How To: Sidestep Shady Methods Used By Some Data-Stealing Apps

Advertisement
Advertisement

Mobile apps have access to a lot more information than many users may be aware of and at least some of those are deliberately trying to gain access to far more sensitive information than is required for the app to function. Some apps are also just terrible at holding onto personal data securely and that's not always deliberate. In some cases, as recent reports from Positive Technologies have shown, apps just aren't necessarily coded in such a way as to prevent problems — including data theft.

Manually restricting and limiting access to that data is, as a result, vitally important for anybody who wants to keep their private data to themselves. It's safe to say that accomplishing the task isn't an entirely straightforward process. But it is possible to ensure that at least some of that data is locked down against a few of the ways it's likely to leak out.

Use the tools at your disposal in the Google Play Store

Advertisement

One of the best ways to avoid unwanted data mining from applications — and other malware too — is to use the tools provided by Google in the Android's Google Play Store app. The most prominent of those tools is also often the most overlooked. Namely, that's app reviews.

Chances are good that if there are going to be or have been problems with or after installing a given application, it has caused issues for other users. Whether that's shown up through poor performance for the app in question or through problems seen on a device it's been installed on, there's also a good chance any issues will show up in the app's reviews. So that's the first place that should be checked, preferably before an app is even installed.

The easiest way to accomplish that is by navigating to the app store and then to the app that needs to be checked before scrolling down to the section housing reviews. In the latest version of the Play Store, the top positive and negative reviews will be showcased near the top of the page.

Advertisement

Clicking or tapping the "More" link next to the "Top negative review" header will load up "Critical" reviews sorted by relevance. Those can be sorted by various metrics, including the most recent as well as the most relevant with filtering for the newest iteration of the app or for reviews from the specific phone the Play Store is being accessed from.

Another tool that's readily at Android users' disposal is Google's own Play Protect feature. Without leaving the Play Store, that's easily accessed by navigating back to the app market's home page and selecting the three-dash icon at the top-left-hand side of the UI to call forward the deeper app menu. Approximately halfway down the page, there will be an option labeled "Play Protect."

After selecting Play Protect, users will be greeted by an interface topped by a shield icon and description pulled from the latest scan — Play Protect should be scanning automatically at regular intervals. As shown in the example images, that should include a description of whether or not there are any issues, a list of recently scanned apps, any apps that are showing issues, and any actions taken if any.

Advertisement

If Play Protect finds issues, it will remove or disable the offending app from the device and describe the issue. In some cases, users may need to manually uninstall the app.

A link is provided at the bottom of that page leading to a more in-depth explanation of the tool and users can select the gear-shaped settings icon at the top-right-hand side of the UI to ensure that scanning is turned on. There will also be an option to help Google improve the security service by sending in unknown apps.

For manual scanning, there is a green circular arrow icon next to the shield icon at the top of the page that activates scanning whenever tapped.

Advertisement

Shut down access to permissions apps don't really need

Another aspect of the problem that's often overlooked is the permissions apps request to run. In some cases, such as with location permissions and mapping applications or SMS permissions and a text messaging app, those are required. In other, that's just not the case.

It's usually pretty obvious whether or not an app needs access to any given permission in order to function and sometimes developers will even describe what various permissions are required for in their apps' descriptions. So the first place to start improving the situation with data-tracking in apps is going to be at the Play Store before apps are even installed.

Advertisement

Permissions for a given app can be viewed in the Play Store by navigating to the desired app and then scrolling down to the bottom of its description — often hidden behind the "Read More" link. App permissions are clearly marked at the bottom of that page and clicking the "See More" link will reveal every permission the app is asking to access.

As with the abovementioned Play Protect feature, a "Learn more" link is in place for a more in-depth explanation of those permissions.

Viewing those permissions before downloading can give users an idea of what permissions may need to be turned off or whether an app should be downloaded at all.

Advertisement

Once apps are downloaded, Android offers several ways to turn off and view permissions outside of rejecting or accepting requests for access via menus that crop up within the app after it's been launched or a specific feature accessed.

To quickly see an overview of exactly which apps are using which category of permissions, opening up the Settings application before selecting the option titled "Apps," "Application Manager," or similar will bring forward the appropriate menu. That will load up a list of apps — with the exception of system-level apps — and in many cases, a "Permissions" option.

That submenu may be housed in an overflow menu at the top-right-hand side of the UI under a three-dot icon — which is also where the "Show system apps" option is. Regardless of where it's been placed by the OEM, opening App permissions will bring call forward a list of permission categories, shown alongside a number of apps accessing the permission and the number requesting access.

Advertisement

Tapping any of those will call forward a list of toggles for each app that's requesting permission for the selected option.

An individual application can be selected from the list of apps shown prior to the App permissions page to discover its permission settings too. After selecting an app, a series of details will be shown, organized by section. Scrolling down to the "App settings" subheading and clicking on "Permissions" will call forward the permissions in use by an individual app. Toggles will also be shown for turning those off or on as needed.

Stop apps from scouring location data

As shown in the example images, location data access can be turned off on a per-app basis too and that's good because that's among the most sensitive pieces of information a smartphone stores. That doesn't necessarily stop apps from collecting data from other apps or from files such as photos though.

Now, the easiest way to cut apps off is to turn off location tracking altogether. That can be accomplished very easily by navigating to the Settings application and scrolling down to or searching for "Location." That menu can be tucked within another — for Samsung devices such as the Galaxy Note 9 used in this guide, for example, it's hidden within the "Biometrics and security" subheading, within the Privacy settings.

There's often a toggle directly from that screen to turn off the location tracking entirely. Tapping the setting itself calls forward another UI complete with toggles or menu options for adjusting how the device tracks data — whether using GPS or that in combination with mobile towers and Wi-Fi that's detected.

For Samsung and some other OEMs, a list of recent apps that have accessed location data will also be shown as well as a list of services used for location. The latter of those can often be toggled too. If location data is needed later, it can be turned back on in the same way.

Preventing apps from scrounging location data from pictures snapped with a device, on the other hand, can be accomplished by turning off geotagging in the camera application and in the Google Photos application.

Navigating to the app, selecting the three-dash menu at the top-left-hand side of the page, and selecting "Settings" will bring forward the appropriate option. That should be labeled "Remove geo location" and have a toggle. Flipping that will prevent location data from being taken from links for the photos. Just below that, the "Google Location Settings" option will take users to the location toggle for the entire device.

The gallery application included on some Android smartphones can be used to remove geotagging data too, on a per-photo basis. In the camera app, there's also an option — that will vary widely from smartphone to smartphone — that can be toggled to stop the camera from recording that data, to begin with. Generally, that's found in the underlying settings, typically found behind a settings icon on the main camera interface.