Thirty years into the personal computer revolution, most consumers are savvy enough about Internet security to know that they shouldn’t be surfing the Internet without some sort of protection. But those same consumers, not to mention the corporations for which many of them work, think nothing of using their smartphones to conduct all manner of potentially sensitive communication. Not surprisingly, developers of malware are paying attention.
According to Beth Jordan, vp of communications for security software developer AVG, recent research that the company conducted in conjunction with the Ponemon Institute revealed a disturbing lack of consumer awareness regarding the vulnerability of information on a smartphone.
For the research, 734 U.S. smartphone users aged 18 or older were polled. Among the findings: Thirteen percent of surveyed smartphone users said location data had been unknowingly embedded on their handset, enabling others to track their location. Only 21 percent of respondents were aware this could happen. Six percent of respondents said that mobile applications had transmitted confidential payment information such as credit card details without the users’ knowledge or consent. Only 11 percent of respondents were aware this was possible. And 8 percent said their handsets had been infected by a sort of malware called dialerware that enables criminals to make use of premium services that are then charged to the cell phone owner. Only 10 percent of respondents were aware of this risk.
Jordan says that the researchers asked about 11 of the most common ways in which consumers are taken advantage of in the mobile space. Of the 11, only two had a consumer awareness of more than 50 percent. Additionally, she points out, the “awareness” numbers and the “impacted by” numbers are, in most cases, very close, meaning that, very often, consumers are aware of a potential security problem involving their cell phones because they have already experienced the problem.
According to Chris Wysopal, chief technical officer for Veracode, which has developed a cloud-based mobile app security verification service aimed at big enterprise customers in the healthcare and financial industries, malware embedded in mobile apps and particularly in information downloaded from the mobile web is becoming more and more pervasive. “The same type of phishing attacks that happened to PC users are now happening to mobile users,” he says. “The browser is smaller; there is less information in the URL. You have to be more careful.”
The problem is especially acute for large companies because of the way in which people use their mobile devices to interact with their workplaces. By attacking a smartphone, malware developers can, conceivably, gain access to sensitive information stored on the phone itself or, using the smartphone to connect to a company’s central databases, do even more damage.
Wysopal thinks that most consumers don’t understand how little security checking is done before an app is uploaded to an app store. “Google doesn’t really do any validation of apps that are uploaded,” he says. “The iTunes store has a policy where they review the app, but it’s unclear what level of security screening they do. I would suspect very little, if any.”
“I think we’re just at the beginning of understanding the risks of the mobile platform,” says Wysopal.
More in Media

Andre ‘Typical Gamer’ Rebelo hits 1 million followers on Fortnite
As Epic Games looks to establish Fortnite as an alternative to platforms such as Roblox for metaverse-interested brands, seeing an individual creator reach one million followers could help convince more marketers to turn their attention to Fortnite Creative.

The Independent bets big on individual talent-led verticals with the launch of Independent Studio
The U.K.-based digital news publisher has signed YouTube creator Alan Clery as creative director to kick off the launch of Independent Studios, a unit that will produce a new crop of individual talent-led videos, newsletters and podcasts.

Creators are ditching Substack over ideological shift in 2025
The writers who left Substack in early 2025 represent a second wave after an initial burst of Substack creators left the platform in January 2024.