I'm a developer, but I've never touched mobile dev at all. Could you clarify what "running in the background" means here? I see it come up a lot and I'm never quite sure.
Specifically, if I have an app installed, but it's not open in any way (e.g. in iOS I double tap home and swipe up on the app's window to close it) can the app still run any code? Am I safe from these "background" vulnerabilities as long as I aggressively kill apps that I'm not actively using, or is simply having the app installed enough to let it run a certain amount of code on my device?
They can if given permission to. For certain apps in iOS it’s usually an application asking for location permissions without a real good reason for it, that’s why (in my opinion) it seems like weather apps are some of the worst offenders for this stuff, as it makes sense to give it location permissions. There are other permissions that can be abused as well, but location is the dead give away.
I can’t speak to Android as it’s been a long time, but iOS is pretty strict about what you can and can’t do in the background. There are certain events that will “wake up” an app, even one that is killed. You’re not necessarily safe if you have a bad app installed and kill it. I usually just recommend avoiding free apps that seem super heavy on ads. Because the ad framework is likely abusive, even if the developer didn’t intend it.
Thanks. That's pretty unfortunate. I guess I'll just be event more aggressive about denying permissions requests and uninstalling any app I don't have a good reason to keep now.
Specifically, if I have an app installed, but it's not open in any way (e.g. in iOS I double tap home and swipe up on the app's window to close it) can the app still run any code? Am I safe from these "background" vulnerabilities as long as I aggressively kill apps that I'm not actively using, or is simply having the app installed enough to let it run a certain amount of code on my device?