Many Smartphone Owners Don't Take Steps To Secure Their Devices (pewresearch.org) 143
From Pew Research's new report: More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone's apps or operating system, about 40% say they only update when it's convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten smartphone owners report they never update their phone's operating system (14%) or update the apps on their phone (10%).
Love to update the OS on my phone (Score:5, Insightful)
Unfortunately that's down to the manufacturer and carrier, neither of which give a flying fuck after they sold you the contract. Probably take someone suing them until this changes in the UK.
Re: (Score:1)
Next time buy an iPhone or a Nexus.
Re: (Score:3)
That's basically like saying next time you buy a phone you better spend $700 on a phone or you don't deserve to have one running modern software. I can buy a desktop or laptop for half that price and the software remains updated. Why can't the same thing happen on a phone. Is it really too much to ask?
Re: (Score:3)
Have a Nexus4 and Google dropped support (Score:1)
Have a Nexus4 and Google dropped support!
The phone is fine. No issues, except that Google won't security patch the OS. They seem to think that $450 devices are good for 3 yrs.
I disagree.
There should be a law.
Re: (Score:2)
Nexus, what Nexus?
Google more or less killed the Nexus program with the Pixel line, The last one is the Nexus 6P and we can expect official support to be dropped in 1 or 2 years.
Re: (Score:2)
can't update my iphone 4 to newest either. other than the security (vendor controlled) the phone continues to work as a phone and smart device. deliberate disablement happens for a reason.
Re: Love to update the OS on my phone (Score:2)
Re: (Score:2)
Or anywhere else, actually.
I haven't had an update in a long time (Samsung S4) but I only checked when it was convenient as well. Now I've rooted it, and secured it more by installing a firewall, hosts list, and program permission tool on it through the F-Droid repository.
But the main thing is to not install every silly app from the store, especially whhile not checking latest reviews and permissions.
Re: (Score:2)
Not really. If your Device gets hacked, a person will be more likely to blame the Carrier or the Manufacturer than themselves. And we now live in a world where factless ranting takes precedence over facts now.
Re: Love to update the OS on my phone (Score:2)
Re: (Score:2)
Not just phones. Anyone else remember the McAfee .DAT update that bricked Windows Workstations (7 and XP) circa 2010 ???
Re: (Score:2)
Actually, that doesn't apply for certain low end configurations. Just like in PCs, if you happen to have a WinBook w/ 1GB RAM and 16GB storage, you won't be prompted to upgrade to Windows 10 from 8. Similarly, a year ago, I tried updating an old Lumia 520 that I had passed down to somebody else w/ Windows 10, and it wouldn't let it: the configuration of 512MB RAM just wouldn't support it. I currently have a Lumia 550 which comes w/ Windows 10 preinstalled, and where it has 8GB flash drive and 1GB RAM, an
Why would you? (Score:1)
At least for appity-apps on android, why would you bother updating once you get it to work? Each update is worse than the last - more features broken, less stable, additional ads crammed in everywhere. As far as updating OS is concerned, boy, that switch to N sure broke a lot of old apps huh! captcha: walnuts, as in nuts to this!
Re: (Score:2)
Agreed.
My old Samsung worked fine when I got it, and over its lifetime suffered two noticeable degradations in reliability - each coinciding with an automatic update of the OS. Each update left more device features unreliable or completely borked.
New (also Android) phone works fine for now. Need to find a way to turn off automatic updates before it ends up going the same way.
Re: (Score:2)
Not just Android, in iOS, updating in a lot of cases just meant more of my storage getting eaten - and here, there are no SD slots for me to make that irrelevant. That's what I ran into w/ my iPad mini, which is now stuck on 9.3. I had to delete all the photos from that tablet and put them up on OneDrive, so that I wouldn't miss them. My iPhone probably won't have that issue, having as it does 128GB storage, but my iPad mini is something I'll have to figure out.
Re: (Score:3)
Exactly! Also, when does updating apps/OS become equivalent to secure? I agree that updating could make the device more secure because the new patch is supposed to close/fix security bugs. However, there are times that new update actually opens/allows new security holes/bugs as well. TFA is just an advertisement to influent people to keep updating apps/OS...
Re: (Score:1)
Automatic for the win (Score:3)
To be fair most android phones I've seen have auto app upgrade enabled. iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.
Re: (Score:2)
+1 Factually Untrue since iOS 7 [9to5mac.com].
By default, it won't auto-update unless you are plugged in and on WiFi, which seems like a good time to be doing maintenance like this. You can opt-in to automatic downloads over cellular, if you prefer.
Re: (Score:2)
I said
To be fair most android phones I've seen have auto app upgrade enabled.
following that was
iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.
Now you come along saying its factually untrue, referring to a link saying you have to turn the auto update feature as its not enabled by default, Also you can choose whether to use mobile data or wifi or just wifi. Hopefully you read my comment incorrectly and this was just a misunderstanding.
Re: (Score:2)
I have a corporate issued iphone whose contract doesn't allow OTA updates. And the company doesn't allow phones on the wifi. So I've never updated it from the version 8-something it came with.
Re: (Score:2)
I didn't say all, I didn't say shit about corporate. and it seems like your situation would be in a far lesser percentile than what I was talking about. So what was your comment about?
How do you not secure your smartphone? (Score:2)
With both Android and iOS, the device will ship encrypted, and all one has to do is set the PIN and fingerprint. Updates are generally done automatically, with OS updated being the only real thing that is prompted for, and that usually takes a click or two.
With updates being pretty much automatic, there isn't much to do as a user, for the most part, other than periodically checking that the iCloud or Titanium Backup image was successful.
Re: (Score:2)
Ship encrypted?
Last Android phone I dug into was not encrypted. The user privileges were set to where my standard use did not have root-level access to the device (which made getting my stuff off of the phone when it broke very difficult) but once I figured out how to get to some obscure menus at boot-time I was able to mostly find what I was looking to find through the filesystem and to copy over to a Linux box.
I would be very happy if Android came with the equivalent of Sudo.
Re: (Score:2)
Late 2015, I bought a HTC One A9, which is an entry-level phone. The default ROM ships with /data encrypted by default but with no authentication. During setup, when one set the PIN and such, it would change the stored password. When moving to a CM/LineageOS ROM, /data was not encrypted, but that was not too difficult to fix up. Samsung phones also ship with /data encrypted as well.
As for Sudo, the closest to that would be SuperSU or something similar. There are no real weaknesses for having a rooted p
Re: (Score:2)
The user privileges were set to where my standard use did not have root-level access to the device (which made getting my stuff off of the phone when it broke very difficult) but once I figured out how to get to some obscure menus at boot-time I was able to mostly find what I was looking to find through the filesystem and to copy over to a Linux box.
Why not use adb-sync? You don't need root on the phone to access the data over USB which is why it's recommended that you also encrypt the phone.
I have never heard of an Android phone shipping with encryption enabled.
Re: (Score:2)
I set a password on my phone, though I'm not sure it was a good idea. If I lose my phone I just need to change my Google password, as nothing else there will be of value to anyone. Didn't bother with a password for my last phone.
Anyone who installs stuff like banking apps on his phone is asking for it, really. Phones are fundamentally insecure devices (and the more apps you install, the less secure they are). Trusting them for access to something of real value seems foolish to me.
Re: (Score:2)
Anyone who installs stuff like banking apps on his phone is asking for it, really.
I had to install the banking app on my iPhone because no web browser supports running the Java plugin for depositing checks remotely. I'm sure the bank will figure out someday that no one is depositing checks via the website.
Re: (Score:2)
In the rare case where I have a physical check to deposit, I just mail it in. I've been banking primarily by mail for years - as long as your paycheck is direct deposit, it's not really a problem.
Re: (Score:2)
I just go to my nearest Wells Fargo and deposit it at the counter. Most secure that way. I rarely get checks though nowadays - my salary is often directly wired.
Re: (Score:2)
I would argue that banking apps on a phone might be more secure than on a PC. Mainly because done right, a phone has far less chance of getting malware that can access the banking app's jail or directory than rogue software running as a user context on a user's PC. Nothing is 100%, of course.
Re: (Score:2)
The same malware creators target both platforms equally now. Too many banks try to use the phone as a 2nd factor, so it's a very valuable malware target, and attackers have had enough success to make the news in security circles.
A PC is really pretty secure (in this specific case) if you don't use the same browser for banking as everything else, because the vast majority of malware here is "man in the browser" attacks (and they try to stay hidden after infecting the browser, not call attention by trying to
Re: (Score:2)
You are not paranoid, you are smart. I keep my financial stuff in a VM, and keep my Web browsing in another VM [1]. Separation of stuff is common sense, especially with all the stuff that runs in a browser that is untrusted.
This makes me wonder... why doesn't a phone maker use VMs in phones? ARM already has a built in hypervisor (the "worlds" functionality that allows for trusted and untrusted), why not use that, coupled with back-end deduplication and encryption. With a phone that has 2+ SIM cards, it
Re: (Score:2)
When I was at VMware, years back, they were busily developing VMware for phones (focused on providing a "Work VM" that could be remotely wiped, leaving the rest of your phone untouched). I can only assume there wasn't a market for it, since I haven't seen it since.
Hypervisor escape exploits are very rare and valuable, and usually involve some sort of built-in sharing between VMs.
Re: (Score:2)
Why you should set a pin or password for your phone:
The last time I bought a phone I had to wait in a queue was because the lady in front of me did not set a pin or password but her toddler did.
The shop clerk was very sorry but very sure that nobody not even the manufacturer could unlock the phone without her loosing all her data!
That was the argument I needed to get my wife to set a pin on her phone ;)
Re: (Score:2)
If it is a smartphone, people have the choice of backing up their data to the respective cloud platform - be it iCloud, Google Drive or OneDrive. That's one of the first things I set on any phone I get. One primary reason for that - on 2G phones, one could either save meaningful data on a phone or limited data on a SIM, and every time we got new phones, it was a pain migrating the numbers. My parents had the habit of entering a person's name and type both in the name field, so that saving on a SIM was ea
Re: (Score:2)
The other thing to that - by backing my entire configuration profile to 'the cloud', the moment I get a new phone b'cos the previous one was lost, or I wanted to upgrade, I just enter my email during setup, and it retrieves everything I had - apps, wallpaper and so on, and I'm good to continue where I left off.
I'm shocked the restore to new phone feature worked for you. I tried the process probably four times on my Moto X Pure before I gave up. It would only copy maybe 30 out of 120 apps and then silently fail.
Re: (Score:2)
A well-reasoned point. I don't have children or pets, so I can have nice things, but that's a small demographic.
Re: (Score:1)
Since my Nexus 5 has no fingerprint sensor, I have to lock and then unlock it when I pay at the supermarket.
Re: (Score:2)
Likewise. I don't give my android any credentials to financial junk, or link it to a google account or login to just about anything with it, or side-load more than a couple really basic apps, or let it onto my home wifi network, and I don't use a lockscreen, because the delay of deactivating the lockscreen makes it a pretty useless UI for my purposes.
In other words, I don't trust the device to stay secure even when locked down, so why bother securing it? Just use it for meaningless junk and non-sensitive
Considering how few are offered upgrades... (Score:3)
I'd be surprised if more than 14% of smartphone owners are even offered the option to upgrade... Presumably the 40% that do take upgrades constitute 40% of those whose phones offer them OTA upgrades.
Re: (Score:2)
This applies to Android phones, and it would seem the Kitkat and earlier ones. I recently updated my Lollipop tablet w/ an update which allowed me to store and run apps from the SD card - a Marshmallow feature that seems to have been backported. Yeah, for all previous phones or tablets - up to kitkat - it was up to the carrier to provide updates. Same for Windows 8 phones.
Apple was the exception, and both Google and Microsoft realized the damage not having updates ready was doing to their brand. So t
Most cell phone users (Score:3)
Don't have anything on their phones of any particular import. Nor do they care that the CIA is following their Candy Krush progress. It's just not something that occurs to many people.
OTOH, there ARE folks who, at the minimum, don't want their credit card details or chats with their surreptitous boyfriends splattered about. Those people need to step up to the plate.
The big problem is that security is a process that requires thinking, planning and continuous execution, i.e., a PITA.
Re: (Score:2)
Re: (Score:2)
Don't have anything on their phones of any particular import.
I have no PIN on my phone. I just swipe and it is ready to go. So if someone steals my phone, they will have access to my mom's phone number and my grocery list. Stuff that matters, like my digital wallet, have individual app-level PINs.
Re: Most cell phone users (Score:1)
Do you really blame them? (Score:5, Insightful)
Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well? (I recently updated the BBC iPlayer and now find that it doesn't work as well - the only reason I updated is because the BBC app wouldn't play videos anymore - so it was a forced upgrade.)
Updating the OS can lead to slower operation, things that worked breaking (especially if you haven't updated your apps :-) ), etc..Even in the typical case, the application continues to work, the UI is somewhat better but nothing much changes.
Why take the time to update? We, as geeks, know why. But for the typical user it is often just a pain in the ass and the balance of risks is negative. Updating makes sense for most people only if something isn't actually working correctly.
Re: (Score:2)
Yeah, it seems that iOS and Android updates tend to cause more issues than they fix, especially if you have an older iPhone or Android phone that the vendor doesn't care about anymore.
Re: (Score:2)
NINAB newer is not always better.
One of the only cases i've seen where newer is often better is on the smart tv updates. A lot of them are very slow and unresponsive when they ship and they get performance updates later. Although on those you're lucky if you get any updates at all most updates are just to let you know features XYZ have been removed and will no longer function (while they quit working 6 months before) then you have a nice dedicated button on your remote for an app your tv no longer has.
IME t
Re: (Score:2)
My experience with iPhone OS updates is that they tend to make things better until they don't, since Apple will provide updates past when the hardware will run them well. That's why I always delay a few weeks and Google the update.
Re: (Score:2)
There are some apps I refuse to update on my phone, because the update requires me to accept snooping privileges I don't think I can trust the maker of the app with.
For security reasons, it's a better option to NOT update them.
Re: (Score:2)
Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well?
Yup, if it ain't broke, don't fix it.
.apk from my wife's phone, installed it onto mine, and disabled all updates. I'll never update a working app again.
I once updated an app that I used regularly. The new UI changed so much that a process that used to take 5-10 minutes in the old app would have taken an hour in the new app. No, thanks. I uninstalled the app, restored the
Re: (Score:3)
Re: (Score:2)
"How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well?"
Actually, not that many. Over 8+ years as an Android user, most apps have survived the upgrades with minimal problems. Exceptions, yes, but not many.
Ads have proliferated across the entirety of the app spectrum. That's a canard. Users should accept updates or get an iPhone.
Note: YOUR data is on their phones (Score:2)
Keep in mind that these unsecured phones carry not only information about you (your name, email, phone, address, photos, etc.); but also many contain deep info that allows a hacker to get deeper into other data.
Imagine your doctor's phone isn't secure. Also imagine your doctor stores passwords to her office system in her notes app. The result: your medical records are open to the world.
If 1 in 4 phones is insecure, that basically means all data about you that is out of your direct control... is quite insecu
Securing it from whom? (Score:5, Insightful)
Re: (Score:2, Interesting)
Re:Securing it from whom? (Score:5, Insightful)
Who would one be securing a phone from, exactly?
Wife.
Re: (Score:3)
If there's something on your phone you can't share with your wife, chose another wife.
Kids on the other hand, they should not touch adult phones.
Re: (Score:3)
What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?
If you think Google, Apple and the government are the only ones you need to protect against, you are terribly misguided.
The people closest to you are the most likely to use what they find against you in a way that could affect your life.
For example, I don't want my boss to know I am looking for another job, I don't want my parents to know I smoke pot, I don't want my wife to know I cheated her, I don't want a casual thief to access my bank account.
I don't know anyone who got into trouble because the governm
No kidding (Score:3)
Google and Apple don't care about you as an individual. To the extent they care about your data, it is as an aggregate, for statistics and optimization and advertising. They aren't interested in trying to get your bank account number and steal your money, for example, the amount of money you have is fuck-all on their scale. They would not be interested in committing a crime with very real consequences for a totally inconsequential amount of money.
However a random thief that steals your smartphone? Ya they a
They've been burned by upgrades in the past (Score:4, Insightful)
New version of phone OS -> whoops, now my phone is painfully slow. Guess what users won't do next time an OS upgrade rolls by?
14% don't update? They're lying (Score:3)
If you're an android user you can't really update the OS on your phone because for the vast majority of handsets there are no updates available.
For these surveys they really need to add some questions to determine if the respondent is just flat-out lying or just doesn't understand the difference between an app update and an OS update.
Plus, some answers make no sense. Who updates their OS when it isn't convenient for them? WTF does that even mean?
Re: (Score:2)
Never had an issue with OS updates with CM/LineageOS and not installing GApps...
Re: (Score:2)
So you don't even use an Android phone.
What was your point?
Re: 14% don't update? They're lying (Score:2)
How did you activate it?
Re: (Score:1)
All Windows 10 users.
Does this shock anyone? (Score:2)
Does it shock anyone? Most folks just want to use their phones, use the email and SMS, and play a few games. They can't be bothered. Heck, a lot of folks have to have techy person setup their email other than a Gmail/Apple email, as they have no clue, and they have NO clue how to change their password either
Obviously (Score:5, Insightful)
" about 40% say they only update when it's convenient for them"
Nobody does it when it's inconvenient, like during watching a movie, during a long phone call or when reading an eBook.
Ask any Windows user.
Re: (Score:2)
The thing about Windows updates is that Microsoft has apparently done extensive research and concluded that most people don't actually want to use their computers when they turn them on.
Manufacterers (Score:1)
Manufacturers are responsible for their devices security, not users. Providing a secure functional device is what they get paid for after all.
Why should I? (Score:5, Insightful)
Your're going to change my UI because you feel like it and make me have to relearn how to do everything just because.
App *app name here* works great now but after updating erases all saved files and cuts off the name's of new files.
No old versions are available online in case the new version does not work as expected.
Backups (if you include restoring the same app version) are only practical with home made scripts or done by hand no other functional recovery options exist (at least not for iphone)
So why should I update?
Re: (Score:1)
Yes, this. The annoyance of UI changes is by app, not just for OS updates. If something is working and not causing me trouble, I'm probably not going to update it. I had a third party keyboard actually switch around the long press symbols on some of the keys for an update... really, guys?
Re: (Score:2)
You really don't have to change your UI. I've moved to Nova Launcher on Android, so regardless of what manufacturer of device, that stays the same. It may not be as cool looking as the latest Samsung or Huawei interface, but it stays consistent. Similar when using a custom keyboard app.
Consider that those updates break functionality. (Score:2)
Those "security issues" are how people reclaim their devices.
Why Bother? (Score:2)
Screen locks are stupid (Score:1)
Having a screen lock is stupid, unless you have a habit losing your phone or leaving it out and about where anyone can get to it. And if you are, then no manner of screen lock is going to stop someone gaining entry. They have your device, its already game over for you.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
what about keeping the phone in a front pocket?
Then it becomes a dick call.
Formerly in that number (Score:2)
Even When I Want To... (Score:1)
I can't. Windows phone*: no more updates; carrier stopped providing them at 8.1 Cyan. Android: without a Google Account, the manufacturer & carrier won't pass them through after the first year or so; WITH a Google Account, it still often won't work without a fair amount of hacking, and if it does work it only extends updates for maybe another year; Google abandons stuff (all kinds of stuff, not just phones) quickly. Apple? No experience, though reportedly they do support devices for up to a couple of ye
Why update? (Score:1)
Since mobile app developers all seem to be obsessed with ripping out functionality and making the UI worse and worse, hell yes I stopped updating my apps. As long as they work fine and do what I need, why would I want to? "Newer" doesn't equate to "better".
Some updates are more than security... (Score:2)
Nothing sensitive is on my phone (Score:2)
Why would I lock it? To prevent some ner-do-well from changing my zip code in Gas Buddy?
un-securing... (Score:2)
I know people who have actively taken steps to un-secure their phone, for performance reasons. Since encryption was enabled by default on some Android devices, people have turned off the option (which required flashing the phone) in order to give it a performance boost.
Even if you go through the effort (Score:1)
What guarantee do you have that the phone is actually secure. Do the on/off sliders really turn off my microphone, or my location information?
Re: (Score:2)
security isn't important (Score:2)
My house has a front door, with a dead-bolt, that can be easily picked in a matter of minutes. But the window next to the door can be smashed in seconds. My car has locks and an alarm, neither of which stop the locksmith from opening it with an airbag. My windshield wipers can easily be removed. Nothing stops anyone from key-ing my car, throwing eggs at my house, or toilet paper in my tree.
I've left a ten-dollar bill under my wiper for two years.
On-coming traffic, at 250kph collisions, is separated by a
I like that geofence feature in Android 7. (Score:2)
After I upgraded my phone from Android 6.0 to 7.0, I discovered that feature of being able to set trusted spaces where the phone would remain unlocked if it had been unlocked in a configurable number of hours. I have my phone set to lock when put to standby, and I don't let it sit running if I'm not actively doing something with it, so I found myself having to unlock it often at home when I was picking it up frequently while doing short tasks. That setting is great. Much more convenient when I'm in my own h
Poor Survey (Score:3)
I clicked through to the detailed report (which was about lots of other things), and they didn't classify the results by at least iOS/Android/Windows Phone, or even better by manufacturer.
It's very possible 99% of Google and Apple device users update the OS as quick as possible, and 0% of Samsung/HTC/etc. users update (because there are none), and so this doesn't tell us anything.
Plus, I would answer "when it's convenient for me", meaning always within a day or so.
It's like they phrased questions to get results to give the most click-baity headlines. This is my shocked face.
I pay with cash (Score:2)
Re: (Score:2)
There are ways to secure from all but the most determined. For example, on Android, encrypting /data with a password separate from your screen locker PIN ensure that someone power cycling the phone is dealing with a 30+ character passphrase, which will be a lot harder to guess than 4-6 digits. Using a firewall program, one can block outgoing network communications. Backups can be handled by Titanium Backup (which has a very well thought out encryption system.) If xPrivacy were updated, that would provid