The FBI issued an alert on March 31 about mobile applications developed abroad that can access users' personal data and also information from people who haven't even downloaded them. The warning focuses on common permissions, such as access to the contact list, which open the door to the collection of names, email addresses, and phone numbers.
The warning underscores that such access can occur when a friend or a family member authorizes an application to consult their contact list. From there, the developing company can obtain data from third parties unrelated to the download or direct use of the tool.
Collection beyond the app itself
The FBI maintains that many popular apps, especially those linked to China, can gather large amounts of information once they receive user permission. The agency specifies that data collection is not limited to the time of use nor to the environment of the application itself.
"Developer companies can store the collected data about users' private information and their address books, such as names, email addresses, user IDs, physical addresses, and phone numbers of their contacts" - FBI
"The application can persistently collect data and private information from users across the entire device, not just within the application or while it is active" - FBI
The federal agency adds that some applications can continue obtaining information in the background after having been authorized. Among the warning signs it cites a high consumption of battery or data, indicators that could point to constant activity outside of the visible use for the user.
Data stored in foreign servers
The FBI warns that, in some cases, the collected information could be stored on servers located in countries whose laws allow access by authorities. In that context, it reminds that China's national security laws could facilitate the Government access to data stored by these applications.
Although the agency does not mention specific companies, the warning comes after years of doubts about TikTok's links with China. Even so, the warning insists that the problem is not limited to a single platform and can affect video editing, shopping, and social media applications developed abroad.
Recommendations to reduce exposure
The FBI recommends limiting the permissions granted to applications, downloading only from official stores, and frequently reviewing device activity to detect unusual behaviors. Along the same lines, CISA asks to check before installing an app what data it requests, such as contacts, location, or camera, and to avoid those that demand unnecessary access.
Among the preventive measures also included are reviewing the privacy policy of each application, deactivating location, contacts, or microphone permissions when they are not essential, deleting tools that are not used and keeping the phone updated. The authorities' message is clear. An authorization granted without review can expose not only the user, but also their entire contact environment.