Welcome to #WeekendWisdom number 57. This week we’re going to talk about a dodgy survey app.
Where did this Survey App come from?
I came across a photo on Twitter last week that showed a letter that was sent to a person in the UK from a company called Ipsos MORI. They are a survey, research company over in the UK. The letter asked the individual to install an app on their smartphone or tablet and to participate in surveys for which they were going to get some payments. Now there is some privacy concern with this app.
The microphone? Why?
The first one is that it wants permission to access to microphone. To be able to record audio and they say they will wake up randomly and listen to what’s on in the background, to see if a particular television programme or radio programme is on. But it could record something else. <wink, wink, wink> You know what I mean. So there is that concern.
A root certificate? What’s that?
They also ask you to install a root certificate and most people don’t know what a root certificate is. Basically this will enable the survey company to be able to watch everything you’re doing on the internet. Every site you go to. Everything you log into. They will be able to capture your passwords, your user IDs, some things like that. They say they won’t use them, but they can. That is a real, significant risk. People will just click OK because the instructions tell them it’s ok to do so. Don’t install root certificates people, please.
Anything else wrong?
There’s also some VPN that’s installed. I’m not sure how bad that is that hasn’t been researched fully yet. But that’s still a little bit iffy.
So look, if you’re being asked to install an app and you are being paid money for it, check out the privacy implications. Talk to a professional about it to see are you being violated in anyway.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.