A New Year, New Privacy

(First Published January 2020)

For my first blog of the New Year. I wanted to do a small introduction as to why I felt the need to write blogs relating to privacy in the modern world and how it relates so closely to OSINT (Open Source Intelligence), Social Engineering & inadequate security measures.

In the last few years I have seen how others have used the aforementioned to commit crimes against non-suspecting innocent people often with tragic consequences. Then there are the unscrupulous companies who harvest our information so that they can make money. So I will look to pass on my knowledge and experiences to anyone who wants to protect their privacy. I am not a tech wizard and have learnt from reading articles, exploring different practices and experimenting.

The reasons for a person to protect their privacy will differ from person to person. Someone who is high profile may need to take measure far and beyond what most of us may deem necessary but you can guarantee that some of the techniques are also suitable for the vast majority of people too.

There is a lot of material available both online and offline that will help you however I have always found these to be in the whole orientated towards the US and finding similar solutions in the UK is a little bit more challenging. On the whole it doesn’t need to cost a penny but there may be occasions where you have to invest some money to regain the privacy you desire. I will explore this in future blogs. My intention is not to single out or berate companies whose products do not serve our privacy but is more to help people navigate this world.

As it is the New Year I have decided that this would be a good time to have a clean out of all those Apps that you no longer use. We do not seem to want to delete anything, in the same vain as we do like to throw our old clothes away.

There are over five billion mobile users in the world, with global internet penetration standing at 57%.

As of the first quarter of 2019, these app users could choose to download between 2.6 million Android, and 2.2 million iOS apps. And they certainly are choosing: App Annie sets the total number of app downloads in 2018 at 194 billion; up from 178 billion in 2017.

Apps come and go just like the seasons. What is a popular one year may not be so the next. We download apps on the recommendation of others and never truly buy into its use but it stays there on our phone. I have friend with nearly four screens of Apps most that he freely admits that he does not use and has no idea what the log on details are.

One thing I will say is please unless you know what you are doing only download Apps from reputable sources such as Apples App Store or Googles Play Store.

An App when it is downloaded will ask for certain permissions giving it access to parts of your phone such as, microphone, camera, location data and so on. Most of the Apps do not even need to have those permissions to work. So why is it they ask during the setup and why do we agree? I have denied Apps permission requests that I thought that it did not require and they have worked fine.

Easy one, why does your calculator need access to your location? Some Apps will need access to your location, such as a weather app but then you need to consider do you need to have your location switched on all the time or can you use it when you need to. You can set your permissions so that apps only have them when the App is in use instead of carte blanche.

Ask yourself the question, “Have I ever looked at what data the Apps on my mobile are harvesting?”

It’s beyond the scope of this blog to detail specific cases but there are many great articles detailing how Apps capture your data and how that data is abused or monetised. if you prefer watch the Netflix documentary ‘The Great Hack.’

So this new year when your on the train or bus home do some App house keeping and delete the Apps you do not need or no longer use. I bet you won’t find it as easy as you first thing and you may have to be brutal in your decision making. If you delete an App you no longer use ensure you also delete the account on it too.

Now that was part one completed.

Once you have purged your phone the next step is to then check what permissions the remaining Apps have. You will generally find these permissions in the privacy section of your settings. If you are unable to find it you can type, “Permissions” in the search bar at the top of the settings page, this will generally provide you the options available. Now clearly how these are displayed will differ from device to device.

Once you have located the permission you will then be able to see which Apps have been granted which permissions. From there you need to work your way through them. It will be a case of determining what the Apps is for and what permissions it has been granted.

Taking the weather App, location permission seems appropriate, microphone and contacts maybe not so. The calculator does it need to know my location, I think not. You will find that in the majority of cases a common sense approach will serve you well.

Now you will find some apps especially those that are important to how the device works a little bit more problematic. I have found that I was presented with a warning that the App may malfunction if I altered the permission settings. I would say in my experience it has been a 50 / 50 split whether the App malfunctions or not but if you it does you can reinstate the permission. It’s not for the faint hearted and if in doubt leave it as it is.

Last but not least keep a check on those pesky permissions because sometimes when an App is updated they have been known to reinstate the previous permissions.

One last quick snippet consider buying a privacy screen for your device, whether it is a mobile, tablet or laptop. Have you ever been sat next to someone or behind someone on the bus or train and seen their screen clear as day whether intentionally or not. Most people I know do buy screen protectors and the extra cost of a privacy screen protector is negligible.

Posted in Hostile Profiling, OPSEC, Privacy and tagged , , , , , .