If you are like many people, you have a lot of apps on your phone. According to Buildfire.com 21% of Millennials open an app 50+ times per day with 49% of people overall opening an app 11+ times per day. Additionally, 70% of US digital media time comes from mobile apps. We all are data goldmines! For each of us it is critical to do an audit to see which apps many have access to information that had nothing to do with the app. Have you recently searched your phone or computer to conduct an audit to find your personal vulnerabilities? How are you as a leader or a Board member adding to or protecting your company’s assets?
Your games, weather, health apps to name a few are gathering and transmitting a trove of data. Even when you think you shut them down, they use Permission Creep to add new tracking during updates.
It is not just behavioural and usage data that they track, it is also leveraging your location data, your contacts and call history, cameras and microphones listening passively to your conversations, and account credentials that provides access to many of your accounts.
When considering the worst apps, it’s essential to distinguish between those that pose privacy and security risks and those that are simply poorly designed or functionally deficient.
Apps with Significant Privacy and Security Concerns include Facebook & Messenger, Weather Apps, Words with Friends and Similar Multiplayer games, and explicit dating apps (e.g. BDSM People, Chica, Translove)
Apps often embed third-party software (like ad networks or analytics tools) that can collect and send data to external companies. Even if the app itself is safe, its partners may not be.
So, what can you do? Take every protective measure available!
• Review Permissions: Provide to your CEOs, Boards, and employees access to resources that encourage and show them how to regularly check and limit app permissions to only what is necessary.
• Stay Informed: Keep abreast of news regarding app security breaches or privacy concerns and provide that as part of your leadership and Board meetings.
• Use Trusted Sources: Download apps only from reputable app stores and developers.
• Regular Updates: Ensure apps are updated to incorporate the latest security patches
Recent articles have highlighted ongoing concerns regarding the privacy and security risks associated with mobile applications:
In December 2024, ABC news reported that U.S. officials suspected that a Chinese hacking and espionage campaign collected data on hundreds of thousands of American mobile phone users, potentially affecting over a million customers. The hackers likely obtained temporary call and SMS records, including details of phone numbers contacted and timestamps.
• News Apps and Data Leaks: A report by Cybernews revealed that 87% of magazine and newspaper apps, and 77% of news apps, exposed users’ sensitive information, including authentication tokens for services like Google and Facebook.
• DeepSeek AI App’s Privacy Flaws: Security assessments of the DeepSeek AI app uncovered multiple vulnerabilities, such as the use of hard-coded encryption keys and the transmission of unencrypted user data to Chinese servers.
• VPN Apps Linked to Sanctioned Chinese Firms: Investigations found that VPN apps like Turbo VPN and VPN Proxy Master, available on Apple and Google’s app stores, are linked to Qihoo 360, a Chinese cybersecurity firm sanctioned by the U.S. for alleged military affiliations.
These findings underscore the importance of scrutinizing app permissions and staying informed about potential privacy risks associated with mobile applications.Ongoing Legislative efforts:
Children’s Online Privacy Protection: - The Children and Teens’ Online Privacy Protection Act (S.836) was introduced in the Senate on March 4, 2025. This bill seeks to amend the Children’s Online Privacy Protection Act of 1998 to enhance protections concerning the online collection, use, and disclosure of personal information from children and teenagers.
Federal Data Privacy Legislation: - A bipartisan congressional working group has issued a Request for Information (RFI) to stakeholders on comprehensive federal data privacy legislation. The RFI seeks input on definitions of personal and sensitive information, the interplay between federal and state privacy laws, and considerations for AI frameworks.
State-Level Initiatives: - In Texas, the proposed App Store Accountability Act aims to hold app stores like Google and Apple responsible for verifying users’ ages and restricting minors’ access to addictive applications. This initiative mirrors age verification for products like alcohol and tobacco.
Addressing Foreign-Controlled Applications: - The Protecting Americans from Foreign Adversary Controlled Applications Act targets applications operated by entities from countries designated as foreign adversaries, such as China and Russia.
Federal Communications Commission (FCC) Proposals: - Following the Salt Typhoon hacking incident, the FCC proposed requiring annual cybersecurity plans from telecommunications firms to bolster defenses..