As discussed last week, smartphones are becoming vulnerable to the same problems that threaten computer security—malware, worm, phishing, etc.—especially as people increasingly use these devices for sensitive purposes like banking transactions.
In the story from the Associated Press that was cited last week, Herb Wesibaum, The ConsumerMan, said, “McAfee is working on a product that analyzes the ‘permissions’ an app wants from your device and warns of possible threats. For example, a flashlight app doesn’t need to look at your location or your phone book. If the security software found a flashlight app asking for access to that information, it would flag it.”
But Wesibaum also quoted experts who said there was no cause for panic nor an urgent need for security software in mobile devices—yet.
He said Paul Reynolds, electronics editor at Consumer Reports, said, at the moment, the biggest security threat was losing one’s phone. Reynolds did not think people had to install yet another program for security in their phones right now.
James Lyne, director of technology strategies at Sophos, agreed, Wesibaum said. The security expert expressed the view that mobile security at present was about the basics. To protect themselves, people needed a decent password, to use encryption and make sure their device was patched—running the latest versions of both applications (apps) and the phone operating system (OS).
At the same time, however, Lyne said in a year or so, people might have to consider seriously security software, especially if smartphones were being used for shopping or banking, Wesibaum reported.
Lyne also advised people to be careful about the apps they installed, to think before downloading anything, to check reviews and to be skeptical, Wesibaum said.
Rachel Ratcliff Womack of the digital security firm Stroz Friedberg advised smartphone users to stick with major apps and the major app stores. Wesibaum said the chances of getting malware were relatively low, although still possible, at Amazon or the iTunes store. “You run a greater risk at the Android Market,” he said.
Do’s and don’ts
Meanwhile, here are some suggestions from Smart Communications on what people can do to keep their phones secure:
Make sure the phone’s OS and software are up to date at all times. More importantly, the anti-virus software, if it has been installed, should be updated regularly.
Apps should be downloaded only from reputable sites and app permission requests should be closely reviewed.
Feedback from other users should be checked before downloading a program/app.
A strong, complex password using a combination of capital and small letters, with at least eight characters, including alphanumeric characters and symbols, should be used.
Bluetooth and other connections should be turned off when not in use.
A mobile security app with mobile trackers should be installed. In case of loss or theft, the app can track the phone and even remotely control it
Mobile phones should be secured against loss or theft
And some of the don’ts:
Download apps from third-party application repositories. Malwares usually surface from these.
“Jailbreak” the phone. People should at least know the risks before doing so. Jailbreaking opens the phone so the user can access and modify portions of the phone that are normally off-limits. For instance, the owner may want to install in the iPhone third-party apps not offered by the Apple Store.
Access banking or shopping sites over a public Wi-Fi connection. Public Wi-Fi connections are more vulnerable to hacking and security breach.
Leave mobile devices in public places.
Send letters to The Consumer, Lifestyle Section, Philippine Daily Inquirer, 1098 Chino Roces Ave. cor. Mascardo and Yague Sts., 1204 Makati City; fax 8974793/94; or e-mail [email protected].