforms, this has been referred to as “deplatforming” Parler.

What does it mean to be deplatformed?

Being deplatformed isn’t the same as an app or service being completely banned from the internet, as no single company or government controls the entire Internet. Even if several companies act, they still can’t ban an app or service from the internet entirely. However, deplatforming can remove an app or service suddenly, like what happened with Parler. 

But deplatformed apps and services can and do find new homes and return to service. For example, the social media app Gab was “deplatformed” in 2018 and it returned after a little over a week gone (and is still in use today). The people behind Parler have said on their website that they’re looking to return to service and have struck a deal with the company that helped Gab return to service. 

Adding to the uncertainty around Parler’s future, on January 29, Parler CEO John Matze was fired.

As of this writing, Parler’s website has returned but the full app and service hasn’t. But given Parler’s stated goal of returning to service and Gab’s successful return, Parler could well return in the future. If Parler does return, though, it likely won’t be the same app and service that it was before its deplatforming. Just like with Gab, for Parler to return to service, it will have to find new ways to distribute their app and new companies to provide the cloud infrastructure that the app relies on.

Rehoming Parler

You can almost think of it in terms of moving house: Parler was evicted from Amazon, Apple and Google and has to find a new place to live. Just like there are more and less safe neighborhoods in the real world to live in, the same is true for the internet. Amazon, Apple and Google are among the safest neighborhoods on the internet. If Parler does move, it likely will be moving to a less safe neighborhood. This means that if you want to keep using Parler if it returns, you’ll likely be going to less safe neighborhoods on the internet to find it and should take extra steps to protect against related increased risks.

There are two areas of greater risk if you follow a deplatformed app to a new home: the app itself, and the web and cloud infrastructure that support it.

When an app is no longer available through the official App Store and/or the Google Play Store, the risks around getting and installing the app skyrocket. You can install apps from places other than those official outlets, but those other places don’t always have the same security checks that those official stores do. 

Mobile apps downloaded from third-party sites are one of the main sources of mobile malware, especially on Android devices. Not only are there risks that the apps might have malware, but the sites offering the apps might themselves be risky in terms of malware and phishing. In addition, if you’re using an iPhone, the only way to install apps from anywhere but the App Store is to “jailbreak” the phone, a step that Apple strongly recommends against for a host of reasons, including the fact that it breaks the iOS license agreement and can leave you without help or support from Apple.

There’s also the fact that you can’t be sure that you will get what you think you’re getting. For example, Avast researchers found an Android app on January 16 (after Parler’s deplatforming) that claimed to be a “Parler Updater” and used the Parler logo. The app turned out to be a classic piece of spyware that would seemingly disappear after you installed it, yet it would have complete control of your device — including being able to install other (potentially malicious) packages. The naming, packaging and timing indicate that the people behind it may have been trying to capitalize on the deplatforming of Parler to spread their spyware.

In addition to risks around locating and installing deplatformed apps, there are risks from the web and cloud infrastructure too. A deplatformed app and website that returns to service may have to resort to less well-known and less-reputable hosting services, sometimes in other countries. This can raise increased risks around the security and reliability of the site and service itself. It also can raise questions around who might be able to intercept the site and services traffic when passing through those other countries. Finally, hosting on lesser-known and less reputable sites can raise concerns about the integrity of the data and who has access to it.

So in a nutshell, while you may want to continue to use an app once it has been deplatformed and returned to service, it’s crucial to understand that you’re going to be following it into rougher neighborhoods on the internet.

We don’t know whether Parler will ever return. And if it does return, it’s possible it will make the necessary changes to return to trusted app stores and services, like AWS. But if Parler does return by offering its app outside of trusted app stores and by using other less-known hosting services, you’re now aware of the increased security risks you may be facing. 

What you can do to stay safe

If you should choose to follow a deplatformed app or service, stay aware and ensure that you’re taking the necessary precautions, such as using a VPN. The top reason to get a mobile VPN is to ensure that you have a secure internet connection. A VPN guarantees that, no matter how you connect to the internet, the information you send will be secured. Read through our resources to find out more about making use of a VPN.