Your Apps Are Watching You

Statistics say 1 in 2 Americans will have a smart-phone by December 2011. Many people keep their address, bank account numbers, passwords, PIN numbers and more stored in their phone. The mounds of information kept in smart-phones is more than enough to steal one’s identity with ease.

What most people don’t consider are the applications that they are using on a daily basis. What information is stored there? According to a recent Wall Street Journal article, more than you think.

After examining over 100 popular apps, they found that 56 transmit the phone’s unique device ID to companies without the user’s knowledge. Forty-seven of the applications transmitted the phone’s actual location, while five sent other personal information such as age and gender.  This shows how many times your privacy is potentially compromised without your knowledge, just by playing music on Pandora.

Here are a few of the culprits:

  • Textplus 4 is a popular text messaging app. It sent the unique phone ID to over 7 different ad companies.
  • Pandora, a popular music application for both smart-phones and computers sends age, gender, location and phone ID to many advertisers.
  • Paper Toss sends your phone ID to 5 different advertisers.
Smartphone providers such as Apple and Google state that they make sure applications get approval from users in order to transmit this type of information. Apple declined to comment after it was found that a popular pumpkin carving app was sending location information without gaining permission first.  Although it is written in Apple’s privacy policy that apps must obtain permission, this clearly is not happening. On the other hand, Google, creator of the Android, does not monitor their apps and what they are transmitting at all. Neither company requires their apps to have privacy policies and 45 of the 100 apps examined didn’t have one.
Here’s what you need to know in a nutshell:
  • Apps are capturing and transmitting a variety of your personal information. If you are using smart-phone apps, your information is being transmitted.
  • Paid apps tend to transmit less personal data than free apps. After all, the free apps have to make money somehow!
  • Get rid of any applications you don’t use.
  • If an app gives you the option to opt out of information sharing, take it.
Even if the application you are downloading and accessing does ask for your permission to gather location information, they don’t disclose who they are sending it to or how they are using it. With so many loop-holes, inconsistencies, and a lack of policing applications, it is clear your information will continue to be transmitted without your knowledge or permission.

Fraud Report: SMiShing Identity Theft


Identity Theft Expert John Sileo’s Latest Fraud Report

Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.

According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:

Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.

In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.

Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.

To minimize your risk:

  • Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
  • Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
  • If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).

John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.