Thursday, August 15, 2013

License to steal

theScore is a popular app for your smartphone or tablet, providing sports news and information.  FYI, if you install the app, you agree to give theScore permissions to:
  • Add or modify calendar events and send email to guests without owners’ knowledge
  • Read calendar events plus confidential information
My guess is that most of the people who install the app are not aware that this is a license to steal your identity and your employer's trade secrets.

Be assured, however, theScore has no such evil plans.  This was posted in Twitter by Kenny @ theScore:
"We realize the permissions don’t sound the best, but this is how Google makes them sound in the Play Store.  In the new app, in order to properly add a team’s, or event’s calendar event to your calendar we were required to ask for [all these] permissions...  I can assure you these are only to improve the experience of the app."

I am NOT assured!  I have not installed the app.  Instead, I have bookmarked ESPN in Chrome so I can get the scores I want on my smartphone without exposing me, my employer, my friends and my family to dire risks.

Trusted but untrustworthy apps running on users' laptops, smartphones and tablets have the potential to be Trojan horses when they have access to corporate networks and services (e.g., Exchange email).  My guess is that most of the people who are championing "bring-your-own-device" (BYOD) in the workplace are not aware of the risk.

No comments: