SlideShare ist ein Scribd-Unternehmen logo

Smartphone apps

Als PPTX, PDF herunterladen
Malcolm Sheppard
Malcolm Sheppard
1 von 42
TEKDESK A Division of COIN: The Community Protecting Your Privacy Opportunity & Innovation Network www.tekdesk.org www.coin-ced.org Made possible by a grant from the Office of the Privacy Commissioner of Canada http://www.priv.gc.ca
 A smartphone is a cell phones that can connect to the internet and run a number of programs called apps chosen by the user.  Smartphones have reached about half of the Canadian market. Their market share is only expected to increase.  Smartphones store a lot of personal information: your address book, email, Facebook and more. Lots of apps need or want personal information. This can threaten your privacy.
 Smartphones have operating systems just like computers. In Canada, the most common are:  iOS, used for Apple’s iPhones and iPads.  Android, used for smartphones and tablets from many different companies.  BlackBerry OS, used for RIM’s BlackBerry phones.  Windows Phone, used for certain smartphones from various companies, particularly Nokia.  Software developers create programs – apps – for each operating system. Manufacturers list them at online stores you can download them from. Some are free, some cost money. Apps include games, Facebook, Twitter, special messaging programs and even lightweight versions of office software.
 Physical: If someone gets a hold of your phone, they might be able to access your personal information.  The User: You might mistakenly share your information over the internet using your phone.  Software: The app may be designed to share your personal information in some way you don’t want.  In additionto these, you may face High Security Situations where you should turn off your phone and if possible, remove its battery.
 Cyberbullying: If you are in danger of being bullied, your private information can be used to say hurtful things to you or an online audience.  Cyberstalking: Your personal information could be used to track your movements and actions to harass you.  Identity Theft: This is a form of fraud where someone pretends to be you for financial gain, such as using your credit card or getting loans in your name.  Human Rights Violations: Your private information may be used to commit a human rights violation.  Stress: Privacy loss is a stressful event, no matter what happens. Do not underestimate the effects of stress.
 The formula: Technology knowledge + common sense = security!  You probably already have the common sense – it’s just the technology you’ll need help with.  Let’s talkabout the ways we can protect against privacy threats that might come up through these three avenues.  We’ll alsotalk about some general best practices to protect your privacy.
 To use a smartphone responsibly, you need to strike a balance between your privacy needs and ease of use.  The best way to keep an app or other feature from damaging your privacy is to not use it, deactivate it, or remove it.  If you use your phone for work, ask if the workplace has any policies you should be aware of.  Assess your privacy needs:  Do you plan on using your smartphone for work or financial transactions?  Do you regular look at sensitive information?  Are you responsible for dependents? You need to safeguard their privacy as well as your own.  Are you likely to face privacy-related threats such as harassment, stalking and identity theft?  In this course we will highlight essential privacy safeguards with red text. Do more if you need to.
 Physical security protects against the dangers of someone getting a hold of your phone.  This couldbe someone stealing your phone or sneaking a peak while you’re asleep, distracted or elsewhere.
 Jane leaves her purse at her table while she gets a refill for her coffee. A man on the way out grabs the phone right out of her purse. He uses her Facebook and email to trick Jane’s friends out of money by pretending to be her.  Tony does not feel safe with his partner, but they still share the same apartment. He has been planning to leave. After his partner turns on Tony’s phone, he reads email Tony sent to friends about the situation.
There are three appropriate places for your phone: 1. In a pocket of something you are wearing right now. 2. Within arm’s reach. 3. At a set location in your home or another secure area.
 Your phone has a lock screen: a screen that comes up before you use the phone for anything.  Your lock screen should always be password protected to prevent peeking.  There are multiple types of “passwords” to choose from depending on the phone, like standard passwords, swipe passwords and face recognition. No matter what you pick, you will always be asked to have a standard password as well.  Some phones offer a default 4 character password. Look for an option that lets you use a longer, secure password.
 Your phone should never be sold, traded, or disposed of without wiping all of your information first.  This is true even if you’re throwing the phone out, returning it you the carrier, or giving it to a family member or close friend.  Remove the phone’s memory (SD) card. Do not just delete its contents, as these can be recovered. Check with your carrier about deactivating the phone’s SIM card.  Every smartphone can be “factory reset:” returned to the condition it was in when originally purchased, with no personal information beyond a phone number. Do this (or have someone do it) to every phone you plan on getting rid of.  Removing the phone’s SD card does not take the place of resetting the phone. You must remove the card and reset the phone.
 Report a lost or stolen phone immediately! Your carrier may be able to remotely deactivate it.  If yourphone is a popular brand (such as an iPhone) pick a case that changes its shape, and use headphones or ear buds of a different brand than your phone.  If you feel confident doing so, take a look at software that may help you track a stolen phone, such as Prey: www.preyproject.com.
 Knowledge is your best defence against privacy threats. Do you know what your phone does? Do you know the information your apps send? Does your carrier offer any services that could threaten your privacy?  Even tech-savvy people run into problems.
 Carrier Services: Does your carrier offer services that can be used to spy on you?  Apps: Are you accidentally using app features that share private information?  What You’re Saying: Are you texting or posting anything on social networks that could be dangerous to your privacy?
 Bob posts publicly on Facebook that he just got home. He doesn’t know that his post includes his physical location, which he accidentally allowed it to add.  Mary goes to a shelter. Her abusive partner finds her location via the Rogers Phone Finder service they were registered under. This pins her phone’s location on a map. He tracks her down.  John mentions on Twitter that he’s going on vacation for a week. When he returns, he finds his apartment has been robbed. The thieves knew he was away.
 Bell, Telus and Rogers all provide services that allow people to track the locations of their own phones, and sometimes others.  Bell Seek and Find  Rogers Phone Finder  Telus Asset Tracker (Business)  For the best security, make sure your phone cannot be tracked by these services. Contact your carrier and look up these services online.  Other carrier services include the ability to look at texts and perform other functions on a distant phone from your computer. If you use these services, never share your password. For best protection, don’t use them!
 Learn about the apps you use. Some of them have features that let you share private information – you might do this accidentally.  Facebook is the app/service people accidentally share information with the most. For example, it allows you to add your location to almost everything you post, and nags you to do it. It also allows you to enter your phone number, which can be harvested by your friends’ address books.  Look out for location/GPS features as well. They may add location listings to your posts, or add location based metadata (information that appears with a file) to pictures.  People are especially prone to accidentally sharing private information with social media and messaging apps.
 Even ifyou master your apps’ risky features, there’s always the danger of sharing information through your own words and pictures that could damage your privacy.  Be especially careful about posting your location, family information and anything that could reveal financial information, such as the bank or credit card you use. Most people would never post their credit card or bank account numbers, but you should also think twice about posting the bank or credit card brand you use.
 Apps on your smartphone require permission to use certain files and capabilities on your phone, such as your address book (or contacts) or your camera.  Some apps ask for permissions that could threaten your privacy.
 Carol downloads a messaging app. It automatically emails all of her address book contacts to let them know she’s using it, but her contacts include a former harasser who she had an email conversation with two years ago.  Farooq uses a blogging app to write anonymous articles on politics. Advertisers use this information to tailor ads on websites. When he surfs the web to do research at work, his supervisors notice that the ads he encounters reflect his politics.
 By default, apps can only run in their own little section of the phone’s system, called their sandbox.  An app that can only use the sandbox would be pretty useless. A web browser app needs to use the internet, and an app that lets you add filters to your pictures may need your phone’s camera, photo gallery, or both. Letting an app do this gives it permissions, so that’s what these features are called.  If an app needs permissions, you normally have to give them to use the app properly, or you are assumed to give them if you download it.  Some apps ask for permissions they don’t really need to function so they can promote themselves, send data to advertisers or track user behaviour to improve themselves.  A few apps are malware – they steal information or change how your phone works for malicious or criminal purposes.
 They share information you don’t want to share.  They perform an action that compromises your privacy.  Some of them enable true malware designed for criminal activities, but most of these problems come from incompetent or greedy app development.
 In 2012 The Office of the Privacy Commissioner of Canada funded a Tekdesk project to research the privacy effects of smartphone apps.  Our initial research of the literature indicated the following:  Many users don’t understand smartphone permissions, and don’t pay much attention to them.  Free apps were much more likely to possess questionable permissions than paid apps.  In many cases, the problem isn’t malware, but app developers getting sloppy. To make it easy on themselves, they ask for wide ranging permissions.  App developers have also taken security shortcuts. For example, some apps uploaded contacts without encrypting them. This might allow a hacker to intercept that information.  In some cases, the permissions you see don’t match what an app actually does. For example, in one court case, the plaintiff alleges that her Windows Phone device continued to transmit location- based information after she specifically disallowed that permission.
 Phase 2 of our research looked at the permissions requested by the top 50 free and paid apps for the four major smartphone platforms, according to their app stores.  We discovered the following:  Android and Windows Phone apps from their official stores tell you permissions before you download. iOS and BlackBerry apps don’t. iOS only provided standardized permissions for push notifications and location-based services.  As of December 2012 the BlackBerry OS lets you change virtually any permission. For others, you are mostly restricted to changing location- based services.  Developers tend to ask for standardized sets of permissions, no matter the app. For example, every single BlackBerry OS smartphone app allows access to email, organizer data (calendars contacts), files, and security data by default. This may allow problem apps to conceal themselves as “wolves in sheep’s clothing.”  Virtually every app requests local network and internet access, even when the app doesn’t have any obvious use for it.
Each mobile operating system has a different method of listing permissions, and different permissions categories.  Android: Read permissions in the Google Play app store or website before you download.  iOS: You need to download the app first. The app will ask for some permissions. Others require you to take a close look at what the app does. Go to Settings to see some apps’ permissions, such as permission to use push notifications.  BlackBerry: You need to download the app first. Look at the app under Options>Device>Application Management in BlackBerry phones made before 2013.  Windows Phone: The Windows Phone Apps+Games Store lists permissions for apps. Read them! In addition, after you download the app may ask permission for some functions, such as location-based services (GPS, Wi-Fi triangulation).
 Every operating system describes privileges in a slightly different fashion, but they’re all talking about basically the same things. Some permissions are no big deal, but a few require your close attention because if they’re misused by the app, they can compromise your privacy.  When you see a suspicious permission, ask yourself if the app really needs that to function. Remember that some apps are ad-supported, and have extra permissions for that reason.
 Address book/contacts and calendar: Legitimately used for messaging, calendar and some social media. Otherwise, do not allow.  Geolocation/location-based services: Legitimately used for navigation, mapping and some social media (Facebook, Foursquare). Some apps (such as weather) also give custom content based on location, but should not need to know your fine, GPS-based location – just your general area.  Camera: Only apps that use your camera or affect photos need this permission. Otherwise, it can be used to take photos without your permission.  Phone calls and texting (SMS/MMS): Legitimately used for some messaging apps. Otherwise, it can be used to run up charges on “premium” phone calls and texts.
In order of importance: 1. Research before you install. Google it! 2. Look up permissions as soon as you can. 3. Ask yourself: “Does this app need this permission?” 4. Read the app developer’s privacy policy. There should be one for every app that has access to your personal information. 5. Disable any permissions you don’t need, if you can. 6. Uninstall apps you no longer use. 7. Back up, wipe and restore your phone periodically.
 The most common way to get apps is to download them from official app stores for each operating system/device.  There are alternative app stores out there. For some phones (especially iPhones), you need to void your warranty by adding the ability to use them. For iPhones, this is called jailbreaking.  Official app stores use some safeguards against malware and security risks, but apps often get past them. Alternative app stores do not have these guarantees.  It’s also possible to install apps from your PC or through an SD storage card. This is called sideloading. Sideloaded apps may or may not be safe, depending on the app, but there are no guarantees.  Alternative app stores and sideloading are not recommended for most users.  Just because an app comes from an official app store doesn’t mean it’s automatically safe.
 Some jobs and other circumstances create high security situations where you should take every precaution against privacy breaches and surveillance.  Examples of high security situations include:  Work that brings you into contact with people in crisis.  Visiting a shelter for individuals coping with violence.  Any time you believe there would be a serious threat to your privacy, and you are not sure how to protect it.
 Zenia is staying at a shelter to escape a violent ex-partner. Her partner secretly installed tracking software on her phone. He activates it. The software doesn’t leave any sign that it’s active. He uses the phone’s location to track her down. Zenia turned off the phone’s GPS, but the software used Wi-Fi triangulation as well, and it’s good enough to find her rough location.  Jeff works at a youth shelter. A shelter resident steals Jeff’s phone, and not only uses the phone to arrange a drug deal (which may get Jeff in trouble) but gets enough of Jeff’s personal information to harass him later.
 Your phone must be completed powered down to be truly turned off.  It is not off when the screen is dark and you’re not using it. It’s on standby. This is true even if you have set your phone to be silent or block calls and texts.  Some apps and hacking techniques can be used to use your camera and microphone, or read information from your phone (including location) while your phone is on standby.  Some phones cannot be completely powered down even when turned “off” according to the device’s settings. You must remove the battery.
 Ask about cell phone policies for that site or job. If they recommend additional steps, use them. If they don’t, take the other steps anyway.  Power down your phone. Hold down the power button and select the option that shuts down your phone.  For extra protection, remove the battery if you can. If you can’t, consider leaving your phone in a secure location, away from the high security situation.
 If you will regularly enter high security situations, consider getting a dedicated phone to use when they arise.  Some jobs offer these phones to workers.  For the best security, this phone should not be a smartphone. If it is, it should contain virtually no non-work information—don’t use it for Facebook, for example.  The most secure option is a prepaid/pay as you go phone that is not registered under your name.  Use this phone for communication in high security situations, such as talking to clients or calling in and out of facilities.  Do not enter any private information in to this phone, and limit communication with private life connections to emergencies only.  In situations like this, it is perfectly reasonable to carry two phones.
 Threats to your privacy come from losing physical security (someone gets their hands on your phone), user actions (you do something to release private information) and software (the app does something to release private information). Some high security situations require additional precautions.  Don’t let your smartphone out of your sight!  Learn about your carrier, smartphone, and apps.  Just because your friends and family aren’t concerned doesn’t mean you shouldn’t be. Everyone is different.  Technology knowledge + common sense = security! Keep learning and thinking.
To protect your smartphone’s physical security: 1. Keep your phone by your side or in a secure location at all times. 2. Use a password-protected lock screen. 3. Wipe your phone with a factory reset and wipe/remove the SD card before you get rid of it. To prevent yourself from accidentally sharing information: 1. Study the apps you use for features that share too much, such as GPS location. 2. Don’t post sensitive information, especially about your location or finances. 3. Make sure you cannot be tracked through carrier services. To prevent apps from breaching your privacy: 1. Research apps online before you download them. 2. Look up their permissions to see if they want to do something they don’t need to do. In a high security scenario: 1. Completely shut down your phone. For extra protection, remove its battery. 2. Use the strongest combination of site security policies and what you learn here. 3. If you can’t remove the battery, consider leaving the phone in a secure place away from the high security location. 4. Keep an alternate phone, such as a prepaid phone that is not activated under your name.
For more information, contact Tekdesk:  www.tekdesk.org  info@tekdesk.org  www.twitter.com/tekdesk  Look for us on Facebook – search for Tekdesk Peterborough

Empfohlen

Does your black berry smartphone have ears
Does your black berry smartphone have earsDoes your black berry smartphone have ears
Does your black berry smartphone have earsYury Chemerkin
 
Protect smartphone from hackers
Protect smartphone from hackersProtect smartphone from hackers
Protect smartphone from hackersAndrew
 
Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone SecurityGuneet Pahwa
 
My presentation
My presentationMy presentation
My presentationDevashri Balinge
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDurban Chamber of Commerce and Industry
 
Cybercrime
CybercrimeCybercrime
CybercrimeKeller Williams Lynchburg
 
Online safety 101
Online safety 101Online safety 101
Online safety 101Greg Bold
 
Frontiers of Computational Journalism week 11 - Privacy and Security
Frontiers of Computational Journalism week 11 - Privacy and SecurityFrontiers of Computational Journalism week 11 - Privacy and Security
Frontiers of Computational Journalism week 11 - Privacy and SecurityJonathan Stray
 

Empfohlen

Does your black berry smartphone have ears
Does your black berry smartphone have earsDoes your black berry smartphone have ears
Does your black berry smartphone have earsYury Chemerkin
 
Protect smartphone from hackers
Protect smartphone from hackersProtect smartphone from hackers
Protect smartphone from hackersAndrew
 
Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone SecurityGuneet Pahwa
 
My presentation
My presentationMy presentation
My presentationDevashri Balinge
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDurban Chamber of Commerce and Industry
 
Cybercrime
CybercrimeCybercrime
CybercrimeKeller Williams Lynchburg
 
Online safety 101
Online safety 101Online safety 101
Online safety 101Greg Bold
 
Frontiers of Computational Journalism week 11 - Privacy and Security
Frontiers of Computational Journalism week 11 - Privacy and SecurityFrontiers of Computational Journalism week 11 - Privacy and Security
Frontiers of Computational Journalism week 11 - Privacy and SecurityJonathan Stray
 
Digital safety[1]
Digital safety[1]Digital safety[1]
Digital safety[1]sheenau
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World CupLookout
 
Cyber crime
Cyber crime Cyber crime
Cyber crime srishtig993
 
Facebook
FacebookFacebook
FacebookPuni Hariaratnam
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-wowwFloroRaphaell
 
Security Primer
Security PrimerSecurity Primer
Security PrimerAlison Gianotto
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
Smartphone
SmartphoneSmartphone
SmartphoneNaval OPSEC
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersNetLockSmith
 
Users guide
Users guideUsers guide
Users guideDarren Thomas
 
Securitytips
SecuritytipsSecuritytips
SecuritytipsSantosh Khadsare
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2Joemer Mabagos
 
Holiday scams
Holiday scamsHoliday scams
Holiday scamsWilliam Mann
 
Online safety, security, and ethics
Online safety, security, and ethicsOnline safety, security, and ethics
Online safety, security, and ethicsJohnlery Guzman
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaJacqueline Fick
 
Internet safety
Internet safetyInternet safety
Internet safetyDan Tomlinson
 
Keep Your SME Safe Online
Keep Your SME Safe OnlineKeep Your SME Safe Online
Keep Your SME Safe Onlinealbryce
 
Sift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 TimedSift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 TimedJP Consultancy
 
PCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image DescriptorsPCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image Descriptorswolf
 
Face Recognition
Face Recognition Face Recognition
Face Recognition nialler27
 

Weitere ähnliche Inhalte

Was ist angesagt?

Digital safety[1]
Digital safety[1]Digital safety[1]
Digital safety[1]sheenau
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World CupLookout
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-wowwFloroRaphaell
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersNetLockSmith
 
Online safety, security, and ethics
Online safety, security, and ethicsOnline safety, security, and ethics
Online safety, security, and ethicsJohnlery Guzman
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaJacqueline Fick
 
Keep Your SME Safe Online
Keep Your SME Safe OnlineKeep Your SME Safe Online
Keep Your SME Safe Onlinealbryce
 

Was ist angesagt? (19)

Digital safety[1]
Digital safety[1]Digital safety[1]
Digital safety[1]
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World Cup
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Facebook
FacebookFacebook
Facebook
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-woww
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
 
Smartphone
SmartphoneSmartphone
Smartphone
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness Posters
 
Users guide
Users guideUsers guide
Users guide
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
 
Online safety, security, and ethics
Online safety, security, and ethicsOnline safety, security, and ethics
Online safety, security, and ethics
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Keep Your SME Safe Online
Keep Your SME Safe OnlineKeep Your SME Safe Online
Keep Your SME Safe Online
 

Andere mochten auch

Sift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 TimedSift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 TimedJP Consultancy
 
PCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image DescriptorsPCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image Descriptorswolf
 
Face Recognition
Face Recognition Face Recognition
Face Recognition nialler27
 
Scale Invariant Feature Transform
Scale Invariant Feature TransformScale Invariant Feature Transform
Scale Invariant Feature Transformkislayabhi
 
Michal Erel's SIFT presentation
Michal Erel's SIFT presentationMichal Erel's SIFT presentation
Michal Erel's SIFT presentationwolf
 
FACE RECOGNITION TECHNOLOGY
FACE RECOGNITION TECHNOLOGYFACE RECOGNITION TECHNOLOGY
FACE RECOGNITION TECHNOLOGYJASHU JASWANTH
 
Face recognition technology - BEST PPT
Face recognition technology - BEST PPTFace recognition technology - BEST PPT
Face recognition technology - BEST PPTSiddharth Modi
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptSantosh Kumar
 

Andere mochten auch (9)

Sift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 TimedSift Happens John Pearce June 27 Timed
Sift Happens John Pearce June 27 Timed
 
PCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image DescriptorsPCA-SIFT: A More Distinctive Representation for Local Image Descriptors
PCA-SIFT: A More Distinctive Representation for Local Image Descriptors
 
Face Recognition
Face Recognition Face Recognition
Face Recognition
 
Scale Invariant Feature Transform
Scale Invariant Feature TransformScale Invariant Feature Transform
Scale Invariant Feature Transform
 
Michal Erel's SIFT presentation
Michal Erel's SIFT presentationMichal Erel's SIFT presentation
Michal Erel's SIFT presentation
 
FACE RECOGNITION TECHNOLOGY
FACE RECOGNITION TECHNOLOGYFACE RECOGNITION TECHNOLOGY
FACE RECOGNITION TECHNOLOGY
 
Face recognition technology - BEST PPT
Face recognition technology - BEST PPTFace recognition technology - BEST PPT
Face recognition technology - BEST PPT
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition ppt
 
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation TechniquesPPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
 

Ähnlich wie Smartphone apps

Smartphone 7 aug14
Smartphone 7 aug14Smartphone 7 aug14
Smartphone 7 aug14Naval OPSEC
 
Steps to Follow in Case of Phone Theft or Loss
Steps to Follow in Case of Phone Theft or LossSteps to Follow in Case of Phone Theft or Loss
Steps to Follow in Case of Phone Theft or LossWireless Solutions NY
 
Imei tracker software
Imei tracker softwareImei tracker software
Imei tracker softwareGerryspeck
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone SecurityMalasta Hill
 
Advocacy, Technology, and Safety Online Course
Advocacy, Technology, and Safety Online CourseAdvocacy, Technology, and Safety Online Course
Advocacy, Technology, and Safety Online CourseAdam Varn
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Rwanda - Smartphone Afavantages and Disadvantages.pptx
Rwanda - Smartphone Afavantages and Disadvantages.pptxRwanda - Smartphone Afavantages and Disadvantages.pptx
Rwanda - Smartphone Afavantages and Disadvantages.pptxBinyamMeles
 
8 steps to smartphone security for android
8 steps to smartphone security for android8 steps to smartphone security for android
8 steps to smartphone security for androidiYogi
 
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureSmartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureHeimdal Security
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things The Center for Identity
 
Mobile security first round (1st rank)
Mobile security first round (1st rank)Mobile security first round (1st rank)
Mobile security first round (1st rank)Hîmãlåy Làdhä
 
FNC Personal Protect Workshop
FNC Personal Protect WorkshopFNC Personal Protect Workshop
FNC Personal Protect Workshopforensicsnation
 
Cyber crime awareness
Cyber crime awarenessCyber crime awareness
Cyber crime awarenessArjun Chetry
 

Ähnlich wie Smartphone apps (20)

Smartphone 7 aug14
Smartphone 7 aug14Smartphone 7 aug14
Smartphone 7 aug14
 
Steps to Follow in Case of Phone Theft or Loss
Steps to Follow in Case of Phone Theft or LossSteps to Follow in Case of Phone Theft or Loss
Steps to Follow in Case of Phone Theft or Loss
 
Cell phone hacking
Cell phone hackingCell phone hacking
Cell phone hacking
 
Imei tracker software
Imei tracker softwareImei tracker software
Imei tracker software
 
Smartphone Smart Card 061013
Smartphone Smart Card 061013Smartphone Smart Card 061013
Smartphone Smart Card 061013
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone Security
 
Advocacy, Technology, and Safety Online Course
Advocacy, Technology, and Safety Online CourseAdvocacy, Technology, and Safety Online Course
Advocacy, Technology, and Safety Online Course
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Rwanda - Smartphone Afavantages and Disadvantages.pptx
Rwanda - Smartphone Afavantages and Disadvantages.pptxRwanda - Smartphone Afavantages and Disadvantages.pptx
Rwanda - Smartphone Afavantages and Disadvantages.pptx
 
8 steps to smartphone security for android
8 steps to smartphone security for android8 steps to smartphone security for android
8 steps to smartphone security for android
 
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureSmartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things
 
Presentation for class
Presentation for classPresentation for class
Presentation for class
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Mobile security first round (1st rank)
Mobile security first round (1st rank)Mobile security first round (1st rank)
Mobile security first round (1st rank)
 
App Spy
App SpyApp Spy
App Spy
 
Case study 6
Case study 6Case study 6
Case study 6
 
FNC Personal Protect Workshop
FNC Personal Protect WorkshopFNC Personal Protect Workshop
FNC Personal Protect Workshop
 
Cyber crime awareness
Cyber crime awarenessCyber crime awareness
Cyber crime awareness
 

Smartphone apps

  • 1. TEKDESK A Division of COIN: The Community Protecting Your Privacy Opportunity & Innovation Network www.tekdesk.org www.coin-ced.org Made possible by a grant from the Office of the Privacy Commissioner of Canada http://www.priv.gc.ca
  • 2. A smartphone is a cell phones that can connect to the internet and run a number of programs called apps chosen by the user.  Smartphones have reached about half of the Canadian market. Their market share is only expected to increase.  Smartphones store a lot of personal information: your address book, email, Facebook and more. Lots of apps need or want personal information. This can threaten your privacy.
  • 3. Smartphones have operating systems just like computers. In Canada, the most common are:  iOS, used for Apple’s iPhones and iPads.  Android, used for smartphones and tablets from many different companies.  BlackBerry OS, used for RIM’s BlackBerry phones.  Windows Phone, used for certain smartphones from various companies, particularly Nokia.  Software developers create programs – apps – for each operating system. Manufacturers list them at online stores you can download them from. Some are free, some cost money. Apps include games, Facebook, Twitter, special messaging programs and even lightweight versions of office software.
  • 4.  Physical: If someone gets a hold of your phone, they might be able to access your personal information.  The User: You might mistakenly share your information over the internet using your phone.  Software: The app may be designed to share your personal information in some way you don’t want.  In additionto these, you may face High Security Situations where you should turn off your phone and if possible, remove its battery.
  • 5.  Cyberbullying: If you are in danger of being bullied, your private information can be used to say hurtful things to you or an online audience.  Cyberstalking: Your personal information could be used to track your movements and actions to harass you.  Identity Theft: This is a form of fraud where someone pretends to be you for financial gain, such as using your credit card or getting loans in your name.  Human Rights Violations: Your private information may be used to commit a human rights violation.  Stress: Privacy loss is a stressful event, no matter what happens. Do not underestimate the effects of stress.
  • 6.  The formula: Technology knowledge + common sense = security!  You probably already have the common sense – it’s just the technology you’ll need help with.  Let’s talkabout the ways we can protect against privacy threats that might come up through these three avenues.  We’ll alsotalk about some general best practices to protect your privacy.
  • 7. To use a smartphone responsibly, you need to strike a balance between your privacy needs and ease of use.  The best way to keep an app or other feature from damaging your privacy is to not use it, deactivate it, or remove it.  If you use your phone for work, ask if the workplace has any policies you should be aware of.  Assess your privacy needs:  Do you plan on using your smartphone for work or financial transactions?  Do you regular look at sensitive information?  Are you responsible for dependents? You need to safeguard their privacy as well as your own.  Are you likely to face privacy-related threats such as harassment, stalking and identity theft?  In this course we will highlight essential privacy safeguards with red text. Do more if you need to.
  • 8.  Physical security protects against the dangers of someone getting a hold of your phone.  This couldbe someone stealing your phone or sneaking a peak while you’re asleep, distracted or elsewhere.
  • 9.
  • 10.  Jane leaves her purse at her table while she gets a refill for her coffee. A man on the way out grabs the phone right out of her purse. He uses her Facebook and email to trick Jane’s friends out of money by pretending to be her.  Tony does not feel safe with his partner, but they still share the same apartment. He has been planning to leave. After his partner turns on Tony’s phone, he reads email Tony sent to friends about the situation.
  • 11. There are three appropriate places for your phone: 1. In a pocket of something you are wearing right now. 2. Within arm’s reach. 3. At a set location in your home or another secure area.
  • 12. Your phone has a lock screen: a screen that comes up before you use the phone for anything.  Your lock screen should always be password protected to prevent peeking.  There are multiple types of “passwords” to choose from depending on the phone, like standard passwords, swipe passwords and face recognition. No matter what you pick, you will always be asked to have a standard password as well.  Some phones offer a default 4 character password. Look for an option that lets you use a longer, secure password.
  • 13. Your phone should never be sold, traded, or disposed of without wiping all of your information first.  This is true even if you’re throwing the phone out, returning it you the carrier, or giving it to a family member or close friend.  Remove the phone’s memory (SD) card. Do not just delete its contents, as these can be recovered. Check with your carrier about deactivating the phone’s SIM card.  Every smartphone can be “factory reset:” returned to the condition it was in when originally purchased, with no personal information beyond a phone number. Do this (or have someone do it) to every phone you plan on getting rid of.  Removing the phone’s SD card does not take the place of resetting the phone. You must remove the card and reset the phone.
  • 14.  Report a lost or stolen phone immediately! Your carrier may be able to remotely deactivate it.  If yourphone is a popular brand (such as an iPhone) pick a case that changes its shape, and use headphones or ear buds of a different brand than your phone.  If you feel confident doing so, take a look at software that may help you track a stolen phone, such as Prey: www.preyproject.com.
  • 15.  Knowledge is your best defence against privacy threats. Do you know what your phone does? Do you know the information your apps send? Does your carrier offer any services that could threaten your privacy?  Even tech-savvy people run into problems.
  • 16.
  • 17.  Carrier Services: Does your carrier offer services that can be used to spy on you?  Apps: Are you accidentally using app features that share private information?  What You’re Saying: Are you texting or posting anything on social networks that could be dangerous to your privacy?
  • 18.  Bob posts publicly on Facebook that he just got home. He doesn’t know that his post includes his physical location, which he accidentally allowed it to add.  Mary goes to a shelter. Her abusive partner finds her location via the Rogers Phone Finder service they were registered under. This pins her phone’s location on a map. He tracks her down.  John mentions on Twitter that he’s going on vacation for a week. When he returns, he finds his apartment has been robbed. The thieves knew he was away.
  • 19. Bell, Telus and Rogers all provide services that allow people to track the locations of their own phones, and sometimes others.  Bell Seek and Find  Rogers Phone Finder  Telus Asset Tracker (Business)  For the best security, make sure your phone cannot be tracked by these services. Contact your carrier and look up these services online.  Other carrier services include the ability to look at texts and perform other functions on a distant phone from your computer. If you use these services, never share your password. For best protection, don’t use them!
  • 20. Learn about the apps you use. Some of them have features that let you share private information – you might do this accidentally.  Facebook is the app/service people accidentally share information with the most. For example, it allows you to add your location to almost everything you post, and nags you to do it. It also allows you to enter your phone number, which can be harvested by your friends’ address books.  Look out for location/GPS features as well. They may add location listings to your posts, or add location based metadata (information that appears with a file) to pictures.  People are especially prone to accidentally sharing private information with social media and messaging apps.
  • 21.  Even ifyou master your apps’ risky features, there’s always the danger of sharing information through your own words and pictures that could damage your privacy.  Be especially careful about posting your location, family information and anything that could reveal financial information, such as the bank or credit card you use. Most people would never post their credit card or bank account numbers, but you should also think twice about posting the bank or credit card brand you use.
  • 22.  Apps on your smartphone require permission to use certain files and capabilities on your phone, such as your address book (or contacts) or your camera.  Some apps ask for permissions that could threaten your privacy.
  • 23.
  • 24.  Carol downloads a messaging app. It automatically emails all of her address book contacts to let them know she’s using it, but her contacts include a former harasser who she had an email conversation with two years ago.  Farooq uses a blogging app to write anonymous articles on politics. Advertisers use this information to tailor ads on websites. When he surfs the web to do research at work, his supervisors notice that the ads he encounters reflect his politics.
  • 25. By default, apps can only run in their own little section of the phone’s system, called their sandbox.  An app that can only use the sandbox would be pretty useless. A web browser app needs to use the internet, and an app that lets you add filters to your pictures may need your phone’s camera, photo gallery, or both. Letting an app do this gives it permissions, so that’s what these features are called.  If an app needs permissions, you normally have to give them to use the app properly, or you are assumed to give them if you download it.  Some apps ask for permissions they don’t really need to function so they can promote themselves, send data to advertisers or track user behaviour to improve themselves.  A few apps are malware – they steal information or change how your phone works for malicious or criminal purposes.
  • 26.  They share information you don’t want to share.  They perform an action that compromises your privacy.  Some of them enable true malware designed for criminal activities, but most of these problems come from incompetent or greedy app development.
  • 27. In 2012 The Office of the Privacy Commissioner of Canada funded a Tekdesk project to research the privacy effects of smartphone apps.  Our initial research of the literature indicated the following:  Many users don’t understand smartphone permissions, and don’t pay much attention to them.  Free apps were much more likely to possess questionable permissions than paid apps.  In many cases, the problem isn’t malware, but app developers getting sloppy. To make it easy on themselves, they ask for wide ranging permissions.  App developers have also taken security shortcuts. For example, some apps uploaded contacts without encrypting them. This might allow a hacker to intercept that information.  In some cases, the permissions you see don’t match what an app actually does. For example, in one court case, the plaintiff alleges that her Windows Phone device continued to transmit location- based information after she specifically disallowed that permission.
  • 28. Phase 2 of our research looked at the permissions requested by the top 50 free and paid apps for the four major smartphone platforms, according to their app stores.  We discovered the following:  Android and Windows Phone apps from their official stores tell you permissions before you download. iOS and BlackBerry apps don’t. iOS only provided standardized permissions for push notifications and location-based services.  As of December 2012 the BlackBerry OS lets you change virtually any permission. For others, you are mostly restricted to changing location- based services.  Developers tend to ask for standardized sets of permissions, no matter the app. For example, every single BlackBerry OS smartphone app allows access to email, organizer data (calendars contacts), files, and security data by default. This may allow problem apps to conceal themselves as “wolves in sheep’s clothing.”  Virtually every app requests local network and internet access, even when the app doesn’t have any obvious use for it.
  • 29. Each mobile operating system has a different method of listing permissions, and different permissions categories.  Android: Read permissions in the Google Play app store or website before you download.  iOS: You need to download the app first. The app will ask for some permissions. Others require you to take a close look at what the app does. Go to Settings to see some apps’ permissions, such as permission to use push notifications.  BlackBerry: You need to download the app first. Look at the app under Options>Device>Application Management in BlackBerry phones made before 2013.  Windows Phone: The Windows Phone Apps+Games Store lists permissions for apps. Read them! In addition, after you download the app may ask permission for some functions, such as location-based services (GPS, Wi-Fi triangulation).
  • 30.  Every operating system describes privileges in a slightly different fashion, but they’re all talking about basically the same things. Some permissions are no big deal, but a few require your close attention because if they’re misused by the app, they can compromise your privacy.  When you see a suspicious permission, ask yourself if the app really needs that to function. Remember that some apps are ad-supported, and have extra permissions for that reason.
  • 31. Address book/contacts and calendar: Legitimately used for messaging, calendar and some social media. Otherwise, do not allow.  Geolocation/location-based services: Legitimately used for navigation, mapping and some social media (Facebook, Foursquare). Some apps (such as weather) also give custom content based on location, but should not need to know your fine, GPS-based location – just your general area.  Camera: Only apps that use your camera or affect photos need this permission. Otherwise, it can be used to take photos without your permission.  Phone calls and texting (SMS/MMS): Legitimately used for some messaging apps. Otherwise, it can be used to run up charges on “premium” phone calls and texts.
  • 32. In order of importance: 1. Research before you install. Google it! 2. Look up permissions as soon as you can. 3. Ask yourself: “Does this app need this permission?” 4. Read the app developer’s privacy policy. There should be one for every app that has access to your personal information. 5. Disable any permissions you don’t need, if you can. 6. Uninstall apps you no longer use. 7. Back up, wipe and restore your phone periodically.
  • 33. The most common way to get apps is to download them from official app stores for each operating system/device.  There are alternative app stores out there. For some phones (especially iPhones), you need to void your warranty by adding the ability to use them. For iPhones, this is called jailbreaking.  Official app stores use some safeguards against malware and security risks, but apps often get past them. Alternative app stores do not have these guarantees.  It’s also possible to install apps from your PC or through an SD storage card. This is called sideloading. Sideloaded apps may or may not be safe, depending on the app, but there are no guarantees.  Alternative app stores and sideloading are not recommended for most users.  Just because an app comes from an official app store doesn’t mean it’s automatically safe.
  • 34.  Some jobs and other circumstances create high security situations where you should take every precaution against privacy breaches and surveillance.  Examples of high security situations include:  Work that brings you into contact with people in crisis.  Visiting a shelter for individuals coping with violence.  Any time you believe there would be a serious threat to your privacy, and you are not sure how to protect it.
  • 35.
  • 36.  Zenia is staying at a shelter to escape a violent ex-partner. Her partner secretly installed tracking software on her phone. He activates it. The software doesn’t leave any sign that it’s active. He uses the phone’s location to track her down. Zenia turned off the phone’s GPS, but the software used Wi-Fi triangulation as well, and it’s good enough to find her rough location.  Jeff works at a youth shelter. A shelter resident steals Jeff’s phone, and not only uses the phone to arrange a drug deal (which may get Jeff in trouble) but gets enough of Jeff’s personal information to harass him later.
  • 37.  Your phone must be completed powered down to be truly turned off.  It is not off when the screen is dark and you’re not using it. It’s on standby. This is true even if you have set your phone to be silent or block calls and texts.  Some apps and hacking techniques can be used to use your camera and microphone, or read information from your phone (including location) while your phone is on standby.  Some phones cannot be completely powered down even when turned “off” according to the device’s settings. You must remove the battery.
  • 38.  Ask about cell phone policies for that site or job. If they recommend additional steps, use them. If they don’t, take the other steps anyway.  Power down your phone. Hold down the power button and select the option that shuts down your phone.  For extra protection, remove the battery if you can. If you can’t, consider leaving your phone in a secure location, away from the high security situation.
  • 39. If you will regularly enter high security situations, consider getting a dedicated phone to use when they arise.  Some jobs offer these phones to workers.  For the best security, this phone should not be a smartphone. If it is, it should contain virtually no non-work information—don’t use it for Facebook, for example.  The most secure option is a prepaid/pay as you go phone that is not registered under your name.  Use this phone for communication in high security situations, such as talking to clients or calling in and out of facilities.  Do not enter any private information in to this phone, and limit communication with private life connections to emergencies only.  In situations like this, it is perfectly reasonable to carry two phones.
  • 40.  Threats to your privacy come from losing physical security (someone gets their hands on your phone), user actions (you do something to release private information) and software (the app does something to release private information). Some high security situations require additional precautions.  Don’t let your smartphone out of your sight!  Learn about your carrier, smartphone, and apps.  Just because your friends and family aren’t concerned doesn’t mean you shouldn’t be. Everyone is different.  Technology knowledge + common sense = security! Keep learning and thinking.
  • 41. To protect your smartphone’s physical security: 1. Keep your phone by your side or in a secure location at all times. 2. Use a password-protected lock screen. 3. Wipe your phone with a factory reset and wipe/remove the SD card before you get rid of it. To prevent yourself from accidentally sharing information: 1. Study the apps you use for features that share too much, such as GPS location. 2. Don’t post sensitive information, especially about your location or finances. 3. Make sure you cannot be tracked through carrier services. To prevent apps from breaching your privacy: 1. Research apps online before you download them. 2. Look up their permissions to see if they want to do something they don’t need to do. In a high security scenario: 1. Completely shut down your phone. For extra protection, remove its battery. 2. Use the strongest combination of site security policies and what you learn here. 3. If you can’t remove the battery, consider leaving the phone in a secure place away from the high security location. 4. Keep an alternate phone, such as a prepaid phone that is not activated under your name.
  • 42. For more information, contact Tekdesk:  www.tekdesk.org  info@tekdesk.org  www.twitter.com/tekdesk  Look for us on Facebook – search for Tekdesk Peterborough