Smartphone security is one of the most relevant concerns of our time. The rapid adoption of technological innovations, the rampant growth of e-commerce, a push for personalization, the drive toward data-driven decisions, enhanced connectivity through IoT solutions, and the sheer amount of functionalities available on smartphones from the traditional phone calls to the latest tap-and-pay mobile wallets have turned the spotlight back to the question: How safe is all the information stored or accessed on a smartphone?
A recent YouGov poll shows that while 85 percent of people in the UAE own a smartphone, about 55 percent of them believe that their "smart" technology devices are spying on them. While there is a need for consumers to better understand how and why their data is being tracked, the prevalence of nefarious elements such as mobile malware is not new. The 2018 Internet Security Threat Report released by Symantec shows that the number of new mobile malware variants increased by 54 percent year-on-year.
Additionally, with the growth of cloud technology and constant connectivity, a large number of people have begun digitizing their data, including personal records, and have stored them on a virtual platform for ease of access, especially on-the-go. This massive amount of sensitive information online coupled with the digital footprint created by the daily usage of mobile phones can prove to be dangerous if misused. However, "let's stop using smartphones" is not the solution; the time has come for each of us to understand how, when, and why our information is accessed.
Simplifying smartphone security
There are two fundamental ways to look at smartphone security: data tracking and hackers.
"When you decide to download a smartphone application, you are also deciding to share certain information with them. Each of those applications tracks certain aspects of what you do depending on what access you decide to share with them. Based on that they target certain advertisements at you, although this is dependent on the consent of the user" said Sanmeet Kochhar, General Manager – Middle East at HMD Global. "It's important to understand that if you are not paying for a product or service, there is a strong chance that you may be the product yourself."
Hence, while a mobile application is used, there could be entities tracking what customers are doing. This is not necessarily negative – the data gathered based on customer choices could be used to customize and personalize offers, discounts, and target meaningful advertisements at customers.
"Sharing data could be highly beneficial for individuals, as well, but is a choice that each person needs to make. With artificial intelligence and machine learning coming into the picture, smartphones are getting smarter. They understand you better and can modify the way they work based on your usage. For instance, in the case of adaptive batteries, the smartphone can track your data and learn based on which applications you use the most and prioritize background activity for the applications that matter the most to you," Kochhar said.
To put things into perspective, as of 2018, there were 194 billion applications worldwide. Mobile applications alone are expected to generate close to $188.9 billion in revenues by 2020. This is potentially driven by the fact that people spend 90 percent of their media time within apps, and are likely to view 4.2 times more number of products within apps compared to websites.
Global mobile device security software market revenue in 2013 and 2018 (in billion U.S. dollars)
Secondly, there are a lot of hackers and malicious elements who are attempting to retrieve sensitive data by making the most of vulnerabilities. This is where the role of security patches and updates comes in. Nokia, for instance, which uses Android One by Google on its phones, has taken a leading role in this area by providing monthly security software updates on all its devices across the globe irrespective of the price points. This is not the case for all Android-based hardware manufacturers – a lot of devices have security updates that are more than a couple of months old.
"When people buy a phone, they tend to look at – how many megapixels is the camera, what's the memory specification, what's the screen size, what's the storage space, what's the processing speed. However, if people are truly concerned about their data security, one of the key purchase decision criteria should be whether the smartphone manufacturer is providing constant security updates. Smartphone security is a race between the hackers and the developers regarding who is evolving faster," Kochhar said.
Therefore, the onus is partially on smartphone customers to understand what applications they are downloading and why each application requires access to certain data – for instance, a real-time map application may require access to your real-time location or GPS coordinates. Customers also need to understand that each application downloaded onto a smartphone needs to be vetted by internationally-trusted entities such as Google Play Protect, as downloaded applications may have malware or hidden vulnerabilities. In such an eco-system, smartphone security updates are no longer optional, but mandatory. Furthermore, they need to be timely and constantly updated.
"The larger ecosystem also has to play a very important role in making customers aware of what they are doing," Kochhar concluded.