Just like many devices that are connected to the internet nowadays, mobile devices present a high risk of being negatively impacted by cyber threats.

WhatsApp’s new privacy policy indicated that they will be sharing its users’ data with Facebook and certain other companies within its environment. I’m sure any individual would be wary or even outraged if their personal information such as private messages, call logs and photos were shared with a third party. It could prove even more frustrating if an individual uses a communication platform such as WhatsApp not only for personal use but also to conduct business and is then forced to accept this policy in order to continue utilising the service. However, it seems that this is not entirely the case at this stage.  

WhatsApp’s communications are protected by end-to-end encryption. Encryption involves the breaking down of data into a random plain structure using certain algorithms rendering it unviewable in its original form, other than to those individuals who have the encryption key. This key is automatically sent to the recipient of the communication on WhatsApp. Simply put, the information in your messages and calls can only be accessed/read by you, the sender, and whomever you send them to – not even WhatsApp can access the information. Based on WhatsApp’s website’s statement, it does seem that your private data contained in your WhatsApp communications is not going to be shared with a third party, nor Facebook.

This new wave of awareness surrounding personal data and WhatsApp’s new privacy policy lead to a mass exodus of WhatsApp users and an influx of individuals to alternative platforms such as Signal and Telegram. WhatsApp shouldn’t be the only application users should be wary of when it comes to concerns around security. In fact, many other applications are far more nefarious and concerns are less widely publicized.

As an example, the “Agent Smith” android virus infected approximately 25 million android devices in 2019. This virus was disguised in legitimate Google-related applications (mostly in the form of free mobile games).  Security researchers also discovered a new Android Trojan with malware droppers and spyware capabilities in 24 Google Play Store apps with more than 472,000 downloads in total.

These types of viruses are where the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed applications on the device with malicious versions without the user’s interaction. Malware such as Agent Smith uses its broad access to the device’s resources to show fraudulent adverts for financial gain.

Malware authors have realized in the past years that Google has a very hard time picking up “droppers” hidden in legitimate apps. For the past few years, increasingly more malware operations have adopted this trick of splitting their code in two —a “dropper” and the legitimate application.

Malicious applications aside, there are links to malicious websites which are sent via phishing SMS’s and WhatsApp. Cyber criminals also use these methods for social engineering to entice you to provide your credentials. This is all with the intention of stealing your data. With this in mind, individuals accessing their corporate data on their device can place their employer at risk as well. Organisations should also adopt stricter Bring Your Own Device policies, combined with the requisite mobile device management software solutions. This will assist in mitigating the risk of corporate data being compromised on their employees’ mobile devices.  

Mobile users should invest in a mobile threat defence solution (antivirus for your device), ensure that their device operating systems are up to date, and only utilize applications from official application stores.

Cyber threats are here to stay, they are evolving and becoming more complex every day. These threats are not just a risk to businesses, but to all of us in our everyday life. It is up to everyone to educate themselves about these threats in order to quickly identify them and mitigate the risk as much as possible.

Leave a Reply