Stop your iPhone harvesting your personal data (iOS 12)
Your iPhone and apps may be spying on you. Here’s what you can do the protect yourself. This guide is for iOS 12 users. Check out our guide for the latest iOS 13.
What are app permissions and how do they work?
App permissions define the level of functionality an app is allowed on your device. For example, a third-party camera app will obviously need access to your device’s camera.
App permissions define the level of functionality an app is allowed on your device.
For relatively low-level permissions, apps will be granted access to these automatically by both operating systems.
If the app needs permission to access functionality which could be harmful to the device’s operation or could compromise the user’s privacy, the user will be alerted and asked if they wish to grant the app permission to access the requested functionality.
Turn off “background refresh” on apps.
Go to Settings, then General and then Background App Refresh. Switching off access for apps will prevent them from sending out data while you sleep at night but won’t necessarily stop them from sharing your data with third parties while you use their apps. (Manually force-closing apps won’t help stop tracking by apps that you’ve allowed background refresh access.)
Use Apple’s first-party apps.
Apple holds its own services, such as Photos and Maps, to a higher privacy standard than other apps. In most cases, it encrypts your data and tries to minimize collecting it in the first place.
iOS takes a simpler approach in how it presents information about permissions to users. It only alerts users to information that could potentially be harmful to their device.
Subsequently, you will not see information about permissions in the iOS App Store. However, when an app wants to have access to functionality that could be harmful, the user will be alerted as seen below.
As you can see above, a brief explanation is given to the user to why the app needs to have certain permission granted. In this case, the app needs access to the camera in order to scan documents with the device.
As with Android, iOS users can also access the most important permissions groups and disable apps’ access from within Settings -> Privacy.
Moreover, iOS users can also alter individual app permissions by selecting the app in Settings.
Avoid being exploited
Granting apps these various permissions gives them access to areas of your device which they would not normally have access to. In most cases, the genuinely needs to have these permissions to work. A sneaky developer could, however, use these permissions against you.
Although in most cases the app genuinely needs to have these permissions to work, a sneaky developer could use these app permissions against you.
For example, consider the following scenarios:
1. Malicious Access to Location Data
Granting a malicious app access to your location data could be harmful. Based on your location, a malicious attack could be launched.
You could be directed to a harmful website which sites your location making it appear somewhat legitimate.
2. Malicious Access to Contacts
Granting a malicious app access to your contacts could also be harmful. A dishonest party could create an app which reads your contact list. It could then create an email address which sends you an email using a known contact’s name.
Even though the email address will be different to your friend’s actual, you may see the name and immediately think that it is indeed the person you know.
Attacks like this are not unheard of and the offending parties try to coerce victims into things like sending money only for you to realize after the fact that you were duped.
3. Malicious Access to Storage
Permissions related to storage could also be problematic.
Granting this kind of access gives an app access to a certain degree to your file system allowing for the possible planting of various types of harmful files.
What steps can I take?
At this point, you are probably asking yourself what you can do to avoid being taken advantage of. Well, you will be pleased to know that there are measures that you can take to avoid being duped.
Some easy steps are all it takes from being duped by apps.
Always Inspect Permissions
Firstly, you should always inspect the requested permissions closely to see why they are needed. For example, if you come across a car racing game that needs access to your contacts then you should be wary.
If you run into a situation like this, avoid the app in question.
Download apps from trusted sources
In addition, you should obtain your apps from a trusted source; namely the Google Play Store in the case of Android and the App Store in the case of iOS. Third-party stores mostly don’t have any security checks in place (or not as stringent) for the hosted apps.
3. Install an Antivirus
Finally, having an antivirus may help eliminate any threats.
Check out our blog for more guides on privacy.