Warning: Games like Candy Crush can be used for data harvesting
New Delhi: Free mobile and Facebook apps as well as games such as Candy Crush, Ludo and Chess can be potential tools for data harvesting, say cyber security experts, warning internet users in India against the seemingly innocuous everyday pastimes.
The warning comes as debates on data privacy intensify following social media giant Facebook's reported data breach by UK-based analytics firm Cambridge Analytica to influence elections and market campaigns.
"There are a lot users who play games like Candy Crush, Chess, Ludo, or other war games like Mini Militia. Some people click on 'free' apps like 'How would you look 30 years from now' and all that stuff.
"But we must remember one thing. Nothing is free in life. If you think the product is free, sorry, then you are the product!" leading cyber security expert Jiten Jain said.
India's "most active" smartphone users spend four hours a day on mobile apps, according to an article on the website of the International Telecommunications Union (ITU), the UN's specialised agency for information and communication technologies.
Indians also downloaded 6.2 billion apps in 2016, up from 3.6 billion in 2015, as they led the field in the "most time spent" on Android devices by clocking 145 billion hours, it added, indicating the massive spread of mobile phone applications and games in the country.
Several apps on mobile phones and Facebook use data harvesting techniques and take users' consent in terms and conditions to access their data, including name, age, 'likes', friends and messages, posing a threat to privacy, cautioned Jain.
"Data harvesting" is the process of extracting large amount of data for analytics by "consent" of the user, sometimes even by tricking them, Jain said. "Data theft", on the other hand, is the unauthorised use of that information for commercial or any other purpose, he explained.
Data harvesting, Jain elaborated, is mostly by some sort of consent, while data theft is largely by unauthorised access or hacking into a user's profile or device.
It is imperative that data subjects become vigilant about their privacy while visiting a website, added Jaspreet Singh, partner, Cyber Security, Ernst & Young.
"Users should make sure they are validating the terms and conditions of any personal information provided online especially on social media," he said.
Read privacy policies of websites and understand how they may use or share their personal information in the future, Singh said in his "advisory". Users should also be wary while sharing their location on the internet.
"Web cookies are used to de-anonymize a user and track their activities online. Users may use private browsing or browsers with add-ons to block monitoring using cookies," he said.