Can an app exploit my wifi network and steal my info?
Low chance doesn't mean no chance!
Earlier this year, during TikTok’s congressional hearing, one question got everyone’s attention for the wrong reason.
The question, of course, was Congressman Richard Hudson’s “Does TikTok access the Home Wifi Network?”– addressed at TikTok CEO Show Zi Chew.
Predictably, the internet went wild. Many online commentators mocked how Hudson didn’t seem to understand something as commonplace as Wifi. TikTok creators lambasted the congressman.
But in all seriousness, that question was actually just the first of a two-parter.
Hudson’s real concern was this: Could Tiktok access other devices also connected to the same WiFi network?
So what’s the answer?
According to TikTok’s CEO, the app ‘doesn’t do anything beyond industry norms,’ and goes on to say that he believes that the answer is ‘no’.
What are ‘industry norms’?
Well, mobile apps like TikTok typically operate within a sandboxed environment, meaning they are restricted to their own operating space and data, with limitations set by the operating system on what they can access.
These restrictions include not being able to access data or functionalities from other apps unless explicitly granted permission, and certainly not being able to access other devices on the same network.
But that’s not the only restriction.
On both Android and iOS, apps must request permissions for various types of activities. Network scanning or interaction with other devices would require special permissions that are usually not granted to standard consumer apps.
If they’ve been uploaded on Google's Play Store or Apple's App Store, they also go through a review process that's designed to catch malicious behaviour, including unauthorised network access.
Finally, modern operating systems and routers typically have built-in firewalls and other security measures that prevent unauthorised network scanning or interactions.
That said, the Chances Are Low… But Never Zero
Now, don’t get complacent. It is still possible for an app to maliciously access other devices on your network. Yup, you got that right.
For example, some specialised network tools and VPN apps may request network permissions that could in theory be misused, although reputable apps in this category are designed to enhance, not compromise, security.
Here’s what is most likely to compromise your security instead
Apps downloaded via official app stores might be safe, but their unsanctioned third-party counterparts are not.
These apps bypass the regular review process and could potentially contain malicious code or malware. If your phone is infected with these, it could attempt to perform unauthorised activities, potentially including network scanning or attacks. Another common culprit is outdated software.
You see, software vulnerabilities in old versions of apps or operating systems can potentially be exploited to perform unauthorised activities – that’s why companies are always repeatedly nagging you to update your software!
For example: Most recently, Apple just released a critical security update ahead of the release of the iPhone 15. So, it’s unlikely a single app can compromise your network – as well as the other devices connected to it – but you can never be too sure.
That said, to reduce the likelihood of being hacked doesn’t take too much effort.
How do you keep yourself safe? Well, from what we’ve written above, it’s pretty straightforward.
-
Stick to official app stores and trusted developers. We cannot stress this enough, someone lost $50,000 after downloading a third-party app promising her delicious durians.
-
Update your software regularly. With the latest versions to patch any known vulnerabilities. Old is certainly not gold in this regard.
-
Be cautious when granting permissions. If an app asks for permissions that don't seem necessary for its functionality, that's a red flag.
For extra security, there are also some simple things you can do to secure your home WiFi network to ward off intruders. For example:
Create a strong WiFi password and change it often. This seems like a no-brainer, but there are still people out there using terribly easy passwords. Common culprits include: “password123, p@ssw0rd123, p4assw0rd” – you get the idea. Other easily guessed passwords are someone’s name, birthday, phone number or other publicly available information.
Want to level up your security? Use a passphrase instead of a password.
Use WPA3 encryption on your WiFi network. WPA3 is an improved version of older encryption methods, such as WPA2 and WEP; the latter are more susceptible to attack. Finally, be extra cautious with public WiFi and unsecured networks. These networks are more vulnerable to various types of attacks. Use a VPN when necessary and avoid entering sensitive information when connected to a public network.
Hide Your WiFi Network. In combat, there’s cover and concealment. If ‘cover’ in WiFi terms means a strong password and encryption method, then concealment is about avoiding detection by bad actors. A hidden network won't show up in the list of available networks, making it less likely to be targeted. How can you do this? It’s relatively simple. Simply disable SSID broadcasting in your router's settings. When you’re out of sight, you’re also out of mind.
Remember – when it comes to internet safety, prevention is infinitely better than cure!