Nader Henein: Mobile apps demand 'too much' info

Read time 1min 50sec
Many apps often have "unnecessary" access to personal information, says BlackBerry security specialist Nader Henein.
Many apps often have "unnecessary" access to personal information, says BlackBerry security specialist Nader Henein.

With mobile devices becoming increasingly ubiquitous in many parts of our daily interaction, users need to be aware of how installed apps access their personal information.

This is according to Nader Henein, BlackBerry's regional director for advanced security solutions, who said apps often demand "unnecessary permissions" during installation - a phenomenon which could compromise personal information.

Henein was speaking at the ITWeb Security Summit 2014 yesterday, delivering a presentation titled "Excuse me...your phone is leaking".

"In many instances, an app's permissions may share your location, and have access to your global positioning system, but does it really need to continuously track where you are, even when you are not using it?" he asked.

"The first question we need to ask is: what services does an app offer that requires it to know my location?" He adds that while many apps are not malicious, many are not developed with privacy in mind.

To demonstrate his observations, Henein chose an IT professional before the summit and, after checking settings for a few random applications on their mobile device, found many could access the user's contact list and location.

Information is currency

About Security Summit

The ITWeb Security Summit is Southern Africa's premier information security event. It is on at the Sandton Convention Centre until 29 May. Join the conversation on Twitter #itwebsec.

With the increasing prevalence of mobility in a connected information ecosystem, Henein said personal identifiable information has become a "currency", worth billions of dollars for technology companies and cyber criminals.

"Without information about you and the connections between you and others, many of the networking platforms are worthless."

A lot of legislation about information security is often unclear, says Henein, with many governments revisiting it in response to the changed global technological landscape.

"The European Commission wrote laws about data privacy 20 years, but they are revisiting it now because they realise that it wasn't clear enough. In the same way the Protection of Personal Information Act is written, it is in many cases not very clear."

Login with