Smartphone security: the real danger behind our addiction to apps

As Laura Flack, head of digital safety at Barclays points out: “Everyone probably knows someone who has fallen victim to a fraudster. Crooks are using ever more sophisticated tactics to trick people into handing over their bank details, or to pay money into a fraudster’s account when they believe they are simply paying their builder or solicitor. We need to super-charge our digital knowhow to prevent this crime from happening.”

Mark James of IT security company ESET, says: “In this modern day of apps installed on smartphones, we are not always aware of the consequences of accepting the terms and conditions (or permissions) that these apps have.

“A lot of the apps we use on a daily basis are of a social nature, that is, the more people who use it, the better it is. If you want to chat, swap photos or communicate with friends and family you really have no choice but to accept; for all this to work, data must be provided to the app maker. It might include access to your location, spending habits, photos, contacts or even recorded voice, hopefully all moving through encrypted channels and stored safely, but not always …”

Data breaches and online security violations are very much a 21st-century problem. A survey from the British Chamber of Commerce found that one in five businesses had been attacked by cybercriminals in the past year. In February, hackers broke into web servers hosting the Association of British Travel Agents and stole data related to customers of its members.

While apps to bank, shop or chat online may only require a small amount of user data, which could be harmless by itself, if online criminals gain access to it all, they could combine the information and take advantage of consumers, says Prof Tim Watson, director of the Cyber Security Centre at the University of Warwick. “It is the aggregation of the data which starts to make it dangerous … When you start to put them together and profile people, you can start to work out when they are on holiday and where their home address is,” he says.

Maryam Mehrnezhad, who was part of the research team at Newcastle University that revealed what could be garnered from a simple tilt, says the sensors in mobile phones also leave behind a trail of information. “A good example is GPS. There are many apps that work based on the location of the users, for example, for tracking friends and family,” she says. “Another example is sharing records of activities, for instance, running or riding, via motion sensors, on social media.”

While consumers could be blamed for not taking simple steps – such as setting a strong password – to protect themselves online, the blame should not be so simply apportioned, say the experts. “People think security is going to be complicated, but it does not need to be – there are many easy and free tools available for everyone to use,” says James.

So what changes can you make to your online behaviour to help ensure that the crumbs of data you leave behind do not result in a security breach?

“Often staying safe isn’t rocket science. A few practical steps and a dose of vigilance can boost your safety immeasurably,” says Flack. “Remember, if something sounds too good to be true, it probably is.”

Mehrnezhad offers additional tips. “People can be lazy in closing their background apps and browser windows. You should close them when you are not using them,” she says. “Sometimes mobile users install multiple apps and keep them on their devices. You need to uninstall the apps that you no longer need. Security patches are being constantly released by the vendors. You should keep your phone operating system and apps up to date … And last, but not least, every now and then, audit the permissions that apps have on your phone via the system settings.”

The National Cyber Security Centre, part of GCHQ, gives advice on how cyber gangs operate. Anyone who thinks they might have been a victim of cyber crime should visit Action Fraud or contact them on 0300 123 2040