Wisdom for Your Devices (1)

Knowing that he will have to carry his gear everywhere he goes, the soldier ensures that every single item he packs in it is mission-essential; he can’t afford any ounce of weight that isn’t critical to his survival on the battlefield. Literarily, every item in his gear can save his life at some point; those things that can’t will have to stay off, because in wartime, needs are defined by absolute necessities.

Unfortunately, we have not packed our devices for smart warfare, we have stuffed them with nice little things that not only have no bearing on the mission, but even have tendencies to get us hit. When it comes to installing applications on your device, you must realize that you are packing your gear for war. Every additional app you install, no matter what it does, actually broadens your attack surface. Let me explain. Picture a phone that has zero applications installed on it, all it has is its operating system; any exploit that an attacker will carryout on that phone must come from a vulnerability that he finds on the operating system—that’s the only window he has. Now let’s install a communication app on the phone; the attacker can launch an attack by seeking and exploiting vulnerabilities on the operating system and the communication app. He now has two windows—the attack surface has broadened. Add a third app, three windows. A fourth app, four windows. Every additional app actually broadens the potential attack surface. Thus a device with no app on it is technically safer than one with five, and that with five is technically safer than that with ten, all other things being equal. In battlefield language, your behind is potentially further exposed with each additional app you install. But you certainly will not carry a phone with no application on it any more than a soldier will carry a gear with no item in it. So how must you then pack your device? Two principles come to play here—the Principle of Least Functionalities and the Principle of Least Privileges.

The Principle of Least Functionalities

Like I said, you must choose your apps the same way a soldier will choose items for his backpack, and the question to ask is this: “Is this application mission-essential? On a scale of 0 to 10—10 being the highest—how critical is this app to my overall mission?” The Principle of Least Functionalities demands that you install only the least amount of apps necessary to perform mission-essential functions—whatever your mission is. If the answer to the essentiality question is No, Low, or Maybe, then the app is best left in the app store.

The Principle of Least Privileges

This demands that after you have installed the least amount of apps you need for mission-essential functions, you go a step further to give these apps the least amount of privileges or permissions they need to carryout those functions. Typically, by default, apps will request all the permissions in the world, including permission to control your life—which is hardly ever listed but almost always granted. But note that there’s a difference between the permissions an app requests and the permissions an app requires. Almost in all cases, the requested permissions are usually far more than the required permissions. The Principle of Least Privileges implies that you will only grant that app the permission it needs to perform the function you need it to perform, every other permission must be denied.

You can always tell when an app shouldn’t need a requested permission to function by simply assessing what the app is meant to do. How many times have you downloaded an app, say a calculator app, and when you run it it tells you, “Calculator needs permission to make and manage phone calls”? No way! What in the world does Calculator have to do with making and managing phone calls! Such permission is completely disconnected from the task the calculator is meant to perform and thus should not be granted. Some apps stubbornly insist that you grant such unrelated permissions before you can use them; there’s only one thing to do with such apps—delete them! Get rid of them and look for alternatives that would perform the required function without requesting unreasonable permissions.

Now, before we wrap this up, another thing you might want to check when downloading an app is the app’s size-to-function ratio. For instance, an app that is meant to function as a basic calculator shouldn’t be anything larger than 20MB in the app store, as a matter of fact it should be much smaller. If an app has a very high size-to-function ratio, then that app is doing more than advertised. If our Calculator app is 80MB, then you wouldn’t want to know the other things it is calculating! Don’t download such apps; if the size is significantly out of proportion with the intended function based on your commonsense assessment, leave the app alone, it’s safer in the store than on your phone.

 

Marching Orders

  1. Harden your device. Go through your list of installed apps and ask yourself the essentiality question—“On a scale of 1 to 10 how critical is this app to executing functions that are essential to my mission?” You should review the tenancy of any app on your device that doesn’t make an 8. By deleting such apps, you will be further shrinking your attack surface and be saving your gear from unnecessary clutter.
  2. Carryout a permission audit. Go through every single app installed on your device and check the permissions granted. Identify the allowed permissions that have no direct correlation with the function of the app and deny all such permissions; only allow permissions that are directly connected to function. If you encounter stubborn apps that insist on having unrelated permissions before they work, uninstall them completely and replace them with alternatives, if they are mission-essential.
  3. Periodically implement these principles—Least Functionalities and Least Privileges—to ensure your gear is battle-ready.
  4. Finally, as always, sound the battle cry to those around you—“The extra app in your gear could be an extra exposure in your rear.”

Leave a Reply

Your email address will not be published. Required fields are marked *