THE FUTURE FOR CYBER SECURITY

A study entitled, State of Cyber Security 2017, performed by ISACA (Information Systems Audit and Control Association), suggested that cyber security staff are becoming increasingly difficult to find in such a rapidly expanding and evolving field. The report was based on a survey of 633 cyber security specialists across North America and Europe, with 27% stating that they were unable to fill open cyber security positions in their businesses and another 14% unsure as to whether they would ever fill those positions...

Mike d Kail

Mobile App Policy Violations – How Serious Is The Problem?

Mobile App Policy Violations – How Serious is the Problem?

The recent furore around SnapChat and its supposed policy violations has once again thrust the issue of mobile data privacy and security into the spotlight.

The Federal Trade Commission (FTC) recently levelled a long list of charges against the popular photo and video sharing app. The list included accusations that videos sent through Snapchat were easily accessible by plugging a phone into a computer, that users could preserve images by taking screenshots, that the app tracked the geo-location of Android users, and that numerous security flaws allowed attackers to easy access usernames and phone numbers.

CloudTweaks - Mobile

All of these accusations directly contradict the alleged features that have made SnapChat so popular; the app has grown its user-base on the understanding that sent media was a) private and b) would be deleted within a few seconds of being viewed.

For their part, SnapChat have not formally admitted culpability and used a recent blog post to claim that they “have resolved most of those concerns over the past year by improving the wording of [their] privacy policy, app description, and in-app just-in-time notifications” – adding that they remain committed to investing in security and counter-abuse measures.

SnapChat may be forgiven for initially underestimating how popular the app would become, and although the FTC’s judgement means SnapChat now faces twenty years of scrutiny, it is at least commendable that the company has addressed the concerns head-on.

Perhaps more importantly than the individual case of SnapChat, the revelations have raised wider concerns about which other mobile apps might be in breach of their purported terms and conditions.

Creating apps is becoming an increasingly accessible hobby for the masses, with the point-and-click nature of development meaning that people who have little skill in programming are now able to design content in a way that was previously impossible. It would be naïve to suggest that all these new developers have the necessary technical proficiency to insert the requisite privacy notices to alert users to the many potential privacy pitfalls that await them.

As the SnapChat case highlights, even skilled and knowledgeable developers struggle to correctly code multiple languages to fulfil their legal obligation for a comprehensive privacy protection policy. They can easily find themselves in trouble if their app uses or shares personal data, geo-locations, audio content, or video content without it being fully highlighted to a user.

SnapChat isn’t the first company to fall foul of the FTC. In 2011 the iOS social networking app ‘Path’ was charged with engaging in deceptive business practices by claiming in its privacy policy that it only collected information such as the user’s IP address, operating system, browser type and site activity when in reality they were collecting and storing information as diverse as users’ address books, phone numbers, email addresses, Facebook usernames, Twitter usernames, and dates of birth. The incident cost the developers a mammoth $800,000 in civil penalties.

A year later Delta Airlines found themselves in the crosshairs as the California attorney general opened proceedings over their app’s “non-existent privacy policy” with Justin Brookman (Director of Consumer Privacy at the Centre for Democracy and Technology) taking to Twitter to claim that the company could face up to $2.5 billion in penalties.

So what can be done? Governments around the world have long-since introduced legislation to try and combat the problem of opaque and difficult-to-understand privacy policies, but it is clear that with almost 2,000,000 apps across Apple’s and Google’s stores, monitoring and managing all of them is impossible.

There are also numerous courses and training programs that developers can attend, but again, it is unreasonable to expect casual ‘bedroom’ developers to go to such lengths for apps that they know might only be downloaded a handful of times, if at all.

It seems that at the moment the threat of fines, loss of revenue, and public embarrassment remains the best deterrent. It was reported that SnapChat turned down multi-billion dollar offers from both Facebook and Google in late 2013, offers that are unlikely to resurface now the brand has become significantly more toxic and users are slowly abandoning it. It should serve as a lesson to all budding developers.

By Daniel Price

About Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.

View Website

Syndicated Technology News

Amazon working on ‘smart glasses’ as its first wearable device: FT

By CloudBuzz | September 20, 2017

(Reuters) – Amazon.com Inc is working on its first wearable device – a pair of ‘smart glasses’, the Financial Times reported on Wednesday. The device, designed like a regular pair of spectacles, will allow Amazon’s digital assistant Alexa to be…

Cloudflare Collaborates with Google Cloud to Fund Developer Innovation

By CloudBuzz | September 19, 2017

Collaboration Offers Developers $100,000 in Cloud Platform Credits SAN FRANCISCO, Sept. 19, 2017 (GLOBE NEWSWIRE) — Cloudflare, the leading Internet performance and security company, is collaborating with Google Cloud to help support developer innovation on the Cloudflare Apps Platform. Starting today,…

Cisco Expands Learning Portfolio with New Business Architecture Training and Certifications

By CloudBuzz | September 19, 2017

New Business Architecture Training and Certifications Expanded Portfolio Accelerates Business Transformation by Addressing Critical Talent Needs SAN JOSE, CA–(Marketwired – Sep 19, 2017) – Cisco (NASDAQ: CSCO) today announced it is expanding its learning portfolio with new business architecture training and…

2017 Ponemon Institute Study Finds SMBs are a Huge Target for Hackers

By CloudBuzz | September 19, 2017

Negligent Employees and Poor Password Policies are the Weakest Links Negligent employees are the #1 root cause behind data breaches across North America and the UK Ransomware is hitting SMBs hard with more than 50% experiencing an attack Attacks are becoming costlier…

Virtual Reality: Coming Soon to a Cubicle Near You?

By CloudBuzz | September 18, 2017

Cisco invites customers to experiment with Cisco Spark in VR SAN JOSE, CA–(Marketwired – Sep 18, 2017) – Cisco (NASDAQ: CSCO) thinks it is only a matter of time before virtual reality makes a major impact on all sorts of industries…

Hackers compromised free CCleaner software, Avast’s Piriform says

By CloudBuzz | September 18, 2017

Hackers compromised free CCleaner software SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent…