The information security threat, at a high-level, can be classified into three key types: Confidentiality (endpoints threat, which most of the companies focus on solving), Availability (denial of service threat, similar to the recent power grid outages in Ukraine and Israel) and Integrity (assessment of compromise of network, systems, software and data, and identification of unauthorized elements on the network). Cybersecurity industry is highly focused on the confidentiality threat and most of the solutions available in the industry currently target to solve this threat by “encrypting everything”, while the other two types do not get the requisite focus.
While there are sophisticated technology-based security breaches at the enterprise level, the technology that is fast proliferating into the consumer space, such as smartphones, also has potential vulnerabilities. In the domain of smartphone apps, the banking and payment apps, which have the personal banking and financial details of the user linked to them and the device need to be fortified against potential security breaches, data leaks, misuse and loss of money.
Various Types of Security Threats in the Smartphone Ecosystem
From a potential security threat perspective, banking apps on smartphones are relatively safe as they do not store login credentials of the user in the app or on the device and have idle time-out based automatic logouts. Although it is a minor issue from the user experience point of view to enter the login credentials for every sign-in, it ensures safety for the bank transaction on the smartphone.
Mobile wallet and payment apps on the other hand store the credit and debit card details and the login credentials of the user during the first-time registration so that the user can easily launch, access and pay for the services in the least possible clicks. Various e-commerce marketplaces, taxi-hailing, and other utility apps which integrate these payment and wallet apps have similar functionality and low levels of security.
These set of apps prioritize “ease of use” over security, as it ensures faster and higher adoption, and repeat usage of the apps by the consumers. And, since most of these apps are developed by young startups whose company valuations are directly linked to exponential growth (in terms of downloads and user adoption), their focus is almost primarily on user experience. The risk of misuse and potential loss of money for the consumer, especially upon loss or theft of the smartphone is higher through mobile payment and wallet apps as compared to banking apps.
What Should Smartphone Users Do To Avoid Potential Breaches?
Apart from design-based security threats, data leaks through malware, which in some cases are positioned as spy and tracking apps (such as MSpy, global tracking paid app (at USD 20) and India’s home-grown free app – Tracking Smartphones) that have the ability to be hidden, register every keystroke on the device and present the data, segmented by usage and app to potential hackers and other users is also a serious threat in the smartphone space.
Most of these security vulnerabilities, threats and data leaks can be thwarted by alert and disciplined end users. Always PIN and pattern locking the devices, regularly cleaning the junk folders on their smartphones, and factory-resetting the device every time a used smartphone is handed over to a family member or a friend, or sold in the second-hand market could potentially reduce the security risks to a significant extent.
Going forward, as biometric sensors such as finger-print scanners and Iris/eye scanners (coupled with depth-sensing cameras and robust facial recognition softwares) become commonplace and proliferate to the level of mass-market smartphones, the security features in the devices could be technologically developed to be more stronger.
Having said that, safety and security in the consumer devices space will, to a significant extent, depend on alert human intervention and action. And currently, technology is proliferating at a much faster pace as compared to the rate at which an average end consumer of technology could be adequately educated.