Although most people blame mobile devices for all the data related insecurities, but it’s actually the deceptive apps that do the most damage. Over the years several susceptibilities have been discovered in mobile apps. But the most recent discovery is shocking.
At first it looked, like a case of mere carelessness of application design. But after extensive research millions of apps were found to be leaking private data due to negligence of software developers.
To create an application developer, use software developer kit (SDK). These SDKs consists of a visual screen, compiler, editor and other facilities required to develop an application.
Also Read : Can ISPs Be Trusted With Our Personal Data?
But, the question is what is the harm in using a SDK?
To get an answer to this question you need to read further.
Most mobile applications use third party Software Development Kit (SDK) that aren’t protected. These SDKs use HTTP protocol, that makes data interception and modification possible. Thus, leading to data leak, malware attacks and other high-end attack vectors.
Which apps are found using such SDKs?
Many apps use SDKs from popular advertising networks, but most common are dating and social networking apps.
As these apps have several billion installations globally, a gigantic amount of private data is at risk.
Why are these SDKs used?
As these SDKs are provided free of charge app developers include them to save time, without noticing the security vulnerabilities. They focus on other things rather than checking the SDK.
We can even say it is mere laziness on the part of app developers.
What do these SDKs do?
Essentially, these SDKs collect user data and send it to popular advertising domains to design targeted ads. But the data transmitted using these SDKs isn’t encrypted thus making it attackers or anyone to intercept and modify as the data.
This means, user can easily be exposed to malicious ads instead of genuine and may end up downloading malicious apps, promoted via advertisement.
Undoubtedly, these SDKs save time but eventually they have flaws and user data is at risk. About, 4 million APK are found to be leaking confidential data to the Internet. Therefore, app developers need to pay attention to these SDKs.
What all data is at risk?
The type of data exposed through these SDKs is personal like age, name, gender, GPS coordinate, app usage and even political views, likes, dislike, financial details and other confidential data.
The data is exposed via unsecured Wi-Fi, ISP, home routers and other connected sources.
Besides, it is being found that these SDKS leak data like device information, storage size, battery level, IMEI, OS version, network information IP address, Phone number, email address and everything that you can think off.
All this leads to data leak, whether it is intentionally or unintentionally it doesn’t matter. What matters is data which is at risk.
It seems as if we are mere lambs that can be slaughtered anytime by an attacker due to a simple human error. When we already know that HTTP is not secure then why still 90% apps use HTTP is a big question, that is not yet answered. Just by saying app developers taking all the necessary precautions things don’t work. They need to stop using such SDKs and start writing the code.
These SDKs are not used in any specific apps to target a special section of society. We all are at risk because we use these apps and don’t know which app is transmitting our data insecurely. So, we need to be attentive and while granting permission to any app we need to think twice and see if it is required by the app to function or not.