Protecting your information and data when using applications
Sourced by: Canadian Centre for Cyber Security
Applications (apps) are software programs that provide the functionality to enable you to be connected, productive, creative, and entertained. You can choose from millions of apps and install them on most of the devices you and your organization rely on like cell phones, computers, tablets, and Internet of Things (IoT).
Many popular apps, like Facebook, Google Drive, and TikTok, are used by individuals and organizations for social connection, marketing, and recruitment. Given that apps are widely available and often offer free trials, it can be easy to download them without considering the security risks, like what information is being collected, stored, and shared. For example, some apps such as location-based apps, aren't designed to share data, but have a data sharing feature that collects personally identifiable information (PII) about the user and their devices. This publication provides guidance on how individuals and organizations can minimize the extent of personal and corporate information they may share with apps.
What information can apps collect?
There's a great deal of information that an app can collect from users and their devices which can be associated with an individual. The United States National Institute of Standards and Technology (NIST) Special Publication 800-122 provides examples of PII as either:
- Information that can be used to distinguish or trace an individual‘s identity (e.g. name, biometric records, and social insurance number).
- Information about an individual that is linked or linkable to their identity (e.g. home address, medical, financial, education, and employment information).