This week we've heard the horrendous tale of Wired reporter Mat Honan's getting all of his mobile devices hacked. Honan's situation could have been worse but was frighteningly bad enough, made worse by his linking various online accounts. His situation was the result of a team of hackers determined to get into his Twitter account, but the fact is many of us willingly give mobile apps the keys to our online existence.
- Black cloud hangs over Apple service after high-profile hack
- How Apple let a hacker remotely wipe an iPhone, iPad, MacBook
- You're not in control of your own security
Do you use an app to work with your Twitter account on your phone or tablet? Most of us do and that means we've voluntarily given our Twitter login credentials to someone we don't know. Most app developers are good folks but lets face it we can't know that when we enter our credentials in the app.
Handing over our Twitter credentials isn't that risky, a bad guy could only post bad tweets under our Twitter handle. Or worse they could change login information, thus locking us out of our own Twitter account. That's how Honan discovered he had been hacked when the bad guys posted racist and homophobic tweets to Gizmodo's Twitter account. Honan used to work for Gizmodo and had linked his personal Twitter account to Gizmodo's.
Twitter aside, many of us have willingly given our Gmail credentials to various mobile apps. This is a huge exposure for compromise as that login gives access to our Google account. That affects email, Android devices for those who use them, and even the Google Wallet account, an online payment system. The keys to our entire mobile kingdom in other words.
Apps that work with Google Reader are commonly used, and they require the Google login credentials to work. Many of you, like I have done, have entered your Gmail login to such apps. We have willingly handed access to our entire Google online existence to a perfect stranger or strangers.
Email apps are a dime a dozen and if you've installed one or two you have given your email account credentials to those apps to make them work. The risk is not very great if the apps come from known identities but that's not always the case. Many apps come from small developers, perfect strangers in other words. Even if we check them out and they are good guys, what happens in the future if they sell the app to someone else? Our login information is part of the deal.
It's worth repeating that most app developers are great people who take pride in protecting user information. That doesn't mean there aren't some bad folks out there, and when an app asks for those account credentials we should think twice about just handing them over.
Good developers use proper techniques to keep our important credentials safe. If an app asks directly for your Gmail login credentials, think twice before handing them over.
Image credit: Flickr user zodman