Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Android Privacy

Many Smartphone Owners Don't Take Steps To Secure Their Devices (pewresearch.org) 143

From Pew Research's new report: More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone's apps or operating system, about 40% say they only update when it's convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten smartphone owners report they never update their phone's operating system (14%) or update the apps on their phone (10%).
This discussion has been archived. No new comments can be posted.

Many Smartphone Owners Don't Take Steps To Secure Their Devices

Comments Filter:
  • by Anonymous Coward on Wednesday March 15, 2017 @11:25AM (#54043699)

    Unfortunately that's down to the manufacturer and carrier, neither of which give a flying fuck after they sold you the contract. Probably take someone suing them until this changes in the UK.

    • by Anonymous Coward

      Next time buy an iPhone or a Nexus.

      • That's basically like saying next time you buy a phone you better spend $700 on a phone or you don't deserve to have one running modern software. I can buy a desktop or laptop for half that price and the software remains updated. Why can't the same thing happen on a phone. Is it really too much to ask?

        • Just buy a $100 phone and toss it every couple of years. Its sad that we have to do that these days but on the upside you can get a 5.5in quad core phone with a couple gb of RAM running Android 6 for around $110 so even if you toss it every couple of years you are still gonna come out ahead over iPhones and those other $700 phones as they will be no longer supported before you have spent even half that and your tech will always be relatively fresh.
      • by Anonymous Coward

        Have a Nexus4 and Google dropped support!

        The phone is fine. No issues, except that Google won't security patch the OS. They seem to think that $450 devices are good for 3 yrs.

        I disagree.

        There should be a law.

      • by GuB-42 ( 2483988 )

        Nexus, what Nexus?
        Google more or less killed the Nexus program with the Pixel line, The last one is the Nexus 6P and we can expect official support to be dropped in 1 or 2 years.

      • by zlives ( 2009072 )

        can't update my iphone 4 to newest either. other than the security (vendor controlled) the phone continues to work as a phone and smart device. deliberate disablement happens for a reason.

      • Upgraded an iPad 2 to iOS 9. Big mistake. All "upgrading" does on iOS is insure that you'll have to buy the latest device after ever two iOS versions or you're stuck with a slow choppy device that may not even get software updates. I use the term upgrade for system and update for software. It's a Linux thing.
    • Probably take someone suing them until this changes in the UK

      Or anywhere else, actually.
      I haven't had an update in a long time (Samsung S4) but I only checked when it was convenient as well. Now I've rooted it, and secured it more by installing a firewall, hosts list, and program permission tool on it through the F-Droid repository.
      But the main thing is to not install every silly app from the store, especially whhile not checking latest reviews and permissions.
    • Not really. If your Device gets hacked, a person will be more likely to blame the Carrier or the Manufacturer than themselves. And we now live in a world where factless ranting takes precedence over facts now.
       

    • I'd love to update. My Samsung work phone has NEVER received an update ever. Still 4.4.1. Personal use my Nexus updates couple times a month.
  • by Anonymous Coward

    At least for appity-apps on android, why would you bother updating once you get it to work? Each update is worse than the last - more features broken, less stable, additional ads crammed in everywhere. As far as updating OS is concerned, boy, that switch to N sure broke a lot of old apps huh! captcha: walnuts, as in nuts to this!

    • Agreed.

      My old Samsung worked fine when I got it, and over its lifetime suffered two noticeable degradations in reliability - each coinciding with an automatic update of the OS. Each update left more device features unreliable or completely borked.

      New (also Android) phone works fine for now. Need to find a way to turn off automatic updates before it ends up going the same way.

    • Not just Android, in iOS, updating in a lot of cases just meant more of my storage getting eaten - and here, there are no SD slots for me to make that irrelevant. That's what I ran into w/ my iPad mini, which is now stuck on 9.3. I had to delete all the photos from that tablet and put them up on OneDrive, so that I wouldn't miss them. My iPhone probably won't have that issue, having as it does 128GB storage, but my iPad mini is something I'll have to figure out.

    • Exactly! Also, when does updating apps/OS become equivalent to secure? I agree that updating could make the device more secure because the new patch is supposed to close/fix security bugs. However, there are times that new update actually opens/allows new security holes/bugs as well. TFA is just an advertisement to influent people to keep updating apps/OS...

    • Most manufacturers don't do a good job at patching even when they give an upgrade (update?). Sometimes, it even takes trial and error to see if the new upgrade fixes stuff or breaks stuff.
  • by Highdude702 ( 4456913 ) on Wednesday March 15, 2017 @11:29AM (#54043727)

    To be fair most android phones I've seen have auto app upgrade enabled. iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.

    • +1 Factually Untrue since iOS 7 [9to5mac.com].

      By default, it won't auto-update unless you are plugged in and on WiFi, which seems like a good time to be doing maintenance like this. You can opt-in to automatic downloads over cellular, if you prefer.

      • I said

        To be fair most android phones I've seen have auto app upgrade enabled.

        following that was

        iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.

        Now you come along saying its factually untrue, referring to a link saying you have to turn the auto update feature as its not enabled by default, Also you can choose whether to use mobile data or wifi or just wifi. Hopefully you read my comment incorrectly and this was just a misunderstanding.

    • I have a corporate issued iphone whose contract doesn't allow OTA updates. And the company doesn't allow phones on the wifi. So I've never updated it from the version 8-something it came with.

      • I didn't say all, I didn't say shit about corporate. and it seems like your situation would be in a far lesser percentile than what I was talking about. So what was your comment about?

  • With both Android and iOS, the device will ship encrypted, and all one has to do is set the PIN and fingerprint. Updates are generally done automatically, with OS updated being the only real thing that is prompted for, and that usually takes a click or two.

    With updates being pretty much automatic, there isn't much to do as a user, for the most part, other than periodically checking that the iCloud or Titanium Backup image was successful.

    • by TWX ( 665546 )

      Ship encrypted?

      Last Android phone I dug into was not encrypted. The user privileges were set to where my standard use did not have root-level access to the device (which made getting my stuff off of the phone when it broke very difficult) but once I figured out how to get to some obscure menus at boot-time I was able to mostly find what I was looking to find through the filesystem and to copy over to a Linux box.

      I would be very happy if Android came with the equivalent of Sudo.

      • Late 2015, I bought a HTC One A9, which is an entry-level phone. The default ROM ships with /data encrypted by default but with no authentication. During setup, when one set the PIN and such, it would change the stored password. When moving to a CM/LineageOS ROM, /data was not encrypted, but that was not too difficult to fix up. Samsung phones also ship with /data encrypted as well.

        As for Sudo, the closest to that would be SuperSU or something similar. There are no real weaknesses for having a rooted p

      • The user privileges were set to where my standard use did not have root-level access to the device (which made getting my stuff off of the phone when it broke very difficult) but once I figured out how to get to some obscure menus at boot-time I was able to mostly find what I was looking to find through the filesystem and to copy over to a Linux box.

        Why not use adb-sync? You don't need root on the phone to access the data over USB which is why it's recommended that you also encrypt the phone.

        I have never heard of an Android phone shipping with encryption enabled.

    • by lgw ( 121541 )

      I set a password on my phone, though I'm not sure it was a good idea. If I lose my phone I just need to change my Google password, as nothing else there will be of value to anyone. Didn't bother with a password for my last phone.

      Anyone who installs stuff like banking apps on his phone is asking for it, really. Phones are fundamentally insecure devices (and the more apps you install, the less secure they are). Trusting them for access to something of real value seems foolish to me.

      • by creimer ( 824291 )

        Anyone who installs stuff like banking apps on his phone is asking for it, really.

        I had to install the banking app on my iPhone because no web browser supports running the Java plugin for depositing checks remotely. I'm sure the bank will figure out someday that no one is depositing checks via the website.

        • by lgw ( 121541 )

          In the rare case where I have a physical check to deposit, I just mail it in. I've been banking primarily by mail for years - as long as your paycheck is direct deposit, it's not really a problem.

          • I just go to my nearest Wells Fargo and deposit it at the counter. Most secure that way. I rarely get checks though nowadays - my salary is often directly wired.

      • I would argue that banking apps on a phone might be more secure than on a PC. Mainly because done right, a phone has far less chance of getting malware that can access the banking app's jail or directory than rogue software running as a user context on a user's PC. Nothing is 100%, of course.

        • by lgw ( 121541 )

          The same malware creators target both platforms equally now. Too many banks try to use the phone as a 2nd factor, so it's a very valuable malware target, and attackers have had enough success to make the news in security circles.

          A PC is really pretty secure (in this specific case) if you don't use the same browser for banking as everything else, because the vast majority of malware here is "man in the browser" attacks (and they try to stay hidden after infecting the browser, not call attention by trying to

          • You are not paranoid, you are smart. I keep my financial stuff in a VM, and keep my Web browsing in another VM [1]. Separation of stuff is common sense, especially with all the stuff that runs in a browser that is untrusted.

            This makes me wonder... why doesn't a phone maker use VMs in phones? ARM already has a built in hypervisor (the "worlds" functionality that allows for trusted and untrusted), why not use that, coupled with back-end deduplication and encryption. With a phone that has 2+ SIM cards, it

            • by lgw ( 121541 )

              When I was at VMware, years back, they were busily developing VMware for phones (focused on providing a "Work VM" that could be remotely wiped, leaving the rest of your phone untouched). I can only assume there wasn't a market for it, since I haven't seen it since.

              Hypervisor escape exploits are very rare and valuable, and usually involve some sort of built-in sharing between VMs.

      • Why you should set a pin or password for your phone:

        The last time I bought a phone I had to wait in a queue was because the lady in front of me did not set a pin or password but her toddler did.
        The shop clerk was very sorry but very sure that nobody not even the manufacturer could unlock the phone without her loosing all her data!

        That was the argument I needed to get my wife to set a pin on her phone ;)

        • If it is a smartphone, people have the choice of backing up their data to the respective cloud platform - be it iCloud, Google Drive or OneDrive. That's one of the first things I set on any phone I get. One primary reason for that - on 2G phones, one could either save meaningful data on a phone or limited data on a SIM, and every time we got new phones, it was a pain migrating the numbers. My parents had the habit of entering a person's name and type both in the name field, so that saving on a SIM was ea

          • The other thing to that - by backing my entire configuration profile to 'the cloud', the moment I get a new phone b'cos the previous one was lost, or I wanted to upgrade, I just enter my email during setup, and it retrieves everything I had - apps, wallpaper and so on, and I'm good to continue where I left off.

            I'm shocked the restore to new phone feature worked for you. I tried the process probably four times on my Moto X Pure before I gave up. It would only copy maybe 30 out of 120 apps and then silently fail.

        • by lgw ( 121541 )

          A well-reasoned point. I don't have children or pets, so I can have nice things, but that's a small demographic.

      • I had to start using a password or pattern when I started using Android Pay.
        Since my Nexus 5 has no fingerprint sensor, I have to lock and then unlock it when I pay at the supermarket.
  • by Rob Y. ( 110975 ) on Wednesday March 15, 2017 @11:30AM (#54043735)

    I'd be surprised if more than 14% of smartphone owners are even offered the option to upgrade... Presumably the 40% that do take upgrades constitute 40% of those whose phones offer them OTA upgrades.

  • by ColdWetDog ( 752185 ) on Wednesday March 15, 2017 @11:31AM (#54043743) Homepage

    Don't have anything on their phones of any particular import. Nor do they care that the CIA is following their Candy Krush progress. It's just not something that occurs to many people.

    OTOH, there ARE folks who, at the minimum, don't want their credit card details or chats with their surreptitous boyfriends splattered about. Those people need to step up to the plate.

    The big problem is that security is a process that requires thinking, planning and continuous execution, i.e., a PITA.

    • It's not just a matter of actual data in files or entries stored on a smartphone. It's things like your GPS position data leaking (or being accessed covertly), your Internet browsing history, MitM attacks to obtain things like bank account numbers and passwords, credit card information, and other financial information, and in extremis, your phone being hacked to the point where it's a mobile surveillance platform, listening in on you and what's going on around you and/or seeing (via the camera that every ph
    • Don't have anything on their phones of any particular import.

      I have no PIN on my phone. I just swipe and it is ready to go. So if someone steals my phone, they will have access to my mom's phone number and my grocery list. Stuff that matters, like my digital wallet, have individual app-level PINs.

    • Well it doesn't help when you contribute to the myth that if you have nothing to hide you have nothing to fear!
  • by Anonymous Coward on Wednesday March 15, 2017 @11:32AM (#54043753)

    Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well? (I recently updated the BBC iPlayer and now find that it doesn't work as well - the only reason I updated is because the BBC app wouldn't play videos anymore - so it was a forced upgrade.)

    Updating the OS can lead to slower operation, things that worked breaking (especially if you haven't updated your apps :-) ), etc..Even in the typical case, the application continues to work, the UI is somewhat better but nothing much changes.

    Why take the time to update? We, as geeks, know why. But for the typical user it is often just a pain in the ass and the balance of risks is negative. Updating makes sense for most people only if something isn't actually working correctly.

    • Yeah, it seems that iOS and Android updates tend to cause more issues than they fix, especially if you have an older iPhone or Android phone that the vendor doesn't care about anymore.

      • by sims 2 ( 994794 )

        NINAB newer is not always better.
        One of the only cases i've seen where newer is often better is on the smart tv updates. A lot of them are very slow and unresponsive when they ship and they get performance updates later. Although on those you're lucky if you get any updates at all most updates are just to let you know features XYZ have been removed and will no longer function (while they quit working 6 months before) then you have a nice dedicated button on your remote for an app your tv no longer has.

        IME t

      • My experience with iPhone OS updates is that they tend to make things better until they don't, since Apple will provide updates past when the hardware will run them well. That's why I always delay a few weeks and Google the update.

    • by arth1 ( 260657 )

      There are some apps I refuse to update on my phone, because the update requires me to accept snooping privileges I don't think I can trust the maker of the app with.
      For security reasons, it's a better option to NOT update them.

    • Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well?

      Yup, if it ain't broke, don't fix it.

      I once updated an app that I used regularly. The new UI changed so much that a process that used to take 5-10 minutes in the old app would have taken an hour in the new app. No, thanks. I uninstalled the app, restored the .apk from my wife's phone, installed it onto mine, and disabled all updates. I'll never update a working app again.

    • by Daetrin ( 576516 )
      I skipped out on the upgrade to 5.0 on my old Android phone because i'd seen screen caps of the "new and improved" UI. After getting a new phone and being forcibly leapfrogged to 6.0 i'm glad i resisted as long as i did. It took a couple hours of fiddling around with options and installing a new launcher to get the phone _mostly_ looking the way i wanted. (Still stuck with the bright white backgrounds for the notifications and all the updated Google apps though. And those damn floating buttons everywhere ge
    • "How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well?"

      Actually, not that many. Over 8+ years as an Android user, most apps have survived the upgrades with minimal problems. Exceptions, yes, but not many.

      Ads have proliferated across the entirety of the app spectrum. That's a canard. Users should accept updates or get an iPhone.

  • Keep in mind that these unsecured phones carry not only information about you (your name, email, phone, address, photos, etc.); but also many contain deep info that allows a hacker to get deeper into other data.

    Imagine your doctor's phone isn't secure. Also imagine your doctor stores passwords to her office system in her notes app. The result: your medical records are open to the world.

    If 1 in 4 phones is insecure, that basically means all data about you that is out of your direct control... is quite insecu

  • by DogDude ( 805747 ) on Wednesday March 15, 2017 @11:36AM (#54043783)
    What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      You, friend, get it. So-called 'smartphones' are not very smart, at least not for the end-user. They're plenty smart for nosy government agencies, corporations, and criminals looking to steal your identity data and other valuable data. In the parlance of some places on the Internets: Smartphones are a troll, and you've all fallen for it. There is no way to actually 'secure' a so-called 'smartphone'; they're by-design inherently unsecure, and likely can't be made secure, either. But they're shiny, so people
    • by Frosty Piss ( 770223 ) * on Wednesday March 15, 2017 @12:13PM (#54044075)

      Who would one be securing a phone from, exactly?

      Wife.

      • If there's something on your phone you can't share with your wife, chose another wife.

        Kids on the other hand, they should not touch adult phones.

    • by GuB-42 ( 2483988 )

      What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?

      If you think Google, Apple and the government are the only ones you need to protect against, you are terribly misguided.
      The people closest to you are the most likely to use what they find against you in a way that could affect your life.
      For example, I don't want my boss to know I am looking for another job, I don't want my parents to know I smoke pot, I don't want my wife to know I cheated her, I don't want a casual thief to access my bank account.

      I don't know anyone who got into trouble because the governm

      • Google and Apple don't care about you as an individual. To the extent they care about your data, it is as an aggregate, for statistics and optimization and advertising. They aren't interested in trying to get your bank account number and steal your money, for example, the amount of money you have is fuck-all on their scale. They would not be interested in committing a crime with very real consequences for a totally inconsequential amount of money.

        However a random thief that steals your smartphone? Ya they a

  • New version of phone OS -> whoops, now my phone is painfully slow. Guess what users won't do next time an OS upgrade rolls by?

  • by mveloso ( 325617 ) on Wednesday March 15, 2017 @11:42AM (#54043829)

    If you're an android user you can't really update the OS on your phone because for the vast majority of handsets there are no updates available.

    For these surveys they really need to add some questions to determine if the respondent is just flat-out lying or just doesn't understand the difference between an app update and an OS update.

    Plus, some answers make no sense. Who updates their OS when it isn't convenient for them? WTF does that even mean?

  • Does it shock anyone? Most folks just want to use their phones, use the email and SMS, and play a few games. They can't be bothered. Heck, a lot of folks have to have techy person setup their email other than a Gmail/Apple email, as they have no clue, and they have NO clue how to change their password either

  • Obviously (Score:5, Insightful)

    by nospam007 ( 722110 ) * on Wednesday March 15, 2017 @11:45AM (#54043863)

    " about 40% say they only update when it's convenient for them"

    Nobody does it when it's inconvenient, like during watching a movie, during a long phone call or when reading an eBook.

    Ask any Windows user.

    • The thing about Windows updates is that Microsoft has apparently done extensive research and concluded that most people don't actually want to use their computers when they turn them on.

  • Manufacturers are responsible for their devices security, not users. Providing a secure functional device is what they get paid for after all.

  • Why should I? (Score:5, Insightful)

    by sims 2 ( 994794 ) on Wednesday March 15, 2017 @11:54AM (#54043923)

    Your're going to change my UI because you feel like it and make me have to relearn how to do everything just because.

    App *app name here* works great now but after updating erases all saved files and cuts off the name's of new files.

    No old versions are available online in case the new version does not work as expected.

    Backups (if you include restoring the same app version) are only practical with home made scripts or done by hand no other functional recovery options exist (at least not for iphone)

    So why should I update?

    • by moskrin ( 53287 )

      Yes, this. The annoyance of UI changes is by app, not just for OS updates. If something is working and not causing me trouble, I'm probably not going to update it. I had a third party keyboard actually switch around the long press symbols on some of the keys for an update... really, guys?

    • You really don't have to change your UI. I've moved to Nova Launcher on Android, so regardless of what manufacturer of device, that stays the same. It may not be as cool looking as the latest Samsung or Huawei interface, but it stays consistent. Similar when using a custom keyboard app.

  • Those "security issues" are how people reclaim their devices.

  • Yes, I do have a pin on my phone but I don't have it connected to any social media, email or banking sites. I have a contact list and that is it. I don't really even need to lock it.
  • by Anonymous Coward

    Having a screen lock is stupid, unless you have a habit losing your phone or leaving it out and about where anyone can get to it. And if you are, then no manner of screen lock is going to stop someone gaining entry. They have your device, its already game over for you.

    • by creimer ( 824291 )
      A screen lock prevents your ass from making calls while your phone is in the back pocket. A problem I had with an older smart phone when the touch screen got funky. I was always ass calling my boss when I crawled underneath desks for a PC refresh project.
  • Some odd years ago I left my phone at my girlfriend's house. It was not locked. She is now my ex girlfriend and I now lock my phone. The texts she ran across were between me and an old lady friend. They were not serious but I see how they were interpreted as such. Live and learn.
  • I can't. Windows phone*: no more updates; carrier stopped providing them at 8.1 Cyan. Android: without a Google Account, the manufacturer & carrier won't pass them through after the first year or so; WITH a Google Account, it still often won't work without a fair amount of hacking, and if it does work it only extends updates for maybe another year; Google abandons stuff (all kinds of stuff, not just phones) quickly. Apple? No experience, though reportedly they do support devices for up to a couple of ye

  • by Anonymous Coward

    Since mobile app developers all seem to be obsessed with ripping out functionality and making the UI worse and worse, hell yes I stopped updating my apps. As long as they work fine and do what I need, why would I want to? "Newer" doesn't equate to "better".

  • I don't update for a very specific reason - it's difficult to rollback system and app updates on phones. I've run into the issue a couple times where I updated an app and the interface completely changed or features that I used were removed. So my policy now is that I only update if there's a critical security issue or an app no longer works because of a change in a web API it's using.
  • No banking or credit card info. No passwords. No email.

    Why would I lock it? To prevent some ner-do-well from changing my zip code in Gas Buddy?
  • I know people who have actively taken steps to un-secure their phone, for performance reasons. Since encryption was enabled by default on some Android devices, people have turned off the option (which required flashing the phone) in order to give it a performance boost.

  • by Anonymous Coward

    What guarantee do you have that the phone is actually secure. Do the on/off sliders really turn off my microphone, or my location information?

  • While I generally run the latest stable AOSP/CM/LineageOS build available for my devices from the day I buy them, I don't routinely use a secure lock screen.

    It may sound risky, but I'm one of those all-eggs-in-one-basket types. I keep my birth certificate and SIN card in my wallet, and I keep my phone unlocked. Neither leave my side, ever. Not for a second. Not anywhere.

    If I check my coat, my wallet and phone stay with me. If I'm asked to check my phone, I leave the venue and write a negative review.

  • My house has a front door, with a dead-bolt, that can be easily picked in a matter of minutes. But the window next to the door can be smashed in seconds. My car has locks and an alarm, neither of which stop the locksmith from opening it with an airbag. My windshield wipers can easily be removed. Nothing stops anyone from key-ing my car, throwing eggs at my house, or toilet paper in my tree.

    I've left a ten-dollar bill under my wiper for two years.
    On-coming traffic, at 250kph collisions, is separated by a

  • After I upgraded my phone from Android 6.0 to 7.0, I discovered that feature of being able to set trusted spaces where the phone would remain unlocked if it had been unlocked in a configurable number of hours. I have my phone set to lock when put to standby, and I don't let it sit running if I'm not actively doing something with it, so I found myself having to unlock it often at home when I was picking it up frequently while doing short tasks. That setting is great. Much more convenient when I'm in my own h

  • by kent.dickey ( 685796 ) on Wednesday March 15, 2017 @04:55PM (#54046477)

    I clicked through to the detailed report (which was about lots of other things), and they didn't classify the results by at least iOS/Android/Windows Phone, or even better by manufacturer.

    It's very possible 99% of Google and Apple device users update the OS as quick as possible, and 0% of Samsung/HTC/etc. users update (because there are none), and so this doesn't tell us anything.

    Plus, I would answer "when it's convenient for me", meaning always within a day or so.

    It's like they phrased questions to get results to give the most click-baity headlines. This is my shocked face.

  • As if I would do something with my smart phone that required any type of security. I may be dumb, but I'm not stupid.

You might have mail.

Working...