How CISA Says to Protect Smart Devices from Bad Apps

Jevanto Productions/

The agency has some new tips to share around securing personal devices.

The Homeland Security Department’s Cybersecurity and Infrastructure Security Agency published security tips Tuesday to educate users on how to best protect themselves against threats from applications installed on their smartphones and other personal devices. 

“When you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device,” the agency warns. “[Y]ou should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.”

According to CISA, it’s imperative that users ensure they are downloading apps solely from legitimate sources, and specifically on official app stores. Users should also read the apps’ permissions and privacy policies (which are frequently extensive and dense). 

“Consider foregoing the app if the policy is vague regarding with whom it shares your data or if the permissions request seems excessive,” CISA notes in the tips. 

Users should also re-assess the permissions and policies of the apps already installed on their devices, stay on top of software updates and delete apps that aren’t frequently used. It’s also smart to restrict permissions around users’ location data and whereabouts. 

“Some apps have access to the mobile device’s location services and thus have access to the user’s approximate physical location. For apps that require access to location data to function, consider limiting this access to when the app is in use only,” CISA said. 

They should also shut off Bluetooth setting when they’re not using the tech. 

And if smart-device users want to further enhance their security protections, CISA recommends against accessing apps or sites that store personal information while on public Wi-Fi networks or while charging their phones on stations they do not control. 

“Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways you may not anticipate,” CISA warns. “For example, a malicious computer could gain access to your sensitive data or install new software.”

The agency also advises users to set passwords or biometric identifiers, to ensure their devices can’t be unlocked if they’re stolen.