Personal Privacy Awareness - mobile app
VCU’s Information Security Office encourages you to be aware of privacy risks related to mobile apps. Privacy awareness aligns with our goals to protect University resources as well as each of our employees’ and students’ personal information.
With the increase of online services, it is important to be aware of the risks that come with the opportunities. The risks include,
- Inadvertently sharing personal information beyond what is intended
- Sharing bits and pieces of information that can create an online “profile” of your internet activity and your personal life
- Sharing with a broader audience than planned
For example, taking an online social media quiz can provide information you may have used as security questions that protect your financial accounts. Selecting to use a browser in “private mode” only keeps the history from being maintained on your device but does nothing to reduce the online trail of data you leave regarding your interests, purchases, online activities, and possibly even personal behaviors. Posting pictures while on vacation may inform many more than desired that you are away from home.
When you install a social media application or other applications, you may be giving permission for the company to collect more than you realize. This can include,
- Personally identifiable information
- Keystroke patterns
- Accelerometer/gyroscope information from your mobile device
- Your camera and microphone on your device
- Location information based on SIM card and/or IP address
- Application activity
- Browser and search history
- Biometric information (face and voice print)
Some companies include provisions to “fingerprint” your internet activity, using keystroke pattern recognition, they can piece together your activity from different devices and produce a User ID that is used to produce a profile. Some applications can install services, like a proxy server, that makes it susceptible to misuse (ie., other applications can interact with a proxy server without authorization, if not coded properly). Some applications can essentially become “spyware” while providing social media features. With the increasing reliance on data science, most of these companies have machine-learning algorithms that can build your unique digital profile based on your actions and behaviors.
Some countries require that businesses share any data collected from their applications with government employees or agencies. There have been reports of governments accessing private information and tracking the personal location of American citizens.
Do you know how to protect your privacy?
For individuals, those actions should include:
- Understand the tradeoff between privacy and convenience: When you download a new app, open a new online account, or join a new social media platform, you will often be asked for access to your personal information. Consider whether the service is worth the data you must hand over, even if the services are free.
- Research the application and the company providing the application. Determine whether you are comfortable with the information the application collects and the reputation of the company providing the service.
- Research the country in which the application provider resides and ensure that you are comfortable with the laws of that country relative to data sharing.
- Adjust privacy settings to your comfort level: For every app, account, or device, check the privacy and security settings, and set them to your comfort level. Generally, it’s wiser to share less data, not more.
- Protect your data by using a long and unique password for each account and device; enable multi-factor authentication (MFA); and enable automatic device and software updates.
For more information, visit the VCU Information Security Office website at https://go.vcu.edu/infosec. Thank you for your continued support and diligence in protecting your and VCU’s private information!