October 13, 2011

Take A Good Look: Use Discretion When Downloading Apps

When you download an app on your phone, do you read the permissions?  Do you know what permissions are?  We recently asked our Facebook fans (a pretty security savvy group of people) this question and 46% of the 838 survey respondents said “no.”  When downloading apps, users are often in a hurry to install and begin using their new programs.  While it may take an extra minute to look at an app’s ratings and read through the permissions before hitting the “download” button—in the long run—using discretion when downloading apps could help keep you from inadvertently downloading a bad app to your phone.

What are permissions and why should I review them?
Before you install an application to your phone, an app will request permission to access certain data or capabilities on your device.  When you download an app from the Android Market, you can see a list of the data and capabilities the app will access.

Always read through the permissions and make certain they make sense.  For example, if a chess app is asking for permissions to your contact list or phone call logs ask yourself: “why would a chess app need access to my friends’ and colleagues’ phone numbers?”  In this instance, you may want to consider downloading a different application.

There are many permissions that an app could require.  Some of the permissions to pay close attention to include:

  • Your location. This will allow an application access to your location. Applications that may ask for this permission include: restaurant finders and mapping applications.
  • Modify/delete SD card contents: This will allow the applications to read, write, and delete data stored on your phone’s SD card.  Applications that may access this permission include: note taking, backup, video and camera apps.
  • Send SMS. This could let an application send an SMS on your behalf, (it may also cost you money).

How can I see which permissions the apps I’ve already downloaded access?
To see the permissions given to an application after installation open the Market app and follow these steps:

  • Press Menu > Downloads (or My Apps)
  • Select the app, press Menu > More > Security

Download from trusted sources
In addition to reading the permissions, we recommend that you download your apps from trusted sources like the Android Market, the Amazon App Store or even your carrier’s APP store.  Alternative app stores tend to have a higher frequency of malware, so use extra caution if you decide to download apps from them.

Read the comments in the Market and check the ratings
Before you download an application be sure to read the comments. Click through users’ feedback: this can also help you understand how well an app works on your particular phone (and your particular version). Comments and permissions should also be reread every time you have to update an app.  The Android Market will show you, on average, how many people have downloaded an app, and the overall rating.  Aim to download apps with 3 to 5 stars; this will help give you an idea of an app’s popularity and likely, its quality.

Downloading apps is a fun!  Just be sure to follow these safety tips the next time you click “install.”  Explore all that the market has to offer—and keep your phone safe!

Category:   Lookout News  •  Privacy  •  Security
October 6, 2011

Lookout Remembers Steve Jobs

As a group of professionals working in the technology space, we have tremendous admiration for all that Steve Jobs has done to shape the  industry and change the entire world.  He was a visionary – creating products we didn’t even know we wanted and making them accessible to everyone at the same time.  Steve Jobs raised the bar for design aesthetics –companies aspire to have the design acumen that is in every Apple product.

Steve Jobs’ impact on the world can be seen in many ways: the way we communicate, interact, consume information, listen to and create music. He transformed the mobile experience as we knew it and started the smartphone revolution. We’ll remember Steve Jobs as an inspiration and be reminded of his legacy every time we use one of the amazing products he masterminded.

Category:   Apple
October 5, 2011

Locked Down: Password Protecting Your Phone

As part of Cyber Security Awareness Month, we conducted a survey on Facebook to learn how many of our fans protect their mobile devices with a password.  The poll showed that approximately 30% of survey respondents didn’t have a password set on their smartphone.  Congratulations Lookout Facebook fans, you are ahead of the curve when it comes to password protecting your phones!  On average, studies have found that 67% of consumers don’t set a password on their mobile device—leaving the majority of smartphones unprotected.

Setting a password on your phone is the first line of defense so only you can access the important data on your phone.  Imagine, if you wanted to protect your house, would you leave the doors unlocked?  Similarly, your phone contains valuable information you want to keep safe: contacts, calendar, files, social network sites, passwords…if this information falls into the wrong hands, a password will help keep all of your sensitive data private.

How to set your password:

For Android, depending on your type of phone, you can select to use a pattern unlock, a personal identification number (PIN), or an alpha-numeric password

  • Tap the menu button from the home screen,
  • Choose Settings > Security > Change Screen Lock. (The exact phrase may vary from phone to phone).

Once you set your security option, you can set how quickly you want the phone to Lock itself (immediately, one minute, two minute five minutes).

  • Tap the menu button from the home screen
  • Security > Lock Phone After (this exact phrase may vary from phone to phone).

For iPhone

  • Click on the Settings button from the home screen
  • From Settings, select General > Passcode Lock
  • This will open the Set Passcode screen.  Enter in your 4-figure code.

You will now be at the Passcode Lock screen. Here you can choose the timing for the lock screen.

Picking A Strong Password

Not all passwords are created equal.  Keep these tips in mind when setting up a strong password for your phone:

  • Avoid simplistic passwords: such as the last four digits of your phone number, or public information (birthday).  As a general rule of thumb, if the passcode information may be available on Facebook—don’t use it for your code.
  • If possible, include characters from each of the following four categories: (upper case letters, lower case letters, characters (!?&), and numbers).
  • If you choose a PIN code, be sure to avoid the top 5 most commonly used (and easily guessed) passwords: 1234, 0000, 2580, 1111, 5555.

By setting a strong password, users can ensure that if their phone is lost or stolen—their data is locked behind a “digital door.”  If you haven’t done so already, set a password on your phone today.  And spread the word…tell your friends to lock up their phones too.

Be sure to stay tuned next week (and all month long) as we highlight tips for keeping your smartphone safe!

Category:   Lookout News  •  Privacy  •  Security  •  Uncategorized
October 4, 2011

HTC Reports Vulnerability; Working on an Over-the-Air Fix

Yesterday, Android Police reported on a recently discovered security flaw affecting select HTC phones. The vulnerability could expose sensitive user data to any other app that has permission to access the Internet on the user’s phone. With this vulnerability, there is a possibility that a third-party app with malware embedded in it could exploit the security flaw and access a person’s sensitive data, which includes email address, GPS location, phone number, and text message data. HTC is already working on a patch with its carrier partners, which will be available to people over-the-air. All affected HTC owners will be notified to download and install it when it’s available.

The report of this vulnerability serves as another reminder that our phones are just like our personal computers, and as developers build apps, create custom firmware or make changes to the OS – everyone in the mobile ecosystem needs to take the proper precautions to confirm information accessed on these devices is used and stored securely. While software and hardware developers strive to create products that are proven to be resilient—vulnerabilities can still exist.

Phones it affects:
The following HTC phones are reported to be affected:

  • Evo 3D
  • Evo 4G
  • Thunderbolt

How you can stay safe:
If you have one of the phones listed above, the best thing for you to do is only download apps from trusted sources and developers. When you’re prompted by HTC to download the update, we recommend that you do so immediately.

We’ll keep you updated on this important news as more information becomes available.

Category:   Vulnerability