Are your apps acting creepy? New approach to phone security could tip you off

Whether an app is malicious or simply using your data in a way you don't like, phones with a new Qualcomm chip will alert you.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

So you've clicked "Accept" on the terms of a brand new app. Are you hearing that little voice that asks, "What's this thing going to do with access to my camera, contacts and location?"

That little voice -- most likely it's your common sense -- might just get some answers in new smartphones in 2016. If they contain a Snapdragon 820 processing chip made by Qualcomm, they'll have a built-in capacity to track your apps and tell you when they're acting strange. The company calls it Smart Protect.

That's good news in a marketplace full of apps that could be trouble in disguise, and might restore some trust in many apps when news of their dangers is mounting.

Enlarge Image

Qualcomm's Snapdragon 820 processor will let phone makers and antivirus apps tell you when apps are acting shady. In this mockup, it found an app was spying on the user.

James Martin/CNET

Take flashlight apps, which security researchers have long looked askance at for the excessive access they demand to mobile users' information. Cybersecurity company SnoopWall published a list of the top 10 Android flashlight apps in February, showing they all had the ability to take videos and photographs with your phone's camera.

SnoopWall went so far as to suggest you uninstall your favorite flashlight app, fully reset your phone, and live your life with a piece of duct tape over your phone's camera when you're not using it.

Alternatively, you could "pull the battery out of your smartphone when you are not using it," the company's researchers wrote. This is despite the fact that we only know that the apps have the ability to access our cameras, not that hackers are most certainly doing it right this second.

Qualcomm is hoping there's a better way. If you were using your flashlight app, for example, and then closed it, a phone with the company's new processor could watch to see what happens next. If the app started sending out your location and silently taking photos, an alert would flash across your screen.

Then it would be up to you to decide what to do next.

The phone could also alert you that installing an app would trigger something really bad, like ransomware. That app would lock you out of all your files, jumble them up, and refuse to give them back unless you paid some money.

Finally, even a perfectly respectful app that wouldn't dream of violating your privacy could become compromised by hackers; the processor could catch that, too.

Qualcomm isn't running the whole show here. It built this capacity into its new processor, but it's up to either phone manufacturers or antivirus mobile apps to build up a program that uses this capacity. As a result, the level of detail users receive about their apps might vary.

So far, three antivirus companies -- AVG, Avast and Lookout -- are publicly on board to implement the app monitoring program. Phone companies themselves will be announcing if they've decided to build their own program based on the processor's abilities, according to a Qualcomm spokeswoman.

Qualcomm beefs up Snapdragon 820 with extra malware protection (pictures)

See all photos

Many security apps already monitor other apps for bad behavior. Spyware is one, and these apps send users frequent notifications that apps you might not even realize were running are sending your information all over the world. They also flag "risky permissions" that might go beyond the scope of what the app really needs.

Qualcomm's experts say the difference is that smart hackers can dupe most security apps, but it's much harder to fool something that's running deep in the phone's processor. Asaf Ashkenazi, who develops products for Qualcomm, compares it to the human brain. If someone covered your eyes, you wouldn't see what mischief is going on around you, but you'd know something was wrong, he said.

"Apps have a limited ability to see what's going on," Ashkenazi said. "Qualcomm sees all of this."

The question remains whether having more information about app activities will be empowering or discouraging to mobile phone users. SpyAware, for example, notifies you when the apps of major services like Google Play services on a Samsung Galaxy phone.

It offers up a bright red button that says "Take Action." But pressing that button leads to a screen that says, "Factory installed. This app cannot be uninstalled." SpyAware lets you file a complaint to the Federal Communications Commission directly, but Joshua R. Rich, the director of products at Privacy Sentry, which makes the SpyAware app, noted that regulations over app permissions don't actually exist yet.

"The complaints could help gather political momentum to make regulatory change," he said.

Watch this: Qualcomm beefs up phone security with Smart Protect platform