Do you give mobile apps the keys to your kingdom?

Do you give mobile apps the keys to your kingdom?

Summary: We are using more mobile apps than ever on our gadgets and many of them interact with our online accounts. Linking apps to online accounts can give them access to all kinds of personal information.

SHARE:
8
hacker-ninja

This week we've heard the horrendous tale of Wired reporter Mat Honan's getting all of his mobile devices hacked. Honan's situation could have been worse but was frighteningly bad enough, made worse by his linking various online accounts. His situation was the result of a team of hackers determined to get into his Twitter account, but the fact is many of us willingly give mobile apps the keys to our online existence.

See related:

Do you use an app to work with your Twitter account on your phone or tablet? Most of us do and that means we've voluntarily given our Twitter login credentials to someone we don't know. Most app developers are good folks but lets face it we can't know that when we enter our credentials in the app.

Handing over our Twitter credentials isn't that risky, a bad guy could only post bad tweets under our Twitter handle. Or worse they could change login information, thus locking us out of our own Twitter account. That's how Honan discovered he had been hacked when the bad guys posted racist and homophobic tweets to Gizmodo's Twitter account. Honan used to work for Gizmodo and had linked his personal Twitter account to Gizmodo's.

Twitter aside, many of us have willingly given our Gmail credentials to various mobile apps. This is a huge exposure for compromise as that login gives access to our Google account. That affects email, Android devices for those who use them, and even the Google Wallet account, an online payment system. The keys to our entire mobile kingdom in other words.

Apps that work with Google Reader are commonly used, and they require the Google login credentials to work. Many of you, like I have done, have entered your Gmail login to such apps. We have willingly handed access to our entire Google online existence to a perfect stranger or strangers.

Email apps are a dime a dozen and if you've installed one or two you have given your email account credentials to those apps to make them work. The risk is not very great if the apps come from known identities but that's not always the case. Many apps come from small developers, perfect strangers in other words. Even if we check them out and they are good guys, what happens in the future if they sell the app to someone else? Our login information is part of the deal.

It's worth repeating that most app developers are great people who take pride in protecting user information. That doesn't mean there aren't some bad folks out there, and when an app asks for those account credentials we should think twice about just handing them over.

Good developers use proper techniques to keep our important credentials safe. If an app asks directly for your Gmail login credentials, think twice before handing them over. 

Image credit: Flickr user zodman

Topics: Apps, Google, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Creative writing 101

    Learn to write. The same idea 4 times in one short column: "we've voluntarily given our Twitter login credentials to someone we don't know"; "many of us have willingly given our Gmail credentials to various mobile apps"; "We have willingly handed access to our entire Google online existence to a perfect stranger or strangers"; "you have given your email account credentials to those apps to make them work". Do you get paid by the word?
    billintib
    • Actually it's not "creative writting" but it is poor jounalism

      He only has about two paragraphs worth of actual content here and his argument is very incomplete. Not nearly enough research was done.
      T1Oracle
  • Creative writing 101

    Learn to write. The same idea 4 times in one short column: "we've voluntarily given our Twitter login credentials to someone we don't know"; "many of us have willingly given our Gmail credentials to various mobile apps"; "We have willingly handed access to our entire Google online existence to a perfect stranger or strangers"; "you have given your email account credentials to those apps to make them work". Do you get paid by the word?
    billintib
    • Law of Judicious Repetition.

      Charles Finney, Lawyer and historically noted USA 1800's Evangelist used this concept, promoting it, calling it precisely that. Prolific Public Speaker and Writer that he was.
      Redundancy is to this Law of Judicious Repetition as simplicity is to simple.
      Kendrick has not strayed into superfluous redundancy; I differ with you. In fact, the subject matter lends itself to expansion.
      Speaking of repetition and such, howcum billintib, you posted the identical twice?
      PreachJohn
  • are we sure this is a tech blog?

    Google, Twitter, Facebook etc all have there own auth portals and services that should never require you to give your password to the app. If it doesn't I won't use it. Do you really just give your credentials out that easily?

    As for hackers, I strongly suggest 2stage authentication with both Google and Facebook.
    30otnix
  • Cloud storage is for noobs

    I've been saying this for the last two years, but if you use cloud storage and get hacked, it's simply your own fault. There are better (and more secure) alternatives to using cloud storage. Those who don't know what these are either haven't been doing their homework, or shouldn't be anywhere near tech devices.

    As for Honan, that's what happens when you put all your eggs in one basket. For a guy who writes about technology, I can only label him as careless.
    lgpOnTheMove
  • I was going to use Mint accounting software

    The very first thing it asked for was my user name and password for my BofA account.
    Deleted it immediately. Never even got to see any part of the software.
    dougvb@...
    • Mint.com's whole purpose is to manage your financial accounts!

      That's what Mint does, you give them access to your online banking accounts and they pull the information to help you sort through it within a single, consistent interface. They were acquired by Intuit some time ago, and I don't really have much knowledge of Intuit, but I know they've been in the tax software business (managing a lot of people's sensitive tax information) for a very long time, and they are a publicly traded and profitable company, so I trust them with my credentials. Min is no comparison to a random app that requests your Google credentials to present you your Google Reader articles.
      nemesys571