Few are aware, but the mere fact of installing an app on the mobile can put our privacy at risk. The key lies in the 'permissions' that these applications ask for and that we most often grant without stopping to think about whether they are really necessary.

What are the most common permissions? The storage unit, the calendar, the camera, the contact agenda, the microphone, the messages received, the phone application and our location. These allow any app designed for this purpose to read our messages, access the call history, take photos, listen to what we say, know where we are (and where we are heading), get the phone number of any of our contacts and consult the documents we have saved.

Application for excessive permits

Manuel Carpio, a cybersecurity tutor at IMF Smart Education, explains why some applications request permissions that are unrelated to their functions: “It is usually for the company behind the application to collect as much of its data as possible and sell it to third parties, such as advertisers and data aggregators.”

The latter applies even to the most popular applications (such as social networks), which need not indicate something illegal. In fact, most of them clearly indicate this in their terms and conditions, that is, the raffle that we usually accept without reading after registering on the current app.

A different issue is those applications developed by cybercriminals for their purposes, often camouflaged as simple calculators or games, Carpio says: “Cybercriminals try to monetize their criminal activities with their malicious apps in different ways: defrauding our accounts by using premium services, collecting personal data and reselling them or sending us advertising. To this end they can either produce an ad-hoc application that simulates a legitimate application, but has hidden functionalities, or they can produce an application that exploits vulnerabilities in the configuration of legitimate applications or the operating system of the device.”

In this regard, the security firm SecneurX alerted a few weeks ago to up to 34 applications designed to steal data and even send WhatsApp messages on our behalf. They were present in the Google App Store and added over 10,000 downloads around the globe.

How to Detect Malicious Apps

Is there any infallible formula to identify these malicious applications? That's right. “Cybercriminals and scammers count on their victims being too busy to notice certain details,” the expert explains, “such as the app icon or developer’s name.”

Keeping permissions at bay

If we unfortunately end up installing certain apps, there are signs that they are illegally using the mindset permissions. The most obvious are that the smartphone works slower than usual for no apparent reason, that it tries to connect to sites we haven't asked for or that it displays an excess of pop-ups with advertising. In these cases it is impossible to use anti-virus programs to detect and suppress 'malware'.

The best thing, though, is to advance cybercriminals by learning to revoke permits. “Give your applications permission only to what they need to access on your device to provide the functionality declared by your developers. For example, it is natural that your weather application or your navigation application need to access your location to function properly. However, there is no reason why you need access to your camera or your contacts,” Carpio recommends.