FBI warns Americans about installing apps developed in China
The PSA warns Americans that apps that keep their digital infrastructure in China must follow that country’s national security laws. This means that the Chinese government can rummage through the personal data belonging to the users of these mobile apps. Also of concern is the kind of data that these apps request access to when installed. All it takes is your permission for an app to continually access your personal information.
Some apps allow your data to be siphoned away from your device even when the app in question is not active. Some platforms allow contacts and friends to use the app. Even with default permissions, developers can store collected data such as names, e-mail addresses, user IDs, physical addresses, and phone numbers of the user’s contacts. Some of these apps even say that collected data is stored on servers in China for as long as the developers believe necessary.
The G-men want you to perform “good cyber-hygiene”
The FBI notes that some apps will run locally on the user’s device, reducing the chance that the app user’s personal data is being sent to China. On the other hand, some apps won’t allow the user to run the app unless he agrees to share data. Of course, some apps might contain malware that could result in the collection of more data than that authorized by the user. Additionally, some malware is designed to give bad actors access to personal data, including the credentials (username, password) employed by the user to open his financial apps.
The FBI says, “Good cyber hygiene is crucial to protecting your digital identity.” The law enforcement agency has a list of recommendations:
- Disable data sharing that is not necessary.
- Only install apps from official app stores that can be verified.
- Regularly change and update your passwords.
- Update your software regularly.
- Before downloading apps, make sure to read the terms of service or end user license agreement.
What to do if you note suspicious activity related to a foreign-developed app
When you file a complaint with the IC3, make sure to reveal the following information:
- The type of device you are using and the operating system it supports (i.e. Android, iOS),,
- Name of the app involved and the developer of the app.
- Where the app was installed from, and the date that took place.
- Date you started using the app.
- Specific permissions you granted to the app.,
- List the data you feel is compromised such as contacts, location, messages, photo gallery, etc.
- Whether suspicious activity has been spotted on your device since installing the app, such as unusual data usage, battery drain, unauthorized access, etc.
- Whether the cloud-based or locally downloaded version of the app was used.
- Any alerts warning of malware detection or any security warnings received.
- Whether you suffered any financial losses or had to deal with identity theft resulting from your use of the app.
