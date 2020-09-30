When you want a new app for your phone, whether iPhone or Android, how much consideration do you give to the security implications? After the White House announced its position on TikTok and WeChat, two globally popular mobile applications with a combined 1.8 billion users worldwide, the Commerce Department announced prohibitions on transactions with the apps because of national security risks. I suppose that, like me, your personal information that may be compromised by a malicious app does not arise to the criticality of national security. Our national security interests, however, rest upon a continuum of security concerns that includes less important data, such as bank or medical information. As a good citizen you should be aware of and participate in national security. It’s your nation and therefore yours to help secure. I understand how useless it might feel, just sipping coffee over breakfast, determined to bolster the billion-dollar programs already in place to preserve national security. Your duty nonetheless exists.
It's far from futile to actively learn about information security. If there’s even the slightest amount of reliability in the position that banning two social media apps will help secure the U.S.—meaning that the prohibition is weighted more to security than politics (we must embrace that some politics are involved)—then there’s a duty to comply and stop transacting with them. That’s just the start, though. In this world of cybersecurity you must understand that we really are all in this together. It’s more than Kumbaya-ing ourselves toward a safe digital commune existence. There’s real practicality in the sentiment. It used to be referred to as the World Wide Web for a reason. That’s the “world” part. Everything’s connected by design, and it’s the connectivity that makes the thing do what it does. Therefore, when you are lax in your security approach you compromise your neighbor as well as the person who is, literally, standing on the polar opposite position of the globe. No time for flat-earthers, here, so don’t call out my illustrative point based on your wackadoo understanding of science and our planet.
In recent writings I’ve explained that I never used or downloaded TikTok or WeChat. Maybe you’re the same. With 1.8 billion users, though, at least one-fourth or so of humanity carries that security risk around with them all day. No matter, I need to be aware of the risk not only in the case that, for whatever reason, I have some desire to use either of them later in time. It’s also the mere notion of an app posing a security risk that’s an important part of the message. All experts agree that one of the most effective, albeit challenging, pieces of the security puzzle is to create awareness. The unknown unknowns are the most dangerous risks. If you’ve always used the same 10 or 12 apps since you first got one of these mobile devices, and you never experienced anything but seamless, secure use of the device, you may not even fathom that there could be a problem. Now, you know. So what then?
Once you grasp that your apps, the games, travel tools, maps and texting, all of it, may create a security risk you’re ahead of the masses. I promise that, as those experts contend, being aware is not commonplace.
Know who else is well aware of that shortcoming? Yep. The black hats. The bad guys, the hackers. They all know that this is how we obtain an app. Step One: I want my phone to do something, like show me million-dollar homes along the French Riviera (which, by the way, you already do without an app, like most, by pointing your phone’s web browser to a site that lets you surf dream homes). Step Two: Search online for such an app. Step Three: Go to Google Play or Apple’s App Store and get said app (so long as it’s free, in my experience). Step Four: Use app and watch a virtual walk-through of a posh, seaside, out-of-reach French home.
The thing that’s right about that rundown of the process is that it fits most of us. The things that are wrong are all the omitted steps. Step X: Read reviews of the app and simply plug its name into a news-bent search to see what hits. Step Y: Read the user agreement. You know, the paragraphs and paragraphs of text that you skim over to get to the “I Accept” button. Admittedly, it’s we lawyers who write all that gobbledy-gook. To demonstrate how well I know you don’t read them, here’s one legitimately included term found in an Amazon app’s End User Licensing Agreements. After explaining that the app shouldn’t be used at a nuclear facility (already a term I’d never expect to contemplate in this gaming app), Amazon explains one exception, when it is okay to use it at Oak Ridge: “[Unless] a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.” That’s a direct quote. How many users of that app read that? A few, I guess, so we can all enjoy its humor.
It's really no laughing matter though. There are hundreds of billions of app downloads every year. Downloading an app is like opening your front door. It provides an entry point. It may be more risky to provide entry into your phone than your home, maybe not as to physical harm or danger but as to overall loss. And, recall, each phone is a link in the internet chain. Your duty is to learn about your place in the chain, help secure that place, and get to know the unknowns.
