Do You Know Where Your Kids’ Data Is?

It’s not unusual for today’s toddlers to be able to easily navigate an electronic device. It’s an intuitive part of their daily lives, despite some parents’ quest to shield them from it.

Most children born after 2002 use technology on a daily basis, and it’s important for parents to know how to protect their children online—specifically when using apps.

The FTC has published studies on privacy disclosures on children’s apps annually since 2012. The inaugural reports, “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” and “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” uncovered that a staggering amount of apps share user information with third parties, unbeknownst to the children who are using those apps.

The key to keeping hold on what apps are putting your child’s security at risk is to investigate their privacy practices. Easy enough, right?

Well, not exactly.

In the most recent survey, 45 percent of the 364 apps tested turned out to have privacy practices available only after downloading. An additional 38 had privacy practices available in harder-to-find places, the FTC reports, such as through a link to a developer’s website.

The kind of privacy data in question includes children’s geolocation data, photos, videos, and audio recordings, as well as persistent identifiers such as cookies that can track a child’s activity online.

Seek out age-appropriate apps for children

Chris O’Shea, founder of Cowly Owl, a London-based children’s app company, says that his biggest advice to parents is to stick to apps that are made for their child’s appropriate age group.

“On the Apple App Store, there is a ‘Kids’ category, and on Google Play, there is a ‘For Families’ category,” he says. “To have an app in those categories, developers must provide a privacy policy that can be visible from the store before you download an app. The platform holders then approve [the] app to be in those categories—but [parents should] still check the privacy policies.”

Parents should also beware of free apps, especially those riddled with pop-up and other forms of advertising that can take children out of the app and onto a third-party site, putting them at risk.

“Not only could the advertising not be age appropriate, but the advertising networks that they use can often track your device across apps to build up a behavior pattern of what your interests are,” O’Shea says.

COPPA can help protect children’s information

The Children’s Online Privacy Protection Act (COPPA) was established in January 2014 by the FTC to place parents in control over what information is collected from children online.

The COPPA Rule was designed to protect children under age 13, and it applies to operators of commercial websites and online services, including mobile apps. The rule includes requirements to post a clear and comprehensive privacy policy, to directly notify parents before personal data is requested, and to provide parents with the choice of whether to consent to an operator’s use and collection of data.

“The rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children,” the FTC states in its COPPA FAQs.

O’Shea says that when going over a privacy policy, parents should understand that there is a difference between analytics and personal data.

“Don’t be afraid if you see that an app uses analytics,” he says. “If it is anonymous data, the developers use this information to help improve their apps, [such as] fixing usability or gameplay [or] knowing what is and isn’t working. [Be sure that] the privacy policy states that this is not personal information and you aren’t being asked for your personal details.”

Related Articles
Data Breach Fatigue: The New Identity Theft Risk
How You Can Help Protect Against Identity Theft
What You Can Teach Your Children Right Now About Credit

Protect Yourself from Security Weaknesses in Wireless Networks

WirelessVulnerabilitiesEvery day, millions of Americans use their electronic devices while out shopping, having coffee, or changing planes, often without a thought about the wireless networks they’re using. Unfortunately, those networks could be making everyone’s favorite devices vulnerable to viruses or malware attacks.

For example, in the summer of 2015, flaws were discovered in both Apple and Android devices that could allow hackers to install harmful malware on a phone without the user even being aware that the phone had been compromised.

iPhones and MacBooks

A serious vulnerability was found in iOS 8.4.1 (for iPhones) and OSX Yosemite (for MacBooks) that allowed hackers to access and install malware via the Bluetooth-enabled feature Airdrop. If a hacker is in range of your device, all he or she had to do is drop the malicious app onto it, without your knowledge or permission, using a wireless network. Then, the malware simply installed itself the next time you turn on the device.

Thanks to Apple’s design, the amount of user data to which a hacker could gain access to is limited.

Even so, hackers might be able to track the location of your phone or make in-app purchases through your iTunes account.

Here are two simple steps you can take to help protect your iPhone or MacBook from attack:

  • Upgrade your iPhone to the iOS 9 operating system, which includes a fix for this problem.
  • If you don’t want to update your MacBook’s operating system, disable Airdrop or your computer’s Bluetooth feature to help keep your device secure.

Android devices

Android devices recently had their own set of security challenges. A security analyst in Texas discovered a simple way to bypass the lock screen on his own phone, which was running the widely used version 5 of the Android OS. Although a hacker would have to be in possession of the phone to bypass the screen, the weakness can allow easy access to all of the apps and data the phone has to offer.

This discovery came on the heels of another flaw, called Stagefright, which is even more dangerous. A mobile security researcher at Zimperium Labs found that the Stagefright flaw exposes devices via text messages that send a video file containing a piece of malicious code to a ’victim’s Android device. Because Android phones begin to process video automatically, hackers could use this tactic to steal data or take control of apps.

Here are some steps you can take to help secure your Android devices:

The lock screen bypass

  • Don’t leave your phone unattended. A hacker has to have your phone in his or her possession to bypass the lock screen.
  • If you currently use a password to protect your phone, you might want to change to a PIN or pattern instead.
  • Some phone carriers have issued a patch for this problem, so always keep your device’s software up to date.
    Stagefright
  • Check with your carrier to see if it has issued a software update to fix this weakness. If so, follow the carrier’s instructions to update your device.
  • If your carrier doesn’t yet have an update, look into how you can take steps yourself to disable the automatic download function that allows Stagefright to obtain access to your phone.

Protect your wireless network

Although updating the software on all of your devices can provide an important layer of protection, the best strategy to help protect your devices is to keep your own wireless network safe and secure. You can do so by taking the following steps:

  • Encrypt your wireless network.
  • Confirm that your router is secure.
  • Limit outside access to your network.
  • Ensure that your network is secure during mobile access.

Taking these steps now may help you keep your favorite mobile devices free of viruses and malware, both at home and on the go.

Related Articles
Is the Barcode on Your Boarding Pass Secure?
Losing Control: The Emotional Toll of Identity Theft
How You Can Help Protect Against Identity Theft

Secure Your Credit and Debit Cards After Your Wallet Is Mobile

SecureMobileWalletWhen leaving the house, you usually have to search for a few items: your wallet and mobile phone. But if some major technology companies and financial institutions have their way, soon you may only need your phone.

A mobile wallet allows consumers to carry payment information, including debit and credit card information, in digital form on a mobile or wearable device. This means consumers could, theoretically, begin leaving their credit and debit cards at home.

Sounds convenient, right?

According to a 2013 global PayPal study conducted by Wakefield Research on consumers’ attitudes toward various payment methods, 83 percent of respondents said they didn’t want to have to carry a physical wallet. Additionally, 29 percent of Americans surveyed said they would choose to only bring a smartphone and not a wallet when going out. Mobile wallets are clearly gaining in popularity.

“Over the next couple of years, we’ll see up to 50 percent of transactions being done with a phone or other mobile device,” says Peter Olynick, card and payments practice lead for Carlisle & Gallagher Consulting Group.

However, once you’ve started using a digital system, what do you do with all the credit and debit cards you’ll no longer take with you when you leave the house?

Protecting the information on your physical credit and debit cards

You may want to keep the actual cards in case you decide to switch back from a mobile wallet to a physical one or if your mobile device is lost or stolen.

In that case, the Federal Trade Commission (FTC) suggests keeping the information stored in a secure location, like a fireproof lockbox in your home or a safe deposit box at your bank. The FTC also says you should regularly check your credit card and bank statements to be sure there’s no suspicious activity.

Elie Bursztein, who leads anti-cybercrime efforts for Google and who blogs at Elie.net, suggests scratching off the three- or four-digit security code from the physical card (and, if need be, storing that information separate from the card) and writing “See ID” in place of a signature on the signature line. This way, if your cards are ever taken from your home, you may still have some protection from their misuse.

If you feel you’ll never need your physical credit cards again or wouldn’t mind ordering new copies if using your mobile wallet doesn’t work out, be sure to fully destroy the cards. In this age of identity theft, simply cutting a card in half no longer works, experts at creditcards.com say.

Instead, cut cards into many small pieces, or shred them (being sure to destroy any magnets or chips), or, if you want to be really safe, burn the card in pieces.

Don’t throw away your wallet just yet

For now, though, even if you leave your credit cards at home, you’ll still have to keep your wallet with you, Olynick says.

“We’re a number of years away from being comfortable enough to accept only mobile payments,” Olynick explains. “There will be an extensive period when either is accepted… but it will be some time before you can say, ‘I don’t need to bring a physical wallet.’ ”

When will you finally be able to leave your wallet at home? It’s not the mobile payment systems that will hold consumers back from completely digital wallets, Olynick says. It’s the national and statewide identification systems such as driver’s licenses that will keep wallets in people’s pockets.

“At some point, governments will have to figure out, do they want to allow mobile identification? When that happens, that’s really when people will have the ability to leave their wallets at home,” he says.

Related Articles:
Mobile Payment Apps Add Rewards, But Will Consumers Follow?
Financial Planning: There’s an App for That
More Millennials Are Shirking Credit Cards—But that Doesn’t Mean They Should