Mobile Security Blog | Pradeo

Intrusive applications | The suspect list - Part 2

Written by Roxane Suau | April 25, 2024

In today's digital age, mobile applications have become an integral part of our personal and professional lives, offering convenience and functionality. However, not all applications are created equal, and some pose a significant threat to our privacy and security. One such threat comes from intrusive applications.

 

What is an Intrusive Application?

An intrusive application is a type of mobile application that extensively collects users’ personal information, often without their full awareness or informed consent. These applications are designed to gather a vast amount of data, ranging from contact details and messages to photos and location information, among others. Users may unknowingly grant permissions to collect these data when agreeing to the application's terms and conditions without thoroughly reviewing them. Cybercriminals often use such applications to harvest sensitive data for various purposes, including targeted advertising, monetization of their applications by reselling the data and even to steal personal or business information for state-sponsored or economic espionage.

 

How Do Intrusive Applications Work?

Intrusive applications employ deceptive tactics to lure users into downloading them, often by offering enticing features or rewards. Once installed, these applications prompt users to grant permissions for accessing sensitive data, such as live location, contact lists, messages or multimedia files. Additionally, they may request permissions to record audio, take pictures, and capture videos, further compromising user privacy.

Some infamous examples of intrusive applications include: 

  • Greyware: Applications that may not be inherently malicious but exhibit potentially unwanted behavior, such as excessive data collection or intrusive advertising practices. Notable examples are TikTok and Temu, which are mobile applications that massively collect and spread its users’ data all over the world. Although those practices are depicted in the long privacy policy of these applications, they still come as a surprise as nearly no one reads them, unfortunately.
  • Leakware: Applications that intentionally leak user data to third parties without their consent or knowledge. One prominent case is the Cambridge Analytica scandal, where the Facebook application allegedly harvested millions of users' personal data for political profiling purposes.

Protecting Yourself from Intrusive Applications

As an individual, to safeguard your privacy and security against intrusive applications, consider the following measures: 

  1. Review Application Permissions: Before installing an application, carefully review the permissions it requests. Avoid granting unnecessary permissions that could compromise your privacy, such as access to your entire contact list or location data. 
  2. Uninstall Applications That You Don’t Use: Regularly review the applications installed on your smartphone and remove any that you no longer use or trust. This reduces the risk of exposure to intrusive applications lurking on your device.
  3. As an organization, leverage real-time threat detection and response, such as the one offered by Pradeo's Mobile Threat Defense. The solution identifies and mitigates potential risks before they can compromise your mobile device fleet and data. Through continuous monitoring of application behaviors, network activities and system configuration, Pradeo ensures that only trusted and compliant mobile applications can be used by your collaborators, preventing unauthorized access and privacy breaches.

 

Below is a poster to help you raise awareness of the risks posed by intrusive applications. By displaying it in your workplace, at the coffee machine or in the meeting room, you can illustrate this growing threat and reinforce the confidentiality of your employees' mobile uses: