We used to know them as programs - software you install on your desktops, laptops or servers. Since the dawn of mobile computing, we now have stores; the App Store, the Google Play store, the Microsoft Store to name a few. Each offering their versions of apps that work on different platforms and devices. What most don’t realize is how these apps are created, what access they require of your personal identifiable information and other device resources that you may not have a clue about. But least we not forget that we still have desktop, laptop and server based software programs.
The costs (time, connectivity, labor dollars, security and resources) can be steep. Whereby, if you don’t update, you leave yourself and/or your devices insecure. Or you lose functionality or gain some. However, it is key to plan and even play into these upgrades/updates and changes that keep you current but hopefully don’t compromise existing security parameters. Further, it’s not only the apps that require or demand updates but the operating systems that these apps depend on. The phrase of the weakest link comes to mind. As I like to state, once you ‘buy-in’ to any service, you are now committed to keeping up with the times and changes. And those changes can be few to excessive – it all depends on the app or software – even the vendor pushing their solutions. How often do you find yourself needing to update Adobe or Java? For me – too often. Obviously, there are underlining problems with some apps and software solutions but to use it securely – it’s best to update them as quickly as possible.
Recently, to my surprise, there were changes to the ‘new’ YouTube app. YouTube has worked on my mobile devices fine for a few years now. Unfortunately, their recent changes led me to remove the YouTube app from all my personal devices due to the overreaching permissions that I don’t believe any video app player should have access to. I made a choice. Though this app came pre-installed on my cellular device and therefore, I could not remove it – only disable it. And so I did, as I don’t believe YouTube needs access to my contacts, SMS and other device information.
In turn, it led me to write this article not to alarm people but to inform people to be aware of what these apps are doing and basically, what you are giving up ‘accepting’ the changes to the permissions levels on any respective device. It’s critical to understand what metadata these devices are collecting and where that information is being shared or passed around. Further, personal versus business is as important in understanding as some requirements may be demanded prior to moving forward.
Most financial institutions require that they communicate with their client base and inform them of their privacy rights. Unfortunately, ‘the stores’ are not confined to these same factors our financial institutions or other resources that are regulated by even though you place your credit card information, addresses or other personal information within these stores, apps and otherwise. Sure, you can seek out their EULA (end user licensing agreement) and read through them. It’s almost like reading legislation where as you must not only have the EULA but all the parameters and other resources to understand the full effect on what you are granting access to and for.
The last time I reviewed Microsoft’s EULA, it was basically like reading the ACA (Affordable Care Act) legislation. Not only did I have to have the EULA but also several other links, 11 plus in total, that in turn exceeded several hundreds of pages of documentation to see the big picture. And this documentation is boring, some may say bathroom reading or late night go-to-sleep reading but to understand the impacts, allocating time (at a cost; time equals money) to read through these documents is key to understanding what parameters you have committed to or how your clients and customers are impacted in their daily use of said solutions.
We all want to use these apps, be it a game, a mobile spreadsheet solution and other convenience based services. It makes all our lives easier to some extent. Still yet, I would like to see these platforms and permission levels to be better defined and available to the public; you can in fact find what permissions Microsoft or Google desires but you can only review in your iPhone what Apple ‘takes’ and uses at their discretion.
I think it’s time for all technology companies and software applications to be more upfront, concise and informative. These companies or programmers shouldn’t be hiding any details deep in their EULA’s. I hope that our legislation now and in the future, defines these parameters to not be hidden or buried in technology jargon but straight forward and available to gain answers quickly so that we all understand how we are impacted by a new game that a kid may like on their parent’s phone but how that parent is being compromised in providing entertainment for their children on their company or personal devices. The time has come for Information Technology legislation to change and provide these answers that today you may not consider important but are truly critical to our ongoing security and access to personal identifiable information.
Here is how you check apps and their respective permissions on:
Windows 10 Pro:
- Settings>Privacy> Each ‘component’ is used to determine what access the app or software has
- The Windows Store = You’ll find app access needs under the ‘Additional Info” area
- While in the Google Play Store: Choose an app without installing it, scrolling all the way down the chosen app, you’ll find ‘Permission Details’ and it will list what permissions the app has access to
- Once installed, you can review this by going into Settings>Application Manager> by opening any app that is already installed, scroll to the bottom and you’ll see under “Permissions” what the app has rights/access to
Apple iPhone or other iOS devices:
- General>Settings>Privacy – within here you will find each app that has access to the devices capabilities. An app can be listed under several different resources.
Be safe out there.