There can be little doubt that where there is growth in the mobile industry, one would not need to look far to find smartphones. As ARPU from voice services continues to fall, with VoIP services like Skype doing their best to commoditise lucrative international voice telephony, smartphones are driving the adoption of data tariffs in the mass-market, and turning low-spending customers into more lucrative bundled service subscribers. However, there are some changes that growing smartphone adoption is bringing about which could cause real problems for customers in the future, as they trust more and more of their personal information to their handset.
Last week, the European Union’s IT security agency, ENISA, published a report focusing on the smartphone sector, intended to enable the “informed assessment” of the information security and privacy risks associated with smartphones. And a number of the key threats it identified result from accidents or carelessness, rather than any form of malicious attack. The key issue is that devices are home to more and more sensitive information, a trend which is only likely to continue, while user behaviour has not changed from the days when all a phone could offer up was a list of contacts.
Among the threats identified by ENISA were data theft from a lost or stolen phone; improper decommissioning, when a phone is given to another user without being properly wiped; and unintentional data disclosure, where an app shares data without a user being aware. In these cases, rather than being a technology weakness per se, the problem lies at least in part with the user, who could easily take action to mitigate the risks.
Some threats to smartphone users are already familiar from the PC world. Phishing attacks and spyware are threats that are already well known, and the growth in popularity of smartphones is likely to lead to an increased cross-over. But again, the user is the weak link in the chain, rather than the technology itself.
Of course, the increased penetration of smartphones will also lead to the increased threat of problems resulting from miscreants exploiting technology weaknesses. Unlike in the desktop PC world, where Microsoft’s Windows is dominant, the smartphone market is hugely fragmented which has, at least in one respect, worked in its favour. While there have been reports of viruses which affect smartphones, rarely are these found in the wild, and rarely can they spread without users intervention. In addition, with Apple keeping a tight control on its device and developer ecosystem, and Symbian OS being somewhat esoteric, there has been little to appeal to peddlers of malware.
Indeed, a potential danger comes as customers become more-and-more familiar with installing apps, aided by the painless and largely safe experience offered by the big-name stores. While these stores remain a path to content that has been validated and checked by experts, there is a danger that customers will cast their nets wider to gain access to more products in the future – possibly including content from categories not supported by app stores including adult or gambling – and therefore fall into the hands of unscrupulous distributors.
As with the PC world, users can do much to protect themselves for little or no cost, by being alert to the potential threats. But with smartphones being the industry growth driver, it would be a bold stakeholder who decided to alert users to the potential dangers, wherever they may come from.
The ENISA report is available for download here.
The editorial views expressed in this article are solely those of the author(s) and will not necessarily reflect the views of the GSMA, its Members or Associate Members