Is it worth exposing your personal data in exchange for the convenience of using pet apps on your smartphone?
Pet apps leaking your sensitive information has probably been a no-brainer for you. But it may now, thanks to two recent studies presented at the 2022 IEEE European Symposium on Security and Privacy Workshop conference.
On 28 February computer scientists from Newcastle University and Royal Holloway, University of London exposed a number of security and privacy issues. Researchers from both universities evaluated popular Android apps for pets and other companion animals, as well as farm animals. They found that 40 users are leaking information.
Dubbed pet tech, pet industry developers use technology to improve the health, well-being and overall quality of life of pets. Obviously, they also use it as a source of data acquisition which puts users’ security at risk.
Pet tech is expanding and includes a wide range of products including GPS trackers, automatic feeders and pet cameras, according to a written statement from Newcastle University. Other examples of pet technology include wearable devices that monitor pets’ activity levels, heart rates, and sleep patterns.
Some of these pet apps control smart feeding systems that dispense food at a set time or in response to the animal’s behavior. These apps and platforms also allow owners to track and manage their pet’s health records and connect with veterinary professionals.
According to Ashish Patel, general manager/EMEA at mobile security solutions firm Zimperium, the leaky apps problem is widespread, going far beyond just pet apps.
The problem is evident across all markets, countries and applications. This includes sharing unencrypted information in clear text and sharing data on open cloud-based servers.
“It’s a problem that’s coming to the forefront now, but we see more organizations implementing security from development, with scanning techniques in app development to create more secure apps, to ensure app keys are encrypted and it is equally important that it is running on a secure [non-breached] With device run-time protection, Patel told TechNewsWorld
What researchers discovered at Pet Apps
The researchers did not disclose the names of the pet apps analyzed. Nor did he clarify what type of content was leaked from specific apps.
However, they verified that the apps sent developers sensitive user information, including email addresses, location data and pet details, without encryption or user consent.
Many of these apps put users at risk by exposing their login or location details.
According to the Newcastle University statement, the three applications had users’ login details visible in plain text within non-secure HTTP traffic, meaning anyone using one of these apps could inspect anyone’s internet traffic. and get their login information.
Furthermore, the two apps also showed user details, such as their location. This allows someone to gain access to their devices and expose them to a cyber attack.
The tracking software embedded in the four apps raised another concern: the trackers could collect user data related to how the app or smartphone was used.
The analysis revealed that 21 apps track users without their consent, violating current data protection rules.
Researchers’ privacy and security warnings
Scott Harper, a Ph.D. student at Newcastle University’s School of Computing and lead author of the study, said pet tech products such as smart collars and GPS trackers are a fast-growing industry. This brings with it new security, privacy and security risks for pet owners.
“While owners may use these apps for peace of mind about their dog’s health or where their cat is, they may not be happy to learn about the risks they pose,” he said in the university statement. Apps that keep for cyber security.
Harper urged users to make sure they set up unique passwords, check settings and consider how much data they want to share.
Dr. Maryam Mehranzad, co-author of the report from the Department of Information Security at Royal Holloway, University of London, said that using modern technologies to improve many aspects of our lives often involves cheap technologies that compromise users’ privacy, security and privacy. comes at a cost of , and safety.
“Animal technologies can pose complex risks and harms that are not easy to identify and trace. In this interdisciplinary project, we are working on solutions to reduce such risks and enable animal owners to use such technologies without risk or fear. allowed to use.”
Second study shows user complacency
The research team conducted a second study which surveyed 600 participants from the UK, US and Germany. They questioned the technologies used, the events that occurred, and the methods used to protect their online security and privacy in general and pet apps in particular. The researchers published the survey findings in the journal Proceedings of the 12th International Conference on the Internet of Things. Their results revealed that participants believed there were a variety of attacks likely to target their pet technology.
Despite this concern, respondents said they take some precautions to protect themselves and their pets from the potential risks and harms of these technologies. The university statement did not disclose the numerical results.
Co-author Dr Matt Leach, Director of the Center for Comparative Biology, Newcastle University, said: “We would urge those developing these technologies to enhance the security of these tools and applications to prevent their personal information or location from being shared. risk can be reduced.”
Cyber Security Insider Responses
According to Casey Ellis, founder and CTO of crowdsourced cybersecurity firm BugCrowd, application developers, especially for apps that are not “security first” in their nature, often prioritize features and usability over security to differentiate in-market. give priority. Speed is the natural enemy of security, so these kinds of issues are often seen in fast-to-market areas like mobile applications.
“At the end, [vulnerabilities vary and] Come down to risk to the individual user. For example, to some people, a breach of privacy may not seem like such a big deal. For others, it could create an immediate personal safety issue,” Ellis told TechNewsWorld.
Regardless, app developers must ensure that security and privacy controls are behaving as users expect, which is clearly not a consistent theme here, he said.
App users should realize that if they are not paying for an app or service, then they are the product. Zane Bond, head of product at cybersecurity software firm Keeper Security, warned that your data and usage is how the company will make money.
“Be aware and understand that most services are not free. You just have no idea of the cost. Even with many paid services, your data is still for sale,” Bond told TechNewsWorld.