Predictive Profiling of Mobile Apps

Recently it was reported that a popular and supposedly secure communication app known as “ToTok” had been exposed to be a tool used to spy on its users by the United Arab Emirates Intelligence Service.

It is probably not the first nor the last time a government agency infiltrates or publishes public technologies such as mobile apps, VPN services or social networks to gather intelligence from its users. After all, who can blame them? Isn’t the ignorance of the public and the popularity of these globally used technologies a great intelligence resource waiting to be utilized? Since we cannot expect foreign intelligence agencies to stop seizing opportunities to exploit popular technological trends, the responsibility for our own data security and privacy is dependent on our own security awareness.

From a security perspective, we should always be wary of new, popular, seemingly innocent and supposedly secure applications. However in general, the public is uneducated and a bit naïve when it comes to the usage of mobile apps, the information these apps collect, where the information is stored and how the stored information could potentially be exploited.

With this in mind, we need to look differently at the mobile apps we use and the information these apps collect. For example, it is not a secret that apps such as Snapchat, FaceApp and WhatsApp collect large amounts of personal information with potentially high intelligence value.  This information is stored “somewhere” in “some country” and can be accessed by “someone.” Vagueness aside, consumers tend to assume that these companies protect their data’s confidentiality and integrity if only out of commercial interest. This is what users choose to believe.  Even if that were the case, there is no absolute guarantee that one day in the future this data wouldn’t fall into the hands of hackers, a foreign intelligence agency or an authoritarian regime.

With Predictive Profiling, we want to understand the various angles that represent an individual’s identity and intentions, assessing if these correspond with what we consider a credible reason to confirm a person’s good intentions and then eliminate the possibility of an individual posing a threat. We could apply these same principles for testing trust in a mobile app to process our data.

When applying principles from Predictive Profiling to assess apps such as “ToTok” one should approach these apps from the same predictive point of view with which one would approach an individual: how long has this app been around? What is known about it? Where was it published? What does it claim it does?  Does its functionality resonate with the information it collects? Such questions could give a good indication of the legitimacy of that mobile application and reduce the risk of downloading a spying tool designed by a foreign intelligence agency or criminal organization to collect your data.

However, even when we are able to answer all questions surrounding a given app and can confirm that we are dealing with a legitimate commercial party, we still have to accept the fact that by using an application, we give up total control and understanding of what happens to the information collected by that app. With that in mind, we can only advise you to carefully consider what apps you use, what information you process on your mobile device and to always keep in mind that one can never assume full confidentiality and integrity of the information processed by mobile apps.  That’s just the way it is.

J. Van Amstel, Guest Contributor.


Learn all about Predictive Profiling from the folks who created it – join our seminar in Stockholm on April 20-21. Link to full info here.

Leave a Comment



15 + seventeen =