In the home office, the use of software solutions such as VPN services, anti-virus programs and AdBlockers is increasing. Those who carelessly use free services can make unpleasant discoveries: payment is often made with personal data.[1]
Not only already exposed services use their customers’ data for various purposes, the additional monetization of user data is also an important business process for navigation services and search engines, wearables like fitness trackers, social media sites or online shopping services. Personal data is valuable and in high demand to gain specific knowledge advantages.
Paid or free – the users always pay
If you put yourself in the provider’s shoes, it becomes clear, that somehow the companies have to cover their costs and earn money. Since there is no obvious income from users for (supposedly) free services, the software must be kept profitable on the market by other means. This usually works at the expense of the consumers. Even services that are actually supposed to make IT services more secure become a risk factor through data transfer.
Cybersecurity services – different ways, one goal
There is nothing easier than installing new software on your PC or smartphone: click download, follow the installation, and agree to the terms and conditions and privacy policy – done! However, many programs require additional authorizations or information that hardly anyone checks or analyses in detail. With various identification options, locations and other data, users reveal a great deal about their interests and personal circumstances – especially when the data is stored, enriched and linked in the background. The scope and purpose of this data collection cannot be predicted at first glance.
Unserious apps with additional security risks
Some free apps have been found to have other questionable features when analysed by security researchers. Some ad blockers place and prefer their own advertisements, VPN services sell detailed data on user behaviour instead of anonymizing it, and apps for data minimization install their own root certificates that can infiltrate data security and encryption. These business practices have now also attracted the attention of app store operators. Applications that have attracted attention through such functional implementations have been removed from the Apple App Store and the Google Play Store. Suspicious providers who appear to be acting systematically are being investigated more closely. [2]
Safety recommendations for end users
Pay attention to the services you install and use on both your PC and smartphone. Often it takes too long until dubious applications are uncovered. Security experts generally advise against installing apps that demand more rights than necessary or require other in-depth access to the system. This also includes the additional installation of, for example, system optimizers, virus scanners or other additional tools, as they often appear with PC applications. A good example are flashlight apps that require access to contacts, ID and network. Any such requests should prompt the user to cancel the installation in order not to unnecessarily compromise the security of his system.[3]
When selecting and using free services, always ask yourself which use cases you as a user want and need to cover. Check your instincts: Is it realistic to operate such a secure service for free? Do not save money the wrong way. Only use and install applications whose providers you trust and who can also prove a good reputation in independent evaluations and tests.
Links:
Underestimated threat: Mobile malware
Security tips to protect your data and devices
[1] https://techcrunch.com/2020/03/10/your-vpn-or-ad-blocker-app-could-be-collecting-your-data/
[2] https://www.techadvisor.co.uk/news/security/vpn-apps-stealing-data-3783792/
[3] https://www.zdnet.com/article/most-android-flashlight-apps-request-an-absurd-number-of-permissions/