BEI Blog

BEI has been serving the Ohio area since 1991, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Tip of the Week: How Your Secrets Can be Spilled by a Jogging App

Tip of the Week: How Your Secrets Can be Spilled by a Jogging App

When considering your business’ security, it is only too easy to overlook how information of any kind might be compromised. Take, for example, the case study that is provided by the fitness application Strava, the jogging app that shares more data than many, including the United States military, would prefer.


Utilizing GPS-enabled fitness trackers, Strava creates what they call a Global Heatmap that shows user patterns and routes. Trouble is, this Heatmap shows the activity of all users--including those who probably shouldn’t have their location broadcast, like those who are staying at a military base. As a result, those who use the perimeter of the base as a jogging course have inadvertently provided a publicly-accessible sign of the base’s location. Furthermore, the app has managed to map out patrol and supply routes, and provides a rough time frame of when soldiers are where.

While some may argue that the locations of these military bases could be found using Google Maps, at least Google takes a few measures to protect potentially classified information by blurring out the actual base. Strava, on the other hand, displays a pattern of human activity that has many former military members extremely concerned.

This is also not for a lack of oversight, either. For instance, quite a bit of data has been collected from the United Kingdom’s military base HMNB Clyde, which is used as storage for the UK’s nuclear arsenal. Using the app’s route-sharing feature, someone reminded users of security by naming a route “You shouldn’t be using Strava here.”

Another location that has been visibly frequented by Strava users is, perhaps ironically, the National Security Agency.

In response to the tweets outlining these clear security risks, Strava released a statement reminding its users that they are able to control what data is shared to the Heatmap.

This entire scenario serves as evidence of a few things. First and foremost, a security vulnerability can come from the most seemingly insignificant source. As more devices and assorted gadgets are able to collect and aggregate data, it becomes incredibly important for you to know what these devices are capable of and where you should draw the line for the sake of your business’ security.

Secondly, you need to impress to your employees how important it is that they know what they are sharing by using certain apps with certain settings in place. Encourage your staff to do a deep dive into their mobile apps and the permissions each has, and to lean on IT to answer any questions they may have. While it may be less important to your business that an app like Strava can track the location of an employee, it may be critical to it.

For more information into preserving your business’ security, call BEI at (844) BIZ-EDGE.

0 Comments
Continue reading

Tip of the Week: 4 Dead Giveaways That an App is Fake

Tip of the Week: 4 Dead Giveaways That an App is Fake

The applications on a mobile device allow us to use that device in a number of ways, from productivity, to entertainment, to networking. However, despite the efforts of Google to keep out the riff raff, the Google Play Store has plenty of malware available to download in the guise of a desired app. Today, we’ll review a few tricks to help you spot them before pressing ‘Install.’


First, it may help to know how these fraudulent and malicious apps make it on the Play Store in the first place.

How These Apps Make it On the Play Store
It should go without saying that Google understands the importance of security, so it isn’t as though it is necessarily easy for malware to make it into the Play Store’s catalogue. However, in response to Google’s stringent standards, malware developers have gotten clever and devised a simple means of sneaking past the automated security. Instead of attempting to upload an app with malware already incorporated, these applications initially hold no real threats internally and, as a result, are able to pass by the Play Store’s security unhindered. However, once these apps are downloaded and installed on a user’s phone, they reach out to a third-party server and download the malware directly. Many malicious apps are added in this fashion, although many still sneak in full loaded and ready to go.

Spotting Fakes
While Google has made efforts to fight back against malicious and fraudulent apps with technologies like Google Play Protect, the thing that will keep you the most safe and secure is good, old-fashioned vigilance. When you decide to install an app in the future, refer to the following list to make sure that it is a legitimate, trustworthy addition to your device.

Name, Description, and More - The first signs that an app isn’t legitimate can be found in its name and description. Many malicious apps will mimic the name of the original application as closely as they can, skirting Google Play’s impersonation policy that would allow the original developers to complain and have the copycat pulled.

It is also important that you read the description. Many impersonated apps will feature broken English, or might seem to be written by a bot. The description is the best representation that a developer will have for their app, so a legitimate app will generally have carefully crafted and proofed copy. You should also double-check the images of the app that the developer provides to ensure that similar issues are not present there, either.

Checking the Reviews - One of the biggest benefits that the Google Play Store offers a user is the fact that these users can leave reviews. These reviews can often help indicate that an application is problematic. Granted, a fake app is often accompanied by fake reviews that sing its praises. However, looking at the negative reviews might provide some insight into whether or not the app is worth the download - and if the app is actually a disguised threat, someone else might have called it out to warn others.

Who Developed It? - Similar to seeking issues in the name and description, you should always check to ensure that an app was developed by exactly who it should have been. If the app is a well-known one, it should be pretty clear who it was that developed it, but some common sense may also be necessary. Would you expect the latest need-to-have business application to be developed by a reputable and recognizable company, or by someone who goes by “Super Developer2?”

To be especially certain, you can also check what else that “Super Developer2” has created by clicking on their name in the listing. Does the list of apps that they’ve developed make sense? This is another effective litmus test to base your decision upon.

Download Count - This factor will vary based on how common the particular app you’re trying to download is, but the most common apps have been downloaded billions of times. Therefore, if you’re looking to download a popular app, download counts in the hundreds, thousands, or even millions are low, and are likely fraudulent.

0 Comments
Continue reading

News & Updates

BEI is proud to announce the launch of our new website at www.biz-edge.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Contact Us

Learn more about what BEI can do for your business.

BEI
4700 Rockside Road Ste 625
Independence, Ohio 44131