In this report
Mobile phones are a new risk
Protect yourself
Concerns about Facebook

Mobile phones: The new risk

Last reviewed: June 2011
Illustration of a mobile phone
From our survey
In the past three months, 1.8 million mobile-phone owners used their phone to store their passwords to accounts and websites.
Photo illustration by Stephen Webster

Eighty-three percent of U.S. adults have mobile phones, according to a 2009 Pew Research Center survey. Your phone probably holds a comprehensive contact list, might be regularly logged in to your social network, and could contain a list of your passwords. In our survey, 9 percent of mobile-phone owners used their phone for banking.

Losing a phone is a bigger security risk than infecting it with malicious software, according to Charlie Miller, principal analyst for Independent Security Evaluators, a company that assesses the technology risks of organizations. The easiest way to protect data against loss is with a personal identification number (PIN) or password on the phone.

But, our survey found, only about 20 percent of mobile-phone owners using their phones in potentially risky ways had taken that precaution. Fewer than one in three mobile-phone users had taken precautions such as regularly downloading software updates and backing up their data to another device.

And malware attacks against smart phones (Internet-enabled phones that run apps), though infrequent, are becoming more visible. Recently, a piece of malware called DroidDream infected about 260,000 Android phones, according to John Hering, CEO and co-founder of Lookout, a mobile-security company. Victims downloaded it from Google's Android Market on more than 50 apps designed to mimic popular applications. DroidDream could access all the data on infected phones, including passwords and banking credentials. Fortunately, Google quickly yanked the infected apps from Android Market and released a tool to clean the malware off infected phones.

Hering discovered DroidDream using an anti-malware tool that examines the characteristics of such threats and found that the malware had spread to many more apps than originally thought. He thinks such malware is going to keep increasing; malware for PCs certainly has. "What it took 15 years to do in computers, it took two years in mobile," he says.

Mobile phones equipped with GPS can track your location. More than 8 million people worldwide use Foursquare, a social-network app that lets them comment about restaurants, stores, and other places they visit. Benefits include discounts and freebies. But the service can let strangers as well as their friends know where users are.

Photos taken with a smart phone also present risks, such as revealing the exact location where the photo was taken. If you post a geotagged photo to a photo-sharing service such as Flickr, make sure your site settings don't allow the site to share the location. The site ICanStalkU demonstrates how easily posting such photos compromises security. It uses geotagging information from Twitter postings to map photos and access the Twitter handles of people who posted them.