By Adam Conner-Simons

Whether you’re using the same old phone, or you received a new smartphone as a holiday gift, the last thing you want to do is put yourself — and your personal information — at risk. Vitaly Shmatikov, professor of computer science in the Cornell Ann S. Bowers College of Computing and Information Science and at Cornell Tech, offers four tips to consider for smartphone app security as we head into the New Year.

Make note of where apps are from

Shmatikov cautions that you should only download apps from a legitimate app store, like Google Play or the Apple App Store. App stores have systems of vetting apps for ransomware — designed to access your files and hold them hostage for a ransom payment — and viruses that make it very unlikely, though not impossible, that they will be unsafe to download.

Permissions are a slippery slope

When you grant data permissions, you’re not giving your information to just that app. “You’re giving it to every advertising service that lives in the ‘ad libraries’ that that app uses,” Shmatikov says. Since there are typically dozens of ad libraries to whom any given app sells a user’s data, it’s important to be judicious in how many apps you use and give permissions to.

Android app permissions

Don’t share your location unless you have to

Be especially careful in terms of sharing your location with apps. Shmatikov says he only does so for map apps, and is particularly skeptical about weather apps — which are notorious for being packed with ad libraries. “Once an app can track your location over time, they can basically figure out where you live, where you work, where you shop and a lot of other things about you,” he says.

Upgrade your software

…and do so immediately. Shmatikov notes that hackers often take advantage of unpatched vulnerabilities in old versions of operating systems, and even in some newer ones.