These are the 7 types of apps that can compromise your data

These are the 7 types of apps that can compromise your data


22 May 2023

How many apps have you installed on your devices? Enough? Today, we use apps for almost everything, from communicating with others to creating shopping lists.

However, some of them can get us into trouble and even ... serious trouble. Let's see what Daniel Chromek, Head of Information Security at global digital security company ESET, has to say about the most common ways we unwittingly put our data at risk through apps.

When suddenly some personal information turns out to be more serious than we thought

We often don't realize that we may be sharing highly sensitive data, says Chromek. Such is currently the case in the US where once abortion became potentially illegal in several US states, women were warned about apps they might be using to record their periods and track their menstrual cycle or sex life.

Several sources said that if law enforcement authorities have access to uncover possible illegal abortions, these apps can now be used as incriminating evidence against their users.

As the Washington Post explained, for example, "in an abortion case, the IP address would be important because, with the help of ISPs, law enforcement can track down individuals by IP addresses." In this case, data that was previously shared without concern, such as IP addresses, quickly became sensitive data.

What type of data needs to be protected?

Every day we deal with our own personal data, but also the digital information of our employers, employees, colleagues and customers. While public data may be easily accessible to anyone who seeks it, many types of digital information need to be carefully handled and protected. These include:

  • Internal data - i.e., internal communications
  • Confidential data - e.g. identity numbers
  • Restricted data - e.g., government-protected data

Understanding the difference between public and sensitive data may enable you to avoid compromising any digital information that should remain private. However, data classification can also change due to personal, professional or even political reasons, so never handle any digital information carelessly.

The most common applications and their risks

Many people don't read the Terms and Conditions - although it is highly recommended that you read them before using any new app or signing up to any new service.

This is especially true if you plan to use the app to manage not only your personal information but also work-related material. Many of these apps we all use so often that we may not even think about their potential impact on our digital security.

Let's take a look at some apps that may compromise your data security according to ESET's Chief Information Security Officer.

1) Free translation apps

Translation applications often need to process information to convert it into the final, translated text. "Translating a specific word is not a problem. The problem starts when entire paragraphs and documents are given for translation. When, for example, a lawyer gives the content of a sensitive contract to an unsecure translation application, the potential consequences are serious - a data breach under the General Data Protection Regulation (GDPR), disclosure of highly sensitive corporate information and so on," Chromek explains.

Be careful what kind of data you put into translation apps and be especially careful with unlicensed free apps.

2) Remote access apps

Want to check what your dog is doing while you're at work? Or do you want to turn on the heating before you get home? Remote access apps allow you to do that. However, they also work in reverse: you never know who controls who. "Remote access services can become a gateway for external actors to enter your device, manage it and steal the data stored on it," warns Chromek.

3) Shared calendars

"Shared calendars often include contact lists. You need at least the email address to share your schedule with someone. So if they are not sufficiently secure, these apps may be a GDPR issue," Chromek notes. In addition, some settings on shared calendars can be obscure to their users, so they may be unsure what data they are sharing with whom: whether they are only sharing their calendar with the people they intended to send it to, such as their colleagues, or whether they have made their schedule visible for any stranger to see.

4) Note-taking apps and notebooks

In this case the risks have to do with what you want to use them for. If you use note-taking apps to create shopping lists, there is not as much risk as there could be if you use them to record notes from your business meetings or even to memorise your passwords (for which you should always use a password manager, not any other app).It should also be noted that these apps often allow you to add images, videos or voice files to your notes.

5) File format change applications

Have you ever needed to compress a document to quickly fit into an email. Or change its format, for example, to PDF? One of the most common ways to do this is to use an online conversion tool or a file format change application. "Everything that has been said about translation applications applies to file format change applications as well," Chromek points out. These services have to process potentially sensitive data in the documents being uploaded, so always be careful and only use approved applications.

6) Messaging apps

Messaging apps often allow many actions - file sharing, phone calls, video calls, sending messages, voice recordings, etc. As a result, they need many permissions on your device, including access to your camera, microphone or storage. In addition, some messaging apps do not encrypt the information they collect, so when compromised, attackers have access to all the data collected, including sensitive information.

7) Public file-sharing apps

In addition to potential access to sensitive information, most public file sharing applications operate in the cloud. When your cloud provider or account is compromised, there is the potential for data leakage. However, some file sharing apps can be paired with transparent data encryption solutions, which can be proposed to increase the security of your data.

Most of the applications mentioned above share some of the same risks.

First, the cloud they use to store data may not be secure. By storing personal data, these cloud services gain access to GDPR data.
We must also remember that some applications use third-party services, so there is always the risk of service failure.
Finally, to stay operational, apps need funding, and free apps have limited options for where to get funding for their activity: through ads, donations, using data for commercial purposes, or selling your data to other services. This is only if you agree - the possibility of data sharing is usually mentioned in the Terms and Conditions that many people fail to read.

Always consult IT or security experts.

In conclusion, apps can be useful in our daily and professional lives, but they all carry risks. Without a background in IT, you may not be able to fully appreciate the severity of their potential risks, so it is always recommended that you consult your company's IT and cybersecurity team for any new app you plan to use.

View them all