ITRC Fact Sheet 145
The increasing use of smartphones for daily activities is a growing concern when it comes to personal information that is stored on your device. This information may be in danger of accidental exposure.
Phone Application Access: Before downloading any app, consider reviewing the information the phone app is asking permission to access. Apps for smartphones running on the Android operating system will disclose the information the application is requesting access to in order to run. This access may allow the app to control, change or modify information on your phone.
The information will vary depending on the app’s requirements. For example, the smartphone app may request permission to access the following:
- Network Communication which will allow for full access to the Internet.
- System Tools to prevent the phone from sleeping and allow the app to retrieve running applications.
- Phone Calls may reveal users phone information, state and identity.
- Your personal information which will read owner data and contact data.
- Storage which could allow for SD card content to be modified or deleted.
- Hardware controls which could enable the app to record audio and/or take pictures.
For Android phones, the user has to either allow or deny access to this information. If the user has granted the application permission to the information requested by the app, the user will be able to download the app. However, if the access is denied, the user will not be able to download the app.
For iPhone users, Apple does not require app developers to disclose the information an app will request permission to access. BlackBerry allows the user to modify the apps’ permission levels. For more information refer to ITRC Fact sheet FS 146: Smartphone Privacy and Security.
Updates: App updates and software updates are important to keeping your device and apps up-to-date. These updates are important because they provide solutions to previous app problems, such as bugs, in the device’s operating system. It is important to download the latest updates to protect your device from these problems that may give rise to others.
Email Accounts: Smartphones allow the user to have access to one or more email accounts. These accounts have a continued log-in access, unless disabled. The problem is the user may use email communication for many types of activities. This may include bank account transactions, transfer confirmations, payment confirmations, sending out resumes, retrieving forgotten passwords, and any other form of communication that displays sensitive personal information.
Password protected or not?
Every smartphone can be password protected or locked through a pattern code. Whether it is a feature already present in the phone’s settings or available through downloading an app, a smartphone can be protected. If your smartphone is lost or stolen, it could make a difference in allowing a hacker to gain access to your phone’s information.
For example: The iPhone offers the ‘Passcode Lock’ feature under Settings.
Smartphone Wiping: If available, consider turning on the ‘Data Protection’ feature on your phone. If your smartphone device does not offer a similar feature, consider enrolling in a Data Wiping service. Such services may be available through your cellphone provider. For more information on Wiping Services refer to ITRC Fact Sheet FS 144: Smartphone Safety.
For example: The iPhone offers the “Data Protection” feature under Settings. After 10 failed passcode attempts, all the data on the phone will be erased.
What is Jail-breaking / Rooting? Jail-breaking is breaking into the phone’s operating system to allow the phone to run apps that are not approved for that specific phone. For instance, the smartphone user wants an app that is not available or authorized for use with Apple or Android devices. This process is called “rooting” on the Android platform.
Apple is strict with its applications. It takes several steps to ensure the vetting of applications before they are allowed on the App Store. However, jail-breaking the iPhone will allow users to download apps from the Cydia App Store and to change various features on their phone. The problem with this is that Cydia Apps are not authorized for use by Apple.
Both jail-breaking and rooting are suspected of putting your device at risk for mobile malware, which can result in programs or software being installed to your phone without your knowledge. Malware software can monitor and steal the data stored in your device. Another threat is the fact that jail-breaking or rooting your device requires the user to download a program to a PC or MAC in order to complete the process. This process may put both the smartphone and computer at risk of a malware attack. Many users have reported that certain JailBreakMe programs have infected their devices.
Please note that Apple does not support jail-breaking. In fact, it may be the case that if the iPhone is jail-broken, or an Android device is rooted, the phone’s warranty may be voided.
Applications: A major concern about apps is the type of personal information that apps can access - the information stored in your device. Every app is privy to certain information on a device; however, such information varies widely depending on the type of app that the user downloads.
- Banking applications hold user names and passwords.
- Bill Tracking Applications hold account numbers, company names, dates, etc.
- Fake Text / Fake Telephone Call Applications allow text messages to be sent to recipient. Recipient will receive the text message or phone call under a different name thinking it is someone else. Information may be shared and the user may be sharing information with the wrong individual.
- Credit Card Swiping Applications provide ability to obtain credit card information for payments. However, what happens if safety precautions are not taken to protect the information?
- GPS (Global Positioning System) Applications store information under favorites for Navigation Apps. Also, if GPS is enabled, geotagging is enabled as well.
Accounts linked to Credit Cards: Smartphones can link financial accounts and shopping accounts, like PayPal and Ebay, to credit card or debit card numbers.
- Android Google Market Apps require a PayPal account for purchase.
- Apple’s App Store requires Apple account and password to grant permission to download
- Banking Apps require user ID, password, and sometimes even PIN for access.
- Shopping Apps may memorize account numbers for facilitation of payment.
For safety and privacy, consider inputting information for each transaction as opposed to having the phone memorize the accounts and passwords.
Direct Carrier Billing: Every wireless carrier offers a form of direct carrier billing. Verizon Wireless lets customers buy ringtones, ringback tones, and songs and allows them to pay for the transactions on their monthly phone bill. T-Mobile recently announced the expansion of such direct carrier services to browser-based purchases for any of T-Mobile’s smartphones. This means if you use direct carrier billing and purchase something online, you will be billed for that item in your monthly cell phone bill. The convenience about direct carrier billing is not providing your credit card information when making purchases.