The Risk of Unsecure Mobile App Privacy

September 9, 2022 - 6 minutes read

Today, mobile apps power so many critical aspects of our daily lives. From facilitating our commute via Waze, to augmenting our health initiatives through apps like MyFitnessPal. And although apps of all different applications and values have come to play such a major role in our daily lives, what happens when those same apps pose a major security threat?

As a trusted App Developer in San Francisco, dedicated to developing the world’s most innovative iPhone apps and Android apps, we feel now is the time to dig into such a critical topic as mobile app privacy.

Today, it likely won’t surprise you to find out that individuals of all races and creeds, including top government officials use common-day applications just like the rest of us. And although these applications provide the same level of convenience, efficiency and communication, privacy and security risks have reared their face as a major challenge. In fact, many of us using everyday apps may be shocked to find that some apps bring potential harm. 

So, what mobile applications out there are really a cause for concern, you ask? Well, recently, Tom Hortons, the Candian coffee chain Tim Hortons fell under tremendous scrutiny when news broke that the Tim Hortons mobile app was secretly tracking and storing user geolocation data even while the app was closed. Under pressure from reporters to provide a statement, Tim Horton Representatives states that the metadata collected via the Tim Hortons mobile app was simply used for marketing purposes, and real-time geotracking wasn’t capable under the technical limitations of their mobile application, but those who broke the story don’t believe this tells the complete truth. Rather, investigators feel this type of technological capability is akin to mass surveillance as the collected data could infer highly specific user habits.

Whether nefarious or not, this example of mobile tracking identifies a major issue with the mobile apps we known and trust suggesting a serious privacy and security vulnerability may be present in more mobile apps than we can account for. 

The hidden risks of the mobile apps we love

If it’s true that Tim Hornton is secretly tracking users who have downloaded the Tim Hortons app, what does this say about other such vulnerabilities? For instance, threat actors could easily track specific individuals or nefarious actors could follow state officials and gain key insights regarding national secrets based on the actions of government officials.

In fact, while Tom Horton has come out and apologized for the error and promised to fix the tracking problem swiftly, it’s by no means the only mobile app that has had its fair share of challenges.

Some key mobile app privacy breaches over the past recent years:

An unforeseen vulnerability identified in the MyFitnessPal mobile app allowed malicious threat actors to gain access to sensitive user data, resulting in a data breach and PR blowback that cost Under Armour, (the company that owns MyFitnessApp) to sustain a market value loss of 3.8%.

In 2021, more than 21 million user’s sensitive information including licnese plate number was exposed after the ParkMobile app, used by many local governments, was breached. 

In 2019  the government issued Kilswitch/APASS software used by Marines and sailors was breached allowing threat actors and foreign adversaries to access sensitive military location data.

British Airways sustained a breach that leaked 380,000 credit card payments and compromised sensitive customer data. 

What This Means for Businesses Choosing an App Dev Partner

As hard as government agencies may try to limit risk exposure, in today’s technological fast-paced world, many government officials are going to continue to use their personal devices as well as use the applications of their preference on their phones. This not only creates a challenge for government agencies but it also puts companies bringing apps the market in the hot seat. 

Take, for example, a scenario where a company either develops its application in-house or outsources it to a third-party development house. Without the proper precaution (or the proper vetting of this given app development firm) they could quickly wind up in a situation where their new shiny app is causing major PR backlash after an unsuspected vulnerability arises, or worse, an apparent privacy safeguard is breached. 

This is an incredibly important consideration for organizations as they make steps toward bringing their mobile application to the market. Here, we highly recommend working with a third-party app development company that not only exhibits industry tenure and experience, but focuses on a security-first development approach. 

About Dogtown Media

Here at Dogtown Media we understand how important your mobile application is to deliver innovative health solutions in the mHealth space. 

To this,  we are more than just developers your hire. We are your partners, working in lockstep with you to create the best mobile application possible for your business that connects with your target audience. We get to know not just your project but your company and the people who make it a success. 

Take advantage of our free consultation to speak to our mobile application development experts.


Tags: , , , , , , , , , , , ,