Why App Security Matters for Churches
Confession: When I was in high school, I was a bit sneaky. As Christmas approached and presents gathered underneath the tree, my anticipation would get the better of me. While my parents were away, I would surgically slice through the clear tape with a hobby knife and unwrap each newly arrived gift. Once I saw the contents of the present, I would carefully rewrap the gift, meticulously placing a new piece of tape of the same length over each previously existing piece. Once Christmas morning arrived, I would convince my parents of my surprise and astonishment. They never knew. (Sorry, Mom and Dad, if you’re reading this.)
Lack of Concern
My parents were oblivious to the fact that I was aware of each gift prior to Christmas morning’s arrival. They simply assumed that the contents of each gift were kept secret—they had no reason to believe otherwise. Unfortunately, many Christ-followers make a similar assumption when it concerns their data in mobile applications.
Discipled Church conducted a study last November where we surveyed churchgoers on various topics concerning the use of technology within churches and among their members. As you can see in the chart below, over half (53%) of those surveyed shared that they had very little concern about security, if any concern at all. Another 23% responded that they were somewhat unconcerned with only 23% expressing any concern whatsoever.
False Belief
Many users are unaware of the potential dangers of disclosing too much information on websites and mobile applications. They believe that their data is private and safe, and therefore, they share content freely. However, this is not the case.
Elon Musk, upon taking the helm of X (formerly Twitter), disclosed internal emails between former X executives confirming the “shadow banning” of conservative voices on the platform. (Shadow banning is the process in which a user is not aware that their posts are invisible to other users. It is a method of censorship where the party being censored is unaware.) TikTok has also been accused by multiple sources of shadow banning users. Furthermore, I have been informed by multiple pastors and leaders of religious organizations that their church or organization accounts have been proactively shut down by Facebook, citing that the organization’s content is against Facebook’s community standards.
Social platforms are also notorious for promoting content aligned with their worldviews. In this case, while a user may not be directly shadow banned, posts from other users are receiving more organic visibility.
Finally, there is a growing concern among conservatives that cloud providers such as Azure, AWS, and Google will begin to censor content within their networks, if not discriminate against it altogether. Amazon has already been accused of stealing data from competitors who are hosting their information on AWS (Amazon’s cloud) in order to launch competing products on its online marketplace. As a former employee of Microsoft, I can confirm that, while it is difficult, it’s not impossible to gain access to customer information if you have the right permissions. Because of these concerns, Franklin Graham has warned ministries of a potential threat to the cancelation of services among cloud providers and banks. He has, therefore, built a private data center for Samaritan’s Purse.
Your Data is Not Private
By using platforms like Facebook, there is a certain level of agreement within the terms of use. For example, Facebook may opt to use your photos to promote its platform and services. They may sell your data to advertisers. This is how the company makes money, and it does not matter how many “legal disclosures” you post on your personal feed. If you are using the platform, you have agreed to allow them access to your data within certain limits.
All platforms operate the same way—personal information is sold to advertisers for the purpose of showing highly targeted ads in order to generate revenue. Furthermore, this is not limited to the words you post. Platforms are also using artificial intelligence for image recognition. For example, if you are posting images of hiking, you are more likely going to see ads from outdoor companies. If you are posting images of sports-related activities, you will see an increase in advertisements for sports gear. Finally, voice-enabled devices (e.g., Siri, Alexa) are listening, but there is some argument to how much of that data is anonymous and retained for “training purposes.”
Nosy Neighbor
The intent of the above is not to scare anyone. It is simply to ensure that we are aware of how our data is used. Like in most things, there is a certain level of risk that one must manage when using these platforms. However, some very alarming news was shared earlier this week regarding Facebook.
Sources claim that Facebook has engaged in a cyber attack on users’ mobile devices. Known as a “Man-in-the-Middle” (MitM) attack, this type of infiltration describes the process of a third party gaining access to private information sent between two others. In such a case, while the information is intended to be secure, the perpetrator intercepts the information and decrypts it without either of the intended parties being aware. To understand this better, imagine a situation where you have asked your friend to house-sit for the weekend and, without your knowledge, they have made a copy of your key, thus allowing them to enter your home in the future without your permission. Or, imagine wrapping Christmas gifts without realizing that your mischievous son is opening them prior to Christmas Day.
The claim is that Facebook could have been engaged in this MitM attack as early as 2014—for almost a decade. If this is true, one can only imagine how much data was captured during this time. By using a platform like Facebook, a user is opting in to allow the social network to use their data. However, in the case of a MitM attack, they are not. If it is proven that Facebook is guilty of such crimes, it could be held liable for digital wiretapping, corporate espionage, and various other anti-trust violations.
A Believer's Response
We are not advocating that anyone boycott any app or organization—at least not at this time. The Church can even use platforms like Facebook, Twitter, and TikTok for God’s glory. However, we are suggesting two responses. First, consider what information is shared on social platforms. The Bible encourages believers to grow in knowledge and insight so they may be blameless (Philippians 1:9-10). In a single word, believers should practice discernment in what they share.
Second, because of the practices described in this article, Discipled Church is committed to developing safe and trustworthy platforms and services. We value your privacy. Furthermore, we understand that many of our future users will reside in countries hostile to believers. Therefore, we aim to protect the Church’s data because lives ultimately depend on it.