Each day it seems there are more apps allowing users to harness the power of artificial intelligence (AI) to do everything from answering questions to altering photographs. If you’ve enjoyed experimenting with them you might not have thought much about security.
But should you?
Technology experts say there can be risks in downloading any kind of app. To load the software you must answer questions and provide access to your device’s information such as your location, contacts, and even screen recording capabilities.
Josh Davies, principal technical marketing manager at cybersecurity software and services provider Fortra, points out that even legitimate apps will ask for these permissions because they are required to perform core functions. He says people are used to the drill but may not be mindful of how the access can be abused to obtain your data, monitor your locations, or spy on your activity.
“Another common objective is to steal a phone’s computing power for the malicious actor’s benefit, like crypto-jacking to mine cryptocurrency, or the more recent proxy-jacking which sells your phone compute to users wishing to hide their location/IP address,” Davies told ConsumerAffairs.
How to stay out of trouble
With developers rushing to get attention for their bots, it can be hard to tell the good guys from the bad guys. Davies says it’s very easy to download an illegitimate app that’s masquerading as a helpful new AI tool.
Davies offers these tips for staying out of trouble:
Look at the ratings and reviews, but be wary of fake reviews left by bots. These should stand out as generic, unspecific, repetitive and/or written with poor grammar or spelling.
Review the permissions and data requested. Is it necessary to give access for the apps functionality? Is it proportionate? If you do allow permissions, it’s best to select “allow only when using this app” unless there is a legitimate reason to allow persistent access.
Always ensure your device and apps are up to date. Updates include security patches that fix discovered vulnerabilities.
Only download from trusted app stores. Apple has an approval process with controls and checks over what apps they accept in their store, meaning they tend to host fewer malicious/fake apps. Whereas Google allows anyone to host on their Play store and removes apps retrospectively.
Read and review information on the company and pay attention to logos or names that could be spoofed to appear very close to those of a trusted company.
AI in search
Consumers may also come in contract with AI through search engines. Bing recently incorporated ChatGPT 4 into its search functionality, allowing users to access the latest version of ChatGPT without having to pay for a premium subscription.
Eric Enge, president of Pilot Holding, recently tested Google’s Search Generative Experience (SGE). He says the user experience differs slightly from that of Bing Chat. One of the main differences is SGE provides more information and context to the query than the regular search would.
“Overall, I find the experience pretty good,” Enge wrote on Search Engine Land. “I get SGE results a bit more often than I want. (Although other people may want a different balance than what I’m looking for.) I expect Google will be tuning this interface on an ongoing basis.”