Reading Time: ~5 min.
Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became their own industry. Third-party apps and games on social media platforms (remember Farmville on Facebook?) were allowed profile access en masse. Trivia games, horoscope predictions, personality quizzes — all seemingly secure and engaging diversions — let social media users enable some type of third-party app.
Unfortunately, we now know that this left many of us, and our data, exposed to a potential breach.
So we turned to Randy Abrams, Webroot’s Sr. Security Analyst, for insights on how to keep third-party app breaches in check. The trick to keeping yourself and your loved ones safe? Information silos, both on and off of social media.
“As a rule, I leave my apps in silos, meaning I severely limit their connectivity level — especially when it comes to accessing my mobile device, “Abrams says. “Apps for email, texting, and calling people do have a reasonable need for access to your contacts on the phone. Most other apps, such as social media apps do not need to be able to look up your unsuspecting friends.”
Limiting the access your apps have to their direct functions will help keep you and your loved ones safe. Here’s how to get it done.
Mobile App Permissions
Limiting your app’s permissions may seem like a chore, but it is the best way to keep breaches from expanding in scope. We’ve put together a mobile app permissions crash course to help you silo your sensitive data quickly and easily.
For Android Users
To monitor and edit an existing application’s accessibility permissions on your device, go to your Android’s settings and tap “Apps & Notifications.” From there, you will be able to locate all the applications that are active on your device. When you’ve located the application whose permissions you would like to edit, simply tap the app and then tap “Permissions” to view and edit its current permission settings.
To review an application’s accessibility permissions before you install it on your device from the Google Play Store, tap on the app you’d like to install and click “Read more” to bring up its detail page. Scroll to the bottom and tap “App permissions” to review the app’s requested permissions. After you install and open the application for the first time, you will be prompted to allow or deny application permissions (like access to your contacts or location). You can always edit the application’s existing permissions later using the steps outlined above.
For iOS Users
To monitor and edit an existing application’s accessibility permissions on your device, go to the settings app “Privacy” to see all the permissions available on your phone (like location services and camera access). Select the permission set you would like to review to see all of the applications with access, and revoke any permissions you’re not comfortable with.
To review an application’s accessibility permissions at install, simply open the app and begin using it. The app will request permissions, which you can either allow or deny. You can always revoke permissions after they have been granted by following the steps outlined above.
Preventing social media applications from gaining unnecessary access to your mobile data could help stop data breaches from spreading. But it won’t stop the breaches themselves from happening. Leaving apps enabled entails large-scale security issues — not only for ourselves, but also for friends and family connected with us through social media. When we connect apps to our social media profiles, we expose not just our information, but the shared information of a broader network of connections — one that expands well beyond our immediate circles. In a startling example, only 53 Facebook users in Australia downloaded Cambridge Analytica’s infamous “thisisyourdigitallife” app, but a total of 311,127 network connections had their data exposed through those users. That amount of collateral damage is nothing to scoff at.
Removing Third Party Apps
“Facebook is the company best known for leaking extensive amounts of data about users, usually by default privacy settings that allow third-party apps to access as much user data as possible,” says Abrams. “Most users had no idea they could control some of what is shared and would have a difficult time navigating the maze to the settings.”
Facebook made a few reform efforts to help make managing third-party access to your account a little bit easier. Click on “Settings” from the account dropdown menu, and then select “Apps and Websites.” This should take you to a dashboard that will show your active, expired, and removed apps. It will also give you the option to turn off the capability for any third-party apps to connect with your profile.
From your account dropdown, click on “Settings and privacy.” Click on the “Apps and devices” tab, which will show all of the apps connected to your account. You can see the specific permissions that each app has under the app name and description. To disconnect an app from your account, click the “Revoke access” button next to the app icon.
From a web browser, log in to your account and click the gear icon next the “Edit Profile” button. Select “Authorized Apps” to see all of the apps connected to your account. Click the “Revoke Access” button under an app to remove it from your account.
Building Secure Social Media Habits
Monitoring the access levels of your connected apps is a good start to keeping yourself and your loved ones secure, but it’s not always enough.
“It must be assumed that all third-party apps are collecting all of the information on the platform, regardless of privacy settings,” warns Abrams.
Establishing secure social media habits will continue to help keep you secure after you’ve reviewed your app permissions. This means conducting regular audits of the third-party app permissions associated with all of your social media accounts and — slightly more arduously — thoroughly reading the privacy policies of any third party apps before you connect them.
“Without reading the privacy policies you cannot know to what extent your friends’ private information will be shared, “adds Abrams. “Remember, it isn’t just their names you are sharing, it is part of the data aggregation they are already subjected to. Simply letting an app know you are friends provides more information than just their names. It helps app companies build more robust profiles.”
Stay Vigilant and Informed