App Security

Gab was breached February 28, with 70 gigabytes of user data leaked by a group of “hacktivists.”  A popular audio chatroom app for iOS devices called Clubhouse was breached seven days before that. A few weeks earlier, Clubhouse had run afoul of privacy advocates concerned about its data storage–including the possibility that the company was routing content through China. 

While any of these issues are obviously problematic, when it comes to social media apps there often seems to be a “deja-vu all over again” tendency: Shiny new apps with serious buzz are revealed to have amateurish security holes, questionable data privacy practices, possible ties to foreign governments…. Yada, yada, yada.

We now know Parler, the right-wing Twitter alternative, also failed to protect its user data, in their case through an unprotected API, and it was downloaded in bulk. That trove of data was subsequently used to provide evidence to law enforcement after the January 6 Capitol riot. Having legally obtained data on hand to find violent insurrectionists is great if you happen to work in law enforcement, but the fact that a widely used new social network more or less left the doors unlocked and open for anyone to access is terrible. 

My point? Parler and Gab are not alone.

In late 2020, TikTok was deemed a national security risk–and it wasn’t only MAGA politics. The app had a history of tracking the data of minors–a huge segment of the app’s user base. 

Zoom’s explosive growth in the early days of the Covid-19 pandemic exposed a series of embarrassing security and privacy holes that forced the company to halt development until those issues were resolved. That process took three months.  

Examples of poor app security are not the issue. Social media apps have a very specific business model: they provide a platform for communication between thousands, if not millions of people, sure, but they exist to garner data that is used to serve laser-focused, highly profitable ads. 

Unbalanced Risks

An app made to perform a relatively straightforward function, e.g. tracking sleep or exercise, exposes its users to a certain level of risk, but the fallout is often limited to the app’s functionality itself. 

How you’re sleeping doesn’t really compare to how you’re coping during the pandemic–psychotherapy is often conducted on Zoom–or how your start-up intends to clobber the competition–something that might be exposed on a private Clubhouse chat where key players virtually meet to discuss business strategy. The same issues pitfalls should be too-of-mind regarding a child’s day-to-day activity on TikTok, Snapchat, etc. 

While single-purpose apps don’t require a large user base to turn a tidy profit, social media and communications apps do. Even before launch, they need beta users to attract high-profile attention and buzz. They live or die on downloads and new user stats. This rush out of the gate can leave little time for a cautious and methodical review of the app’s security. 

The Takeaway

  • For app users, look before you leap and lie like a superhero.
  • Social networks and communications platforms collect and use your data.
  • The most serious security and privacy gaffes harm early adopters most.
  • Give platforms time to mature, and do a little research before signing up for an account. Find out more about where your data is stored, and how, see how many legal issues a company has run into, especially concerning security and privacy, and wait.