Popular Mechanics (South Africa)
Hoax[?]: Is your phone really using apps to spy on you?
TIKTOK HAS OUR children’s home addresses. The FaceApp has our photos and the ability to predict what we’ll look like over the course of our lives. Our hotel check-in apps show our travel destinations, room preferences, and upcoming stays. This might not seem like a big deal, but all of this data could be allowing other nations to attack the security of citizens through geotargeting, facial recognition, and pattern projection. A smartphone has the potential to be a more useful weapon than a missile.
According to NPR (National Public Radio in the US), some foreign nations, such as Saudi Arabia, use information shared across apps to identify dissidents and potential spies or to hack into computers. Additionally, the data collected through apps can be used to create psychographic models – groupings of people based on their shared psychological characteristics – that are deployed in disinformation campaigns.
Apps such as the wildly popular TikTok are particularly vulnerable. Owned by a Chinese company, TikTok utilises an algorithm that can be tuned to distribute news or content that sways public opinion – a form of information control that has a proven societal impact. And China’s 2017 national intelligence law contains language that requires companies to comply with intelligence-gathering operations if asked.
‘China has a very different legal framework and perspective on the rule of law,’ says Andrea Little Limbago, chief social scientist at Virtru, an encryption and privacy company. ‘TikTok claims they do not store data in China, but this is difficult to validate and does not address data privacy concerns prior to February 2019. This is especially relevant as user data could inform intelligence campaigns that are targeting American citizens.’ (You might remember
that in February 2019, TikTok was fined for its data-privacy usage.)
Given China’s history of data interference and its faulty humanrights record, Americans should be concerned about data weaponisation.
Adira Levine, cybersecurity fellow at the public policy think tank New America, notes that you should also properly consider the permissions you are granting when you hit ‘Agree’ or when prompted to change your device settings. Such permissions create pathways for other entities, including companies and advertisers, to access the data. The more people who have access to your phone and your data, the less secure you are.
It’s difficult to directly attribute cyberattacks or cyberspying operations to specific foreign nations. It’s even more difficult to make correlations between apps and nationstate attacks. But the growing number of cyberattacks and the increasing reports of apps with potential for misuse should raise a red flag.
Ask yourself if it’s really worth giving away your personal data to a company in China just to pass the time with a mindless app. And think about apps before you download them. The only way we’ll be resilient to cyberattacks is for every individual to be more critical of their own phone, their own apps, and their own safety.