It is common practice to take certain steps to protect your computer before installing new software; however, those security steps are often neglected when installing browser extensions, add-ons, social media and mobile apps. These programs may request permission to access your data; if they’re compromised by cyber attackers or if you install a malicious or illegal version your data may be at risk. It is important to take the necessary precautions to protect yourself and fully understand what access you are granting before you install.
First and foremost it is highly recommended to have up-to-date virus protection software installed on your computer and devices.
Additional best practices include:
Install from official stores
Whenever possible only install from official stores and identified developers. For example, for Android go to the Google Play, iOS the iTunes – App Store, Chrome the Chrome Webstore.
Know what you are downloading
Verify the name and developer of the app. Similar to phishing, scammers try to create extensions, add-ons, and apps that appear legitimate in order to trick people into downloading and sharing information. Official stores do their best to weed out the fraudulent versions but it is important to search the developer, check reviews, the number of downloads and look for spelling errors to spot potential fakes.
Carefully read the permissions
Understanding why an app may request certain permissions is essential to protecting your data and devices from rogue programs. It is reasonable that an app like Google maps would want permission to know your location in order to provide full functionality; however, this permission may be unreasonable for a flashlight app. You can change the permissions that apps can access in settings on your device at any time. Additionally, on many devices, you can customize permissions to only run when the app is in use. Keep in mind changing permission access may cause apps to lose some functionality.
You should also use the same functionality logic outlined for mobile apps when reviewing permissions for browser extensions, apps, and add-ons. Extensions like Pocket, Pinterest or Bitly need to be able to save or change the URL or images on any of the websites you visit, in order to function they require permission to “Read and change all your data on the websites you visit”. The phrasing for some permissions can sound scary but consider the functionality and if it seems that an extension is asking for unreasonable permissions then you might not want to install it.
Review instructions for your device on how to revisit app permissions.
Two good sources of information are how to Control your app permissions on Android 6.0 and up and how to use restrictions on your Apple device.
Sign in with Google or Facebook features
Many extensions, websites, add-ons and apps allow you the option to sign in with your Google or Facebook account. This feature helps with the problem of trying to remember multiple username and passwords but it also may put your data at risk if you don’t follow all the previously mentioned practices. You should only use this option on trusted websites. Before using these sign in options we recommend reviewing the policies of Google and Facebook.
Questions? Comments? Email TechHelp@fitnyc.edu or call 212 217.HELP (4357).