How many times have you downloaded an app, and during the install process, it asks you for access to contacts, calendars, and other hardware like your camera? Did you stop and ask yourself, why does an app need access to my camera and do I need to give it the permissions? For some apps, it will only disable the feature of the app that uses the camera but for others, the app may not work.
Why would you want to prevent an app from accessing your contacts, call history, or camera?
If an app can access a database on your phone, like your contacts or your call history, this means that every developer of the app, and whoever else gets access to that app, either overtly or covertly, now has all this data. How many times have you heard of a major company getting data stolen that included your data?
At this point, no amount of encrypted or multi-factor authentication will protect your data. If you willingly choose to provide information from an application on your phone, you have given away the keys to the kingdom.
So how do you protect your phone’s data?
You should only be using applications on your phones from signed developers inside your Mobile App stores. Google Play for the Android and the App Store for the iPhone are examples of sources where you will get signed developers. You should also be checking if you disable a feature you don’t want the app to have, like contacts, calendars, or call history, will the app still work? If the app won’t work without access to a feature, you must ask yourself, “Do you really need the application and accept the risk?
With all the features that an app can be given access to, it is no wonder that we hear of attackers making calls from our phones, hacking our applications information, taking photos, and sending emails on our behalf.
Knowing what our phones are doing is the first line of defense in preventing a data breach.
The second line of defense is getting your company’s devices enrolled in Mobile Device Management Platforms like InTune from Microsoft. This application controls every mobile device in your enterprise, and can block allowing permissions in apps, or block all applications from installing except the ones you choose. There are many Mobile Device Management Platforms to choose from, varying in how compliant they are with government regulations. Need to secure your enterprise mobile devices but not sure where to start?
Contact us to learn more!