Tag Archives: permissions

Is Facebook‘s “Most used words” quiz a privacy thief?

The “Most used words” app became a Facebook hit within days of its launch. At the moment of writing this article, it has been used by nearly 18 million users globally. There are many controversies about user privacy in relation to data that is collected by the app.

“Most Used Words“ is an unexpected privacy nightmare. Source http://en.vonvon.me/

“Most Used Words“ is an unexpected privacy nightmare. Source http://en.vonvon.me/

Earlier this week, the British company Comparitech published a blog post about the privacy nightmare caused by this innocent-looking Facebook app. “Most used words” is presented as a simple, playful quiz in which Facebook scans through and analyzes users‘ posts in order to generate a collection of words they use most frequently on Facebook. Sounds like fun, right? Before you try it yourself, take a closer look at this data-hungry wolf in sheep’s clothing – after some analysis of the app, it has turned out to be a privacy thief. When using the app, users give away following details:

First, the app asks for a couple basic pieces of information:

1. Name

2. Everything you’ve ever posted on your timeline

But then, it asks users to agree to give away the following personal details:

3. Profile picture, age, sex, birthday,and other public info

4. Entire friend list

5. All of the photos and photos you’re tagged in

6. Education history

7. Hometown and current city

8. Everything you’ve ever liked

9. IP address

10. Information about the device you’re using, including browser and language

Let’s face it — our concept of the privacy has  unarguably changed in the age of the Internet and social media. In the digital world, we leave our fingerprints on a daily basis while browsing, shopping, playing, and chatting on multiple devices. Regardless of our online activities, there should be limits as to how companies collect, store and process our personal data. In this case, the owner of the app, South Korean company vovon.me, can be accused of a serious breach of user privacy.

What do you give away when installing “Most used words”?

According to Vonvon’s official terms and conditions, you agree to your personal information being used in the following ways:

1. Used after the termination of your membership to the website and/or use of Vonvon’s services, for any reason whatsoever. (This basically means that you already gave away your data if you used the app.)

2. Stored on any of Vonvon’s servers at any location, including the countries that have little to no legal regulations regarding data privacy.

3. Sold to the third parties, which you agreed to according to this statement: […] We do not share your Personal Information with third parties unless We have received your permission to do so, or given you notice thereof (such as by telling you about it in this Privacy Policy) […]

4. Used in any manner by the third parties, as Vonvon doesn’t take any responsibility for it: […] this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose Personal Information[…]

How to protect yourself?

We have good and bad news for you. The bad one is that if you have already installed any of Vonvon’s apps, it’s unfortunately no longer possible to protect your privacy. (See point 1 in the paragraph above.)

If you haven’t used it yet, let this be a lesson to you. The same lack of privacy concerns can also be seen in other permission-hungry apps – this is why a weather forecast app would like to have access to your pictures and a cooking app requests your IP address.

We also advise you to review the current list of apps that you have already installed on Facebook, determine if you use them on a regular basis and pinpoint what kind of data the apps are requesting from you. You can do this by doing the following:

1. Select Settings in the top right of Facebook

2. Click Apps in the left menu

3. Hover over an app or game and click to edit its settings

You can find out more about Facebook apps‘ privacy and security in the About Apps section of the Help Center.

If you are an Avast user, log in into your Avast account and go to Social Media Security > Apps — we will guide you how to analyze each of your apps‘ security.

You might be surprised how many apps you have installed throughout the years, so don’t forget to make an audit of your apps on a regular basis.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

How to tell if an app has in-app purchases

News emerged recently of a California woman suing Google for the return of thousands of dollars taken without her knowledge via in-app microtransactions.

After upgrading a free app via the Google Play store, hackers got hold of Susan Harvey’s details and between March 2013 and August 2014 ran up thousands of dollars across 650 in-app purchases without any alerts and notifications being sent to the victim.

 

Checking for in-app purchases

It’s easy to see if an app allows in-app purchases, just visit the Apple App Store or the Google Play Store.

Google Play Store

Android

 

Apple App Store

iOS

 

While it is not yet determined who is to blame for this attack, one thing we can all do to help keep ourselves safe from fraud or mobile attacks is to carefully check the permissions of any apps we install on our devices.

Check out this video for tips on which permissions to look out for when installing a new app.

Video

Make Sure You Check These Permissions

 

In the video, Michael highlights these top permissions to check when installing an app:

  • Check the app store that the app contains in app purchases
  • Access to the internet
  • Access to phone and call information
  • GPS and precise location
  • Access to photos/media/files
  • Camera and microphone access