CybersecurityIdentifying ways to improve smartphone security

Published 31 October 2014

What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.

Malware written for smartphones increases in scope and volume // Source: pixnet.net

What information is beaming from your mobile phone over various computer networks this very second without you being aware of it?

Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission.

Smartphones and tablets used by today’s consumers include many kinds of sensitive information,” says Ninghui Li, a professor of Computer Science at Purdue University in Indiana.

The apps downloaded to them can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue.

An NSF release reports that Li, along with Robert Proctor and Luo Si, also professors at Purdue, lead a National Science Foundation (NSF)-funded project User-Centric Risk Communication and Control on Mobile Devices, which investigates computer security. The work pays special attention to user control of security features in mobile systems.

Li, Proctor, and Si believe they may have a simple solution for users, who unknowingly allow voluntary access to their personal data.

Most users pay little attention

Although strong security measures are in place for most mobile systems,” they write in a recent report inthe journal IEEE Transactions on Dependable and Secure Computing, “the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device.”

Most users pay little attention, say the researchers, to unwanted access to their personal information. Instead, they have become habituated to ignore security warnings and tend to consent to all app permissions.

If users do not understand the warnings or their consequences, they will not consider them,” says Proctor, a Distinguished Professor of psychological sciences at Purdue.

If users do not associate violations of the warnings with bad consequences of their actions, they will likely ignore them,” adds Jing Chen, a psychology Ph.D. student who works on the project.

In addition, there are other influences that contribute to users ignoring security warnings. In the case of Android app permissions, of which there are more than 200, many do not make sense to the average user or at best require time and considerable mental effort to comprehend.

Permissions are not the only factor in users’ decisions,” says Si,