What are Less Secure Apps?

What are Less Secure Apps?

By:
On:Sunday, 26 January, 2020

We rarely stop to think about the functionality underpinning the apps we use on a daily basis.

Whether you’re addicted to Rightmove, constantly checking BBC Sport or a religious user of Spotify, your smartphone is probably home to dozens of third-party apps.

They’re defined as any software not pre-installed on the device, such as manufacturer apps (often known as bloatware) and essential services like your network operator’s account app.

Recent statistics suggest only three per cent of UK smartphone users rely entirely on these pre-installed apps.

Until now, apps downloaded from Google’s Android operating system haven’t had to clear as many regulatory hoops as those available through Apple’s walled-garden iOS.

This has historically given Android users a broader spread of niche apps, albeit with lower overall levels of security.

However, that may be about to change, following a little-publicised but potentially significant revision to the way apps will be allowed to access user data.

Taking the OAuth

Until now, apps have been allowed to access individual users’ Google accounts using only a username and password.

These are known as Less Secure Apps, or LSAs.

Following high-profile data thefts from firms like Yahoo, a username-and-password combination clearly isn’t always sufficient to keep user data secure.

In the face of endemic account hijacking attempts, and with databases of private passwords for sale on the Dark Web, many people believe basic password logins should be abolished.

And it seems Google agrees.

They recently announced changes to the way in which apps are allowed to function for any users holding a G Suite account – effectively, all Google account holders.

Less Secure Apps will be forced to adopt a new additional verification security method known as OAuth 2.0, introducing a digital key for greater end user security and safety.

When is this happening?

Google announced just before Christmas that new apps will be blocked from June of this year, while access to all Less Secure Apps will be turned off by mid-February next year.

Developers of third-party apps are being urged to improve their security to the latest OAuth standards, which involves a level of technical complexity we won’t outline here.

For consumers, it might simply mean LSAs can’t be installed from June onwards, and are likely to stop working altogether next year if they aren’t upgraded.

Since many app developers operate on limited budgets, they may not wish (or be able) to bolster their security to the necessary levels.

And since developers are under no obligation to advertise their intention to withdraw an app, installed Android software might simply stop working at some point during the next year.

However, it’s worth bearing in mind these changes are being implemented to improve consumer safety.

If an app isn’t secure, you probably shouldn’t be using it in the first place.

Back To Top