Smartphones contain much of the same personal data that we store on our laptops. While most of us feel compelled to closely guard our computers, it's hard to feel the same threat of loss about a phone. From the time cell phones first came out, the worst we had to fear from losing, breaking or having a phone stolen was the cost of replacing it, the hassle of rebuilding a contact list and possibly a battle with the phone company over unauthorized charges racked up by a thief.
TUTORIAL: Stock Basics
Now, with smartphones, losing a phone can mean losing your identity, which is much more difficult to clean up. Here are the primary risks smartphone users face that can lead to personal and financial information falling into the wrong hands.
Lost or Stolen Phone
The simplest and most basic step everyone should take to protect a smartphone is to password protect it using a complex and unique password. A password should at least delay the time it takes for a criminal to access the data in your lost or stolen phone. That being said, it's not going to stop someone who knows what they're doing. For further protection, you should use data backup and wiping software that allows you to remotely back up and delete the contents of your phone if it's lost or stolen. However, a savvy crook can prevent you from using your remote wiping software by putting the phone in a Faraday bag or removing the phone's SIM card, if it has one.
Other apps that can help you track down a lost or stolen phone will let you remotely use your phone's camera to snap a picture of the thief, remotely force it to ring or sound an alarm if you've just noticed it's missing, or monitor your phone's location. Selling or recycling an old smartphone can expose you to the same threats as loss or theft. It's essential to wipe a phone's internal memory before you dispose of it. Often, you can accomplish this by restoring the phone to its factory settings. That being said, even properly wiping a phone, like wiping a computer's hard drive and memory, doesn't really get rid of the data. If you want to be completely safe, destroying your old device's memory is the only way to go. (For related reading, see 5 Overlooked Places Where Your Identity Can Be Stolen.)
Smartphone security company Lookout, which provides a security app for both the Android and iOS platforms, states that the use of malware and the number of users affected by malware has increased significantly since the beginning of 2011. The company also found hundreds of Android apps infected with malware.
Mobile security software can help protect against malicious downloads, bots that take control of your device, unsafe websites and other threats, just like antivirus software does on your computer. Also, make sure to promptly install vendors' official software and firmware updates, as these protect against discovered vulnerabilities in your smartphone.
Some apps are not intentionally malicious, but leave you vulnerable nonetheless. They accomplish this by not encrypting your sensitive data and leaving it accessible on your phone. Before downloading an app, seek out unbiased reviews of its security features. One source of such reviews is appWatchdog from ViaForensics, a digital forensics and security firm. According to appWatchdog, both the Android and iPhone mobile apps for Facebook, eBay, Amazon, Twitter, Yahoo! Mail, Mint, Skype, Twitter and a number of other popular programs store unencrypted data on phones or store sensitive data insecurely. For another source of security data, the Identity Theft Resource Center recommends that users "do a quick Google search to see if there are any reviews of the app. A Google search for 'app name – problems' may be rewarding."
Users should also read the fine print before installing an app to see what permissions to access a user's data the app requests, and learn what the app does with that data. Apps may ask to access a user's location, contacts and other data. Steer clear of apps that seem to ask for more information than they need to fulfill their stated function. Also, when using an app for online shopping or financial transactions, don't allow the phone to memorize the account logins or passwords. Be aware that malware sometimes disguises itself as a legitimate app. It can be difficult to spot these variations, but sometimes reading the permissions will tip you off. (For related reading, see What To Do If Your Identity Is Stolen.)
Android apps aren't subject to any review process, so anyone can add an app to this marketplace. On the other hand, iPhone apps theoretically have a greater level of protection. According to ComputerWorld, Apple tries to verify that an app does what it says it does, is reliable and respects Apple's rules.
Google Wallet is a relatively new app that uses near-field communications (NFC) technology to let consumers make purchases with qualifying smartphones and stored credit card data. In some ways, Google Wallet could be considered more secure than a traditional wallet. Built-in protections include the requirement that users enter a PIN to activate the NFC chip. Also, the app stores users' credit card data in an encrypted format on a chip separate from the phone's memory. If the phone is stolen, the PIN protection for both the NFC chip and, if enabled, for the phone itself are supposed to prevent thieves from making unauthorized purchases. On the other hand, a thief can use the credit cards in a traditional wallet until he gets caught or until the owner notices the theft and closes the affected accounts.
Google Wallet appears to be very secure. However, consumers who choose easy-to-hack PINs definitely put themselves at risk. Avoid using one of the most common passcodes, like 1234, 0000 or 2580. A study earlier this year revealed that 15% of iPhone users lock their phones with one of just 10 PINs. Consumers also shouldn't use any number that someone who knows a little bit about them could easily guess, like an address number, graduation year or birth year. These are just a few of the threats facing smartphone users. WiFi sniffers, jailbreak programs and photo geotagging represent additional threats to privacy and security. (For related reading, see Is Identity Theft Still An Issue?)
The Bottom Line
Don't assume that your phone comes with built-in protections that are keeping you safe. There are many steps that users must actively take during initial setup and on a daily basis to protect the safety of the data on their phones. If you do suspect or know that your phone has been compromised, you should take the same steps to protect yourself that you would in other identity theft situations.