The recent media attention to malicious applicationsand AdaptiveMobile’s recent Global Security Insights for Mobile research highlighted some of the downsides associated with mobile applications, location-based services and mobile devices. However, whilst the blame often falls with the technology or service, essentially these are neither good or bad – it’s how they are used that poses the biggest threat.
With smartphones and applications making services instantaneous, persistent and location-conscious, we have to be aware that our identity and personal data is more vulnerable than ever. The thrill of trying out a hot new app or staying up to date on social networking sites leads the majority of users to ignore the annoying requests for permissions. But the majority of apps don’t need to access your location or your information, and many apps are not what they seem. Whether these are grey-market versions of legitimate applications that have added in Trojan features to capture user data; or ad-funded games where the location information is used to improve advertising effectiveness; users rarely understand when information is being passed from their phone, and who may eventually end up with this data.
Add to this the ease with which your character can be poisoned within your social networks – through apps consistently spamming your contacts highlighting how cheap you are to have taken an illegitimate unlicensed app rather than paying the £1 for the real version; or acting as a spam bot to promote malware sites through your twitter account – and the potential downside of social media and location-based services becomes clear.
The reality is that whilst users express outrage when they believe their data may not be secure, many are unwilling to protect themselves. AdaptiveMobile’s recent research showed that whilst two thirds of consumers hate apps leaking their data, 75% may be giving away their physical location when downloading them, with mostexpecting mobile operators to look after their security and personal data. Mobile operators have been very careful in defining how location data is used and have standards on location tracking, however the top Internet players aren’t as stringent. Therefore consumers need to be extra vigilant when allowing apps to access location information. With mobile threats becoming increasingly sophisticated and the increasing use of smartphones for social and location services, mobile operators need to realise that the traditional security practices are no longer sufficient.