Three Common Misconceptions about Mobile Security
Most people who have a smartphone view it as a lifeline. Studies show that a person has more anxiety about losing their mobile device than their purse or wallet. This anxiety even has a name – nomophobia, or “no mobile phone phobia.”
Nomophobia is the fear of being out of mobile phone contact, and in a sense it’s entirely reasonable. Your little device is not just a lifeline to the rest of the world – it’s also a repository of sensitive information that’s valuable to us – our photos, our carefully curated app and music collections, our contacts, details on our birthdays and anniversaries, our daily schedule and more.
It contains the record of our lives—who we’ve communicated with, what we searched for, what we’re interested in, even where we were and now are. For me, my phone even knows my health profile and sleep patterns. It retains every little personal action, and it’s there for retrieval at any moment.
And of course, that little gadget gives us access to almost all of our financial information. The Federal Reserve says half of all Americans with a smartphone are accessing bank accounts using the devices, and one in five has carried out a mobile payment in the last year.
So why is nomophobia so real? Access to most of our financial records and history is just a click away. With mobile security at the forefront of the issue, nomophobia now has dollar signs all over it, and that can be a scary thing.
Your mobile device knows so much about you, but is the relationship reciprocal? How much do you really know about your mobile device? Where has its data been? What has it been doing, and with whom?
It’s no question that losing your mobile device can be nerve-racking. But, if you would like to get to know more about your mobile device, here are some questions you might ask:
- Do you know where every app on your device came from? Was it a trusted app store?
- Do you know who the developer was?
- Do others, such as your kids, have access to your device, and can they download apps?
- Do you know which networks your devices connect with automatically? Have you made sure they’re secure?
- Are you using all the security features of your device effectively?
- Is your password strong?
- If your device offers biometric authentication, do you take advantage of it?
- Do you know what data your apps share, and how they do it?
As you think about your relationship with your mobile device keep this in mind: Your personal data, voice and camera features, and location-based services—among other features–continuously enable innovation. The data your mobile devices collects leads to greater personalization, which benefits each of us personally. These assets are used to develop new and more creative services. For example, beacons can be used to enhance branch or event- based experiences through mobile engagement.
Fintech players, like Digital Insight, are excited about where this technology can take us, and want customers to engage with confidence and know that their information is safeguarded.
But, you may be surprised to learn that some of what we believe to be true related to mobile security may only be part of the story.
So let’s take a look at three misconceptions and some insights that start to paint a more complete reality:
- iOS Apps are generally safer than Android Apps.
Both Apple and Android have the same level of vulnerability when it comes to enterprise apps. Hackers may use social engineering techniques to lure employees to a “pop up” app store. This store, at quick glance, would look exactly like a company’s real app store. Employees would be prompted to download an app but are unknowingly downloading a malicious app to their device, regardless of whether the device is jailbroken or not.
And Credit Union Times published an article in April, focused on social engineering based attacks “going corporate”, fraudsters focusing more on businesses and their employees, rather than consumers.
- Malware is the biggest threat to mobile security.
The truth is malware isn’t the only threat around. I recently read about apps that hijack the voice and camera features of a device to record voice and video without you knowing. Creepy.
Without thinking, we give our apps access to all kinds of data, and once that’s out there it can land in the wrong hands. When we download apps, they sometimes ask us for various levels of permission? Too many of us just hit, “yes”.
So ask yourself, why would something like a flashlight app need access to any of my data, like my location? It only needs access to the light associated with my camera, right?
Don’t be fooled by the eye candy. For every app you download, check out the developer, check the reviews, pay close attention to the data that’s shared, and how the app safeguards that data.
- Big Names Are Safer.
Brand recognition is usually a good indicator, but accessing big brand names may run counter to default protections. Did you know the Amazon App store is not recognized as a trusted source for non-Kindle/Fire Android devices? To download an app from the Amazon App store, a user must uncheck a protection mechanism that Google put in place. This disarms a key security layer. If you then happen to go to another unknown or untrusted source for an app, you would no longer be warned.
In short, this is just another case where the device doesn’t need to be jailbroken or rooted but becomes more susceptible to malicious apps.
So what’s the bottom line? The mobile genie is not going back in the bottle, and it shouldn’t. Google just announced that mobile search has officially surpassed desktop search in 10 countries, including the US. This is a great thing—it represents convenience, personalization, instant gratification and a whole lot more. But let’s not forget that there is no free lunch. The cost of these benefits are that we need to continually educate ourselves on the risks and mitigations.
Kristen Bernard is a Senior Director, Product Management at Digital Insight. In this role, Kristen is responsible for leading strategy and product management for Digital Insight’s Retail Banking Solutions across the web and mobile channels, and the Platform Services that power those offerings.