Homeowners and residents of condos! You may find that management in your community has decided that they want to introduce and install onto your phone that you paid good money to buy, an app (or APP as the Taiwanese erroneously like to write) to facilitate communications, receive packages and access services within your gated community.
Here’s the problem. This is a risk to your information security. Do not install these apps. As these apps require access to the Internet, they may have vulnerabilities that may compromise the information on your device.
These apps are primarily developed in one of two ways. As you probably are aware, communities aren’t exactly big budget enterprises, so it is likely that app development is not done in house and instead, outsourced to what is likely the lowest bidder. This could be contracted to an individual (person or small business) or a company with an already finished ready-to-go product.
Both of these are bad for different reasons.
If contracted to an individual person/business for a custom solution, knowing the locals in particular, updates in general, including security updates will be few and far between, because software development costs money. They may update when the app no longer works on new phones, but that’s likely it. As long as the system seems to work, then they will not be incentivised to update it.
If the app is purchased as a ready-made product; just simply tweaked slightly to add the name of the community, then it is likely that numerous other people may be using this code nationwide across numerous households, while on average having fewer vulnerabilities, it also allows an attack to scale very easily, resulting in a huge payload for bad-faith actors.
Don’t install these apps on your phone. Always insist on paper! This is attempted convenience at the expense of your safety!