ENISA, the IT security agency of the EU, has published a report detailing the main security risks associated with smartphones, stating that devices are “a goldmine of sensitive and personal information – it’s vital to understand how to maintain our control over this data.” According to the body, the main risks include the accidental leakage of sensitive data, for example through GPS data attached to images; data theft from malicious apps and from stolen, lost or decommissioned phones; “diallerware,” which makes unauthorised phone calls; and the overload of network infrastructure by smartphone apps.
ENISA also highlighted many positive features associated with mobile devices. Backup features are often “very well integrated into smartphone platforms,” making it easy to recover data if the phone is lost or stolen. It was also noted that the controlled distribution channels for many apps, through established app stores, gives the opportunity for providers to have more control over app security, through the vetting of submissions and the removal of insecure products. The authentication and encryption options available to smartphone users were also noted as offering the potential to improve security further, while the diversity of the smartphone portfolio “makes it more difficult to attack a large group of users with one virus.” In its report, ENISA provides guidelines for consumers, employees and “high officials,” reflecting the different levels of security necessary for each group.