Facebook has announced that it will soon be publishing an update to its iOS app, which will fix a flaw in the program that allows phone calls to be made without the user’s knowledge or consent.
So, the downloading and use of a Facebook App could create security threats? Who’d have thunk it? Oh, wait…I could, and did. Last December I posted an article calling out the Android permission settings on the Facebook Messenger app and others like it.
I highlighted the threat that the “without your permission” stipulation, among others, could open the door for malicious third party software or hackers to gain access to your smart phone.
The article created quite a stir when it went viral last month when Facebook began removing the IM function from within its social networking app. For the most part, readers shared my concern; however, a select group of self-proclaimed tech geeks suggested that I was misinforming people and that I was just paranoid. Others pointed to the fact that the permission settings were specific to Android and that the sandboxing offered on Apple’s iOS would prevent such unauthorized access from occurring.
Was I just paranoid?
Are security issues only possible on Android apps thanks to the manner in which it manages permission settings? Well, earlier this week Andrei Neculaesei, a developer at Copenhagen-based Airtame, discovered a dangerous bug in the Facebook iOS app’s programming that might cause potentially expensive calls to be made with your iPhone, without requesting your permission.
The threat could be even bigger. Neculaesei predicts that the vulnerability in theses apps could automatically transmit a video feed to attackers when clicking on a link within Facetime, for example. Facebook has announced that it has already developed an update to address the security threat; however, a release date has yet to be listed as of the date of this post.
Are We Right to be Paranoid?
My security concerns over our increasing use of mobile apps, for which we rarely read the permission settings or terms of service, were met with harsh criticism by some who said I was wearing a tinfoil hat and breeding paranoia.
I hate to say “I told you so” but, well, there it is. One of the potential threats I feared has come to life.
Will there be others? Of course there will.
Should you delete all your mobile apps? Of course not.
What we should do is start taking the time to read the fine print before we download apps that request access to our phone’s data and functionality, and really consider if the app’s utility is worth the potential security risks that may come with using it.
Next, we must put more pressure on app manufacturers to be clearer and more specific about how and why they need to access certain data and functions on our phones, and offer limitations on how that data will used once collected. Finally, we must start to insist that they add greater safeguards to protect our data or we’ll stop downloading them.
As developers and marketers of mobile apps, why not take the lead? Put the customer first, see what that does for your bottom line.
Feed your Community, Not Your Ego