It’s a longstanding question: can your phone really take selfies without your knowledge?
The answer is yes, but with a pretty big asterisk next to it. And that asterisk is known as spyware. Spyware can use your phone for snooping in several ways, including using your camera to take pictures and videos.
What exactly is spyware? It’s any software or app that steals information from a device and passes it to another party without the victim’s knowledge. And here’s the tricky part—you might have installed it yourself, right from an app store. In other words, you can end up with spyware without a hacker installing it on your phone via a malicious download or link.
Fortunately, you can avoid spyware rather easily.
How do phones take pictures and videos without your knowledge?
First off, it helps to know how spyware can take over your phone’s camera.
It comes down to permissions. Apps require permissions to do things like access your contacts, photo library, microphone, and camera. For example, a social media app will ask for permission to access your camera if you want to snap a pic and post it online. A messaging app might ask for access to your camera and microphone to send video and voice messages. Likewise, a navigation or rideshare app will ask for permission to access your phone’s location services. Depending on your specific settings, your app might ask for permissions each time you use it, or you might give an app blanket permissions the first time you use it.
Effectively, permissions make apps go. Yet some apps cross the line. They ask for invasive permissions that they absolutely don’t need to function. A classic example is the glut of old flashlight apps that asked for permission to access things like contact lists and cameras. With those permissions, bad actors stole all manner of personal information. In some cases, they used the phone’s camera and microphone to spy on their victims.
That old “flashlight app” ruse continues today. You’ll occasionally see reports of spyware cropping up in app stores. This spyware hides in plain sight by masquerading as legitimate apps—like document readers, chat apps, wallpaper apps, and even security software. But these apps are all bogus.
App stores have anti-spyware measure in place, yet bad apps can still slip through.
Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.
Apple’s App Store has its own rigorous submission process for submitting apps. Likewise, Apple deletes hundreds of thousands of malicious apps from its store each year.
Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers after it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Unique to Android phones, Android gives people the option to download apps from third-party app stores. These stores might or might not have a thorough app submission process in place. As a result, they can be far less secure than Google Play. Moreover, some third-party app stores are fronts for organized cybercrime gangs, built specifically to distribute malware, making third-party downloads that much riskier.
Seven steps to protect yourself from mobile spyware.
With that, you can take several steps to protect yourself from spyware and other malicious apps:
Update your phone’s operating system.
Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.
Avoid third-party app stores.
Legitimate apps stores have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google is quick to remove malicious apps from their store when discovered, making shopping there safer still.
Review apps carefully.
Check out the developers—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Go with a strong recommendation.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Keep an eye on app permissions.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that requests access to your camera or microphone, it might be a scam. Delete the app.
Lock your phone—and keep an eye on it too.
Some bad actors will install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
Protect your phone.
Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.
Understanding, and controlling, permissions on your phone.
Another factor that works in your favor when combatting spyware and invasive apps: your phone’s manufacturer. Apple and Google make it easy to see which apps have access to what.
A quick trip to your phone’s settings can show you what’s going on with your app permissions. You really are in control.
On an iOS device …
Go to Settings > Privacy & Security, then tap Safety Check.
Here you can see which apps use the permissions you granted them and make changes to those permissions as needed.
You can also run an App Privacy Report, which records data and sensor access on an app-by-app level. Go to Settings > Privacy & Security, then tap App Privacy Report. You can adjust your permissions from there as well.
On an Android device …
On your device, open the Settings app.
Tap Apps. Tap the app you want to change. If you can’t find it, tap See all apps. Then, select your app. Tap Permissions. If you’ve allowed or denied any permissions for the app, you’ll find them here. To change the permission setting, tap it, then select Allow or Don’t allow.
For location, camera, and microphone permissions, you can select:
All the time: For location only. The app can use the permission at any time, even when you’re not using the app.
Allow only while using the app: The app can use the permission only when you’re using that app.
Ask every time: Every time you open the app, it’ll ask to use the permission. It can use the permission until you’re done with the app.
Don’t allow: The app can’t use the permission, even when you’re using the app.
Spyware on your phone—you have more control over it than you think.
By sticking to legitimate app stores and keeping an eye on app permissions, you can keep the bulk of spyware off your phone. Note that we say the bulk of it. Sophisticated hackers have similarly sophisticated spyware tools that make it a spyware infection difficult to detect. However, these hackers typically target high-profile and high-value targets with such spyware—not app store shoppers.
And the final word on spyware and your phone is this: ask yourself if you really need that app. The more apps you have, the more vulnerable you’ll find yourself. A high volume of apps presents hackers with more potential targets. Similarly, more apps mean more apps to update. Even one app lacking the most recent security update can put you at risk. Keep your apps to what you really need and use, and keep those apps updated.
The post Secret Selfies: Can Phones Take Pictures and Videos of You Without Your Knowledge? appeared first on McAfee Blog.
Recent Comments