This past September, Apple quietly removed several antimalware tools from the Mac App Store. Developed by security firm Trend Micro, the tools were part of the Adware Doctor app, and worked in the background to collect data about their users’ browsing history, uploading that data to a remote server. What’s particularly surprising (and concerning) is that these weren’t small, independently-developed apps.
Up to the time it was removed, Adware Doctor was the most popular paid application on the Mac Store.
“Now, an anti-malware or anti-adware tool is going to need legitimate access to user’s files and directories — for example to scan them for malicious code,” writes Patrick Wardle, the security researcher who first identified the suspicious behavior. “However, once the user has clicked Allow since Adware Doctor requested permission to the user’s home directory, it will have carte blanche access to all the user’s files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file it so chooses…[this behavior] seems to be a blatant violation of the user’s privacy (and of course Apple’s strict Mac App Store rules).”
It gets worse. As it turns out, Apple knew about the app’s behavior for several weeks. It only removed the software from the Mac Store several days after it started receiving widespread media coverage.
This underscores a harmful assumption that seems to have grown a touch too widespread of late. We have the tendency to believe that if an app is paid or available through an official source like Google Play, the Microsoft Store, or the Mac Store, it is safe to use. So we get careless – we don’t think before we buy.
In the case of Trend Micro, the result was an app that exfiltrated the data of hundreds of thousands of users. Honestly, they’re lucky that’s all it did. It could have been much, much worse.
Like it or not, you need security tools whether you’re on a desktop, a smartphone, or a tablet. But as evidenced by Trend Micro, not all tools are created equal. That’s what we’re going to talk about today – how can you ensure the security software you install actually does its job?
Pay Attention To Your Permissions
As you probably already know, the best way to tell whether or not a mobile app is safe is to look at the permissions it requires and to consider whether or not it actually needs those permissions to function. Unfortunately, where security apps are concerned, this one’s a little tricky. An antimalware app, for example, will need administrative access to your file systems – otherwise, it can’t scan for viruses.
It’s probably easier to go over the permissions that said apps generally don’t need:
- Access to contact details
- Access to your camera, speaker, or phone.
- Ability to monitor your browsing history (unless you’ve installed a tool that specifically offers safe browsing)
Use your best judgment here – and when in doubt, Google is your friend.
Read The Reviews
If an app doesn’t do what it claims, its reviews will generally reflect that. Check what people are saying about an app on the store, and pay attention to the language of those reviews. Do they read like real people who installed the app to protect their device, or is there something off about how they type?
Paid reviewers are a problem, especially with skeevier app developers. That’s why in addition to reading the reviews on the app store, you should check Google. See what people are saying about it on the wild web.
Learn How To Spot The Red Flags Of A Bogus App
It’s usually pretty obvious when an app is outright malicious (or at least fake). Before you install anything, be sure you always take a step back. Take a close look at the app and its developer.
Because all bad apps tend to display at least a few of the following, in addition to inappropriate permissions (which we’ve already discussed):
- The app was submitted by someone other than its original developer – this was the case with widely-circulated fake WhatsApp software that made the rounds last year.
- The developer’s name appears to be a play on another, better-known developer. Only there’s a character or two out of place, a misspelling here, a hyphen there…you get the idea.
- The app’s description is poorly-written, laden with typos and grammatical errors
- Upon accessing the developer’s website, the app doesn’t appear there – this could be a sign that someone else has uploaded the app masquerading as the developer.
Be Sparing With What You Actually Install
The last piece of advice I’ll offer might run counter to what you’ve been taught about cybersecurity, but it’s important to bring up all the same. For each cybersecurity tool you consider installing, ask yourself whether or not you really need it. Sure, antimalware is probably a must.
But do you really need a VPN? Or an ad blocker? Or an app locker? Or a private browser like TOR?
Everyone’s usage habits are a little different, obviously. Maybe you can justify installing all of the above – and if so, feel free to do it. Otherwise, it’s important to remember that even as cybersecurity apps are concerned, having too many can put you at just as much risk as having none at all.
Stay Safe Online
At the end of the day, cybersecurity apps exist to keep your data safe, both personal and professional. It’s imperative that you learn to recognize which ones are actually capable of doing so and avoid those that are little more than band-aid tools – or worse, that actively put your information at risk.
The advice I’ve laid out here represents a good starting point. The rest is up to you. Be mindful, and stay safe.