Smartphone Security

Ponemon Institute is pleased to present the findings of the Smartphone Security Survey: A Study of U.S. Consumers sponsored by AVG Technologies. The goal of the research is to determine consumers’ perceptions about the potential privacy and security risks when using their smartphones. In addition, we wanted to learn if participants in our study care about these risks and if they take security precautions. We surveyed 734 consumers who are 18 years and older and own a smartphone.

Smartphone

smartphone


The risks that we address in our survey concern location tracking, transmission of confidential payment without the user’s knowledge or consent, diallerware (specialized malware unique to smartphones), spyware, viruses from insecure WiFi networks and others. What we learned is that most of the consumers in our study are using their smartphones without understanding that they are exposing their sensitive information to the risks listed above.


We also believe the findings of this study signal a potential security risk for organizations because so many consumers surveyed use their smartphones for both business and personal use. With business confidential information stored on these smartphones, organizations should make sure employees and contractors take appropriate precautions to secure such sensitive information. We also recommend that security policies state these precautions and ensure they are enforced.

Following are the most salient research highlights:
  • Eighty-four percent use the same smartphone for both business and personal purposes. The cross over of business and personal usage means much more sensitive and confidential data is at risk and suggests that the smartphone is with them most of the time. 
  • Sixty-six percent admit they keep a moderate or significant amount of personal data on their smartphones. Such personal data include email address, name, contact lists, photos, videos, anniversary and personal dates, music, 
  • Sixty-seven percent of consumers surveyed say they are concerned about receiving marketing ads and promotions. However, less than half (44 percent) are concerned about having a virus attack on their smartphone when it is connected to an insecure Internet network. 
  • In addition to using it as a phone, 89 percent use their smartphone for personal email and 82 percent use it for business email. A smaller percentage of consumers use their smartphones for financial transactions including payments. In fact, 38 percent of consumers use the smartphone to make payments and 14 percent use it for banking. 
  • Sixty-six percent of consumers have paid at least once for an item using their smartphone. In addition, 12 percent of consumers say they have experienced a fraud attempt vis-à-vis a mobile payment scheme. Despite this fact, only six percent say they check their mobile bill or statement every month and eight percent check the statement when the bill is higher than usual. 
  • Fifty-eight percent of consumers say that based on how they used the smartphone for purchases, Internet browsing and location they were targeted by marketers. Accordingly, 67 percent say they are very concerned or concerned about aggressive or abusive marketing practices. 
  • Despite security risks, less than half of consumers use keypad locks or passwords to secure their smartphones. In addition, only 29 percent of consumers said they have considered installing an anti-virus product to protect their smartphone. 
  • Forty-two percent of consumers who use social networking apps say they allow smartphone versions of well-known social networking applications such as Facebook to access the same key chains, passwords and log-ins that they use of their desktops, laptops or tablet. 
  • Only 10 percent of consumers say they turn off Bluetooth “discoverable” status on their smartphone when not in use.
Key Findings

In this report we have organized the findings from the study according to the following topics: Consumers’ use of smartphones, consumers’ awareness about the security risks that accompany their use of smartphones, scenarios that illustrate potential smartphone security risks and how consumers are or are not managing these risks. Consumers’ use of smartphones Most consumers use their smartphone for both business and personal use. Forty percent use their smartphone for business and personal use equally and 25 percent use it for personal but some business use (Bar Chart 1). Only 6 percent of consumers surveyed use their smartphone exclusively for business.

Bar Chart 1. What best describes your smartphone use? 

 

Despite using the Smartphone for personal use, 34 percent say their employer purchased the smartphone and pays all monthly charges. As shown in Bar Chart 2, 35 percent say they purchased it without any reimbursement. 

Bar Chart 2: Who purchased your smartphone and who pays the monthly service fee?
 

Smartphones can perform a wide range of tasks. However, the most popular use next to the phone is business and personal emailing. The most popular smartphone uses are checking both personal and business email, using it as an address book, texting, Internet browsing, storing or moving data, obtaining and viewing documents, as a calendar and listening to music (Bar Chart 3). Least popular are banking, travel assistance and video conferencing. (For a complete list of tasks, please see Q. 24 in the Appendix to this paper.) We suggest this finding may indicate why many in our study are not concerned about the security risks. Because consumers believe its primary use is as a phone or to email they may think (incorrectly) that there are negligible security or privacy risks. 

Bar Chart 3: Tasks that consumers do on their smartphone 
 

As reported in Bar Chart 4, 66 percent have paid for an item via their smartphone once, irregularly (once every two months) or regularly (maybe once a month). Fifty-one percent were surprised that they were charged for a service of product they signed up for. 

Bar Chart 4: Key questions about smartphone use Each bar defines the percentage yes response 

Consumers store confidential information on their smartphones. Sixty-six percent (40+26) of consumers store a moderate or a significant amount of personal data. Bar Chart 5 shows that only 11 percent say they do not store personal data on their smartphone. 

Bar Chart 5: How much personal data do you store on your smartphone? 


by: Meyda Azzahra