Smartphone Apps Call up Privacy Concerns
Storing confidential work information on personal smartphones or tablets is risky because the information can fall into the wrong hands. Loss, theft or hacking of the devices pose the most obvious threats to information security. But you may not yet have heard about the latest threat: Smartphone applications.
Recent news reports revealed that some smartphone applications are retrieving contact information stored on smartphones without first obtaining users' explicit permission. These applications access the data on a device, transmit it to the application developers' servers, and store it there -- often without the device user even knowing about it. Many of the most popular apps have features that find a user's friends who are also using the app. The apps do that by going through the user's address book.
Apps that take user's address book information don't always take precautions to transmit it securely, which makes the information vulnerable to theft while it is in transit. Even if the information is encrypted, it will be unencrypted when it reaches the app developer's servers. Some developers discard the information after using it to locate the user's friends, but other developers store it on their servers. Even when the developers have good intentions, as most do, their servers can be hacked. Worse, a malicious app developer could create an app just to steal data.
The news of these privacy violations has caused an uproar. Even Congress has gotten involved recently. App developers and Apple have promised to improve their practices and require explicit user permission for apps to access address-book data, But when it comes to respecting the privacy of information stored on personal devices, the track record of app developers does not inspire confidence. This most recent threat to information security is a good reminder that companies need to train employees on how to protect the information they handle in the course of their jobs. WeComply's online information security training course gives employees the information they need to protect proprietary and confidential information.Categories: Data Privacy & Security
Tags: Data Privacy, Data Security, Data Security, Information Security