We Use GPS, connect to free WiFi, receive verification codes, register various APPs, and enjoy the convenient life brought by smartphones. However, at the same time, harassing phone calls, fraudulent text messages, and accurate to horrible pushes make us unknowingly bear the risks brought by the leakage of private information. Urbanites who can’t live without a smartphone are facing a dilemma: they don’t know where their information is flowing to and they don’t know who is watching their personal privacy in the dark. Are the permissions requested by the app reasonable? How did your personal information leak? A mobile wallpaper application should read your address book, and a browser application can record our voice at any time. Don’t think it ’s inconceivable, there are not a few apps that obtain users’ personal information through cross-border claims, and the issue of personal privacy leakage is becoming more and more serious. If we choose not to agree, we cannot install these apps. Privacy permissions are divided into three main categories:
- Core privacy permission includes: obtaining location information, reading mobile phone number, reading SMS records, call records, etc.
- Important privacy rights include: opening the camera, using the microphone to record, sending text messages, sending multimedia messages, making calls, etc.
- General privacy rights include: turning on the WiFi switch, turning on the Bluetooth switch, obtaining device information, etc., and turning on the data network.
Due to the increasing trend of Personal Identity Information (PII) leak, it is very important to make up an effective privacy policy for individual apps. According to cyber laws, the specific requirements for making up the apps’ privacy policy contents are specified as the need for address details like the geographical boundaries and the legal dominions. The basic elements include:
- Who is the owner of the application?
- To what information does the application have access? How is the information being gathered by the app?
- What is the legal framework for data collection?
- For what purposes does the application collect the information?
- Which other parties have access to the data collected? Will any third party retrieve the data through widgets and integrations?
- What are user rights? Can the users request to see the information that the app has on them, can the users request for rectification, erase or block their personal information?
- The description of the processes for notifying users and guests regarding the changes or updates to the privacy policy is also a requirement for the privacy policy.
- The last requirement of the privacy policy is the effective time of the privacy policy.
LIFARS’ Incident Response and Digital Forensic highly skilled team of professionals will effectively manage data breach response, examine digital evidence and compromised systems for forensic artifacts of threat actor actions, lateral movement and data exfiltration, including social security numbers, driver licenses, health records, or any other sensitive data. Our skilled investigative team leverages knowledge from previous investigations to better understand an attacker’s lateral movement through an enterprise using attacker exploitation techniques, tactics and procedures (TTP) and collected set of Indicators of Compromise(IOCs). Communication with executives and board is done on a daily basis.
Contact LIFARS Immediately For