Do you remember the saying “there’s an app for that”? Apps certainly are cool and convenient, but can you tell whether they are malicious or not? Today, we discuss and give you some vetting tips you can use before you download apps.
In this episode:
3 Vetting Tips Before You Download That App – Ep 378
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
The Privacy and Security Boot Camp
3.5 day In Person Event
Mar 12, 13, 14 and 15, 2023
PriSecBootCamp.com
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
PriSec Session of the Week
[03:12] Monday will be “Ya Got To Prove It” day. Check out Donna’s and David’s description of what we’ll cover on this topic at the PriSec Boot Camp in Louisville, KY.
HIPAA Say What!?!
[11:50] Doctor Admits Criminal HIPAA Scheme for Wrongful Disclosure of Protected Patient Health Information to Pharmaceutical Sales Representative | USAO-NJ | Department of JusticeThis story is crazy. There seems to be even more to the story that wasn’t mentioned in the article and I’d say that the physician and pharmaceutical sales rep has not seen the last of law enforcement.
Remember, HIPAA can be a criminal case.
405(d) Tip of the Week
[14:69] Recent spotlight webinar, The Legal Implications of a Cyber Attack, available for replay via YouTube and you can get the slide deck here.Watch this space. We have so many cool things coming out starting any day now. We will see a regular flow of resources as the things that got backed up waiting for all approvals are released.
Is That App You Love Really Malware?
[18:03] Both Android and Apple have a store where you download apps to use on their devices. However, both app stores contain malicious apps.Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials
Protecting People From Malicious Account Compromise Apps | Meta
Meta announced they found over 400 malicious Android (355) and iOS (47) apps that are really designed to steal their Facebook login information when you use the “Login With Facebook” feature.
They notified Apple and Google to remove them from the app stores as they found them. However, we all know they can’t possibly keep up.
There are all kinds of assumptions about the ability to “know” the app is ok. Unfortunately, we can’t just know. It is really impossible to be certain with some of these apps. Let’s look at some of the basic reasons people think they know and why they shouldn’t be so sure.
1 – “I read the reviews before I downloaded the app.” not helpful
[22:11] Doesn’t really matter here. Unless you read all the details and can sort through the fog, you can’t keep things that are fake from drowning out the real ones.These developers create dummy accounts and post reviews or even pay people to post reviews of their apps. If anyone starts to figure out it is malicious and gives it a negative review they post more positive ones to counter that one.
Read the bad reviews, but keep in mind people do hateful things like pay people to write bad reviews too. There are many times I read reviews of apps and always chuckle about a XKCD comic.
— https://imgs.xkcd.com/comics/tornadoguard.png
2 – I don’t download games. Not helpful
[27:51] Games are just one of the types of apps that are a problem. They disguise these apps so any user may find them interesting or helpful. They will work to some extent doing what they say they will do. The big issue is what the apps are doing in the background. Any app can be turned into a malicious one with a simple update.In fact, the list published by Meta includes a broad list of types of apps they found being a bad actor behind the scenes.
The Hacker News story points out that breakdown with some additional notes:
42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary. <span class="su-quote-cite">The Hacker News</span>
Take a look at this link to see a few of the names of apps published on their list just to show you the kinds of names they use. Here are a few from that list:
Cartoon Face Photo Editor
Instapic: Photo Editor Pro, Collage Maker
Fun Wallpaper
Flash QRCode Scanner
Tuber VPN – Free & Secure VPN Proxy Server
Hotspot Free VPN
Files Clear
AppLock-Lock Apps & Privacy Guard
Smart AppLock
Business Meta Manager
Business Manager Pages
Business Manager Overview
Business Suite
All in one Doc Editor & Viewer
Each of those names seem innocuous enough and may even provide some helpful tools. However, they can also provide some trouble.
3 – I only download apps that X tells me are ok. May be helpful
[37:14] As long as X is someone who truly understands these things, you can feel better… but remember the criminals work hard to fool all of us. That really means ALL of us.Even if you vet the apps using these the tips above, you should not assume that the app never needs vetting again. Apps change. They are updated, new features are added, bugs are fixed, etc. Keep in mind that those updates could be adding bugs and malicious code to the apps. So re-vet them.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.