show image

Kaspersky uncovers new security risks in mobile devices

People are installing apps all over their mobile devices. That much is pretty obvious and well known among the community of IT professionals; what might be less clear is that they are doing so without considering any of the potential security consequences.

This is the finding of a report from security specialist Kaspersky Lab, which asked 18,000 respondents to take a quiz in which it asked, for example, whether people read the small print when signing up for a new app for their smartphone or tablet. 63% said they didn’t bother, which actually sounds quite low to us; we’re guessing a proportion of the remaining 37% don’t read it either but are too embarrassed to say.

A further 20% don’t bother reading the messages coming through to their phone whilst installing apps but just click “accept” to get to the content.

This is of course how commercial companies hope they will behave; businesses like social networks are then able to put elements in about the right to reproduce images in their advertising and the right to incorporate users’ data into research. On the whole this is likely to be handled unobtrusively (although at least one of our contacts was surprised when he found a private picture of a dinner party he’d shared on Facebook used in that company’s advertising campaign and then discovered this was part of his original membership agreement).

More dubiously there are apps that prompt the installation of other apps, and if someone simply clicks “accept” to everything while installing one of these they are likely to end up not knowing what’s on their phone.

Ignorance about what could be done with apps was high. 43% of respondents didn’t know enough to limit app permissions during installation. 15% didn’t limit what apps could do on their device while 17% gave permissions as a one-off but couldn’t remember changing the settings back. A striking 11% didn’t know they could change permissions – meaning that if corporate data is on the phone, it can be accessed by third parties quite legally.

David Emm, Principal Security Researcher at Kaspersky Lab said: “Internet users are entrusting their devices with sensitive information about themselves and others, such as contacts, private messaging and so on, yet they are failing to ensure their information is entirely safe. This can turn their devices into their ‘digital frenemies’. Because they are not taking precautions when they install apps, many consumers are granting apps permission to intrude on their private lives, watch what is stored on their devices and where they are, install additional unwanted apps and make changes to their devices right from the moment of installation. At Kaspersky Lab, we want to help consumers become more cyber-savvy and protect their precious data – and themselves – from these dangers.”