Slashdot Mirror
Many Smartphone Owners Don't Take Steps To Secure Their Devices (pewresearch.org)
From Pew Research's new report: More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone's apps or operating system, about 40% say they only update when it's convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten smartphone owners report they never update their phone's operating system (14%) or update the apps on their phone (10%).
Unfortunately that's down to the manufacturer and carrier, neither of which give a flying fuck after they sold you the contract. Probably take someone suing them until this changes in the UK.
At least for appity-apps on android, why would you bother updating once you get it to work? Each update is worse than the last - more features broken, less stable, additional ads crammed in everywhere. As far as updating OS is concerned, boy, that switch to N sure broke a lot of old apps huh! captcha: walnuts, as in nuts to this!
To be fair most android phones I've seen have auto app upgrade enabled. iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.
With both Android and iOS, the device will ship encrypted, and all one has to do is set the PIN and fingerprint. Updates are generally done automatically, with OS updated being the only real thing that is prompted for, and that usually takes a click or two.
With updates being pretty much automatic, there isn't much to do as a user, for the most part, other than periodically checking that the iCloud or Titanium Backup image was successful.
I'd be surprised if more than 14% of smartphone owners are even offered the option to upgrade... Presumably the 40% that do take upgrades constitute 40% of those whose phones offer them OTA upgrades.
Posted from my Android phone. Oh, I can change this? There, that's better...
Don't have anything on their phones of any particular import. Nor do they care that the CIA is following their Candy Krush progress. It's just not something that occurs to many people.
OTOH, there ARE folks who, at the minimum, don't want their credit card details or chats with their surreptitous boyfriends splattered about. Those people need to step up to the plate.
The big problem is that security is a process that requires thinking, planning and continuous execution, i.e., a PITA.
Faster! Faster! Faster would be better!
Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well? (I recently updated the BBC iPlayer and now find that it doesn't work as well - the only reason I updated is because the BBC app wouldn't play videos anymore - so it was a forced upgrade.)
Updating the OS can lead to slower operation, things that worked breaking (especially if you haven't updated your apps :-) ), etc..Even in the typical case, the application continues to work, the UI is somewhat better but nothing much changes.
Why take the time to update? We, as geeks, know why. But for the typical user it is often just a pain in the ass and the balance of risks is negative. Updating makes sense for most people only if something isn't actually working correctly.
Keep in mind that these unsecured phones carry not only information about you (your name, email, phone, address, photos, etc.); but also many contain deep info that allows a hacker to get deeper into other data.
Imagine your doctor's phone isn't secure. Also imagine your doctor stores passwords to her office system in her notes app. The result: your medical records are open to the world.
If 1 in 4 phones is insecure, that basically means all data about you that is out of your direct control... is quite insecure.
What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?
I don't respond to AC's.
New version of phone OS -> whoops, now my phone is painfully slow. Guess what users won't do next time an OS upgrade rolls by?
If you're an android user you can't really update the OS on your phone because for the vast majority of handsets there are no updates available.
For these surveys they really need to add some questions to determine if the respondent is just flat-out lying or just doesn't understand the difference between an app update and an OS update.
Plus, some answers make no sense. Who updates their OS when it isn't convenient for them? WTF does that even mean?
Does it shock anyone? Most folks just want to use their phones, use the email and SMS, and play a few games. They can't be bothered. Heck, a lot of folks have to have techy person setup their email other than a Gmail/Apple email, as they have no clue, and they have NO clue how to change their password either
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
" about 40% say they only update when it's convenient for them"
Nobody does it when it's inconvenient, like during watching a movie, during a long phone call or when reading an eBook.
Ask any Windows user.
Manufacturers are responsible for their devices security, not users. Providing a secure functional device is what they get paid for after all.
Time is what keeps everything from happening all at once.
Your're going to change my UI because you feel like it and make me have to relearn how to do everything just because.
App *app name here* works great now but after updating erases all saved files and cuts off the name's of new files.
No old versions are available online in case the new version does not work as expected.
Backups (if you include restoring the same app version) are only practical with home made scripts or done by hand no other functional recovery options exist (at least not for iphone)
So why should I update?
Minimum threshold fixed. Thanks!
Those "security issues" are how people reclaim their devices.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Yes, I do have a pin on my phone but I don't have it connected to any social media, email or banking sites. I have a contact list and that is it. I don't really even need to lock it.
love is just extroverted narcissism
Having a screen lock is stupid, unless you have a habit losing your phone or leaving it out and about where anyone can get to it. And if you are, then no manner of screen lock is going to stop someone gaining entry. They have your device, its already game over for you.
Some odd years ago I left my phone at my girlfriend's house. It was not locked. She is now my ex girlfriend and I now lock my phone. The texts she ran across were between me and an old lady friend. They were not serious but I see how they were interpreted as such. Live and learn.
Brought to you by Carl's Junior.
I can't. Windows phone*: no more updates; carrier stopped providing them at 8.1 Cyan. Android: without a Google Account, the manufacturer & carrier won't pass them through after the first year or so; WITH a Google Account, it still often won't work without a fair amount of hacking, and if it does work it only extends updates for maybe another year; Google abandons stuff (all kinds of stuff, not just phones) quickly. Apple? No experience, though reportedly they do support devices for up to a couple of years at least.
*Windows note: I *was* able to get more updates by joining "Windows Insider" which bypasses the carrier - but only to a point. The phone is running Win10 now, but stopped updating at 1511; no further update activity (even minor stuff) since that loaded about 9 months ago. No, I'm not going to get "preview builds" on a working phone. And btw as a phone/mobile OS 8.1 was better ... same functions and apps, but in a smaller footprint.
Since mobile app developers all seem to be obsessed with ripping out functionality and making the UI worse and worse, hell yes I stopped updating my apps. As long as they work fine and do what I need, why would I want to? "Newer" doesn't equate to "better".
I don't update for a very specific reason - it's difficult to rollback system and app updates on phones. I've run into the issue a couple times where I updated an app and the interface completely changed or features that I used were removed. So my policy now is that I only update if there's a critical security issue or an app no longer works because of a change in a web API it's using.
No banking or credit card info. No passwords. No email.
Why would I lock it? To prevent some ner-do-well from changing my zip code in Gas Buddy?
Have a Nexus4 and Google dropped support!
The phone is fine. No issues, except that Google won't security patch the OS. They seem to think that $450 devices are good for 3 yrs.
I disagree.
There should be a law.
I know people who have actively taken steps to un-secure their phone, for performance reasons. Since encryption was enabled by default on some Android devices, people have turned off the option (which required flashing the phone) in order to give it a performance boost.
What guarantee do you have that the phone is actually secure. Do the on/off sliders really turn off my microphone, or my location information?
While I generally run the latest stable AOSP/CM/LineageOS build available for my devices from the day I buy them, I don't routinely use a secure lock screen.
It may sound risky, but I'm one of those all-eggs-in-one-basket types. I keep my birth certificate and SIN card in my wallet, and I keep my phone unlocked. Neither leave my side, ever. Not for a second. Not anywhere.
If I check my coat, my wallet and phone stay with me. If I'm asked to check my phone, I leave the venue and write a negative review. Every time I stand up, I tap my pockets (subtly) - cell phone, keys, wallet. Check!
Because the cost of losing control over my wallet or phone is so high, I take no chances, and to date, have never had it happen. Knock wood, right? :)
Same goes for other items we tend to lose; I buy wickedly overpriced but quality pens, scarves, hats, gloves, etc., so that they're always on the back of my mind.
That said, if I'm at a party or bar, or out camping, I do throw on at least a pin lock.
A government is a body of people notably ungoverned - AC
Actually, that doesn't apply for certain low end configurations. Just like in PCs, if you happen to have a WinBook w/ 1GB RAM and 16GB storage, you won't be prompted to upgrade to Windows 10 from 8. Similarly, a year ago, I tried updating an old Lumia 520 that I had passed down to somebody else w/ Windows 10, and it wouldn't let it: the configuration of 512MB RAM just wouldn't support it. I currently have a Lumia 550 which comes w/ Windows 10 preinstalled, and where it has 8GB flash drive and 1GB RAM, and it runs just fine. However, that low end thing doesn't.
That said, you are right in that in Windows 10, Microsoft has taken over the updating job. It took for ever for the Lumia Icon for Verizon to get an update from 8 to 8.1, thanks to Verizon. For their W10M phones, Microsoft took over that job. Of course, it's another thing that neither Verizon nor Sprint has any Windows phones. With AT&T and TMo, one at least has the option of buying a SIM and putting it into the phone, and it'll work seamlessly.
My house has a front door, with a dead-bolt, that can be easily picked in a matter of minutes. But the window next to the door can be smashed in seconds. My car has locks and an alarm, neither of which stop the locksmith from opening it with an airbag. My windshield wipers can easily be removed. Nothing stops anyone from key-ing my car, throwing eggs at my house, or toilet paper in my tree.
I've left a ten-dollar bill under my wiper for two years.
On-coming traffic, at 250kph collisions, is separated by a yellow line of paint.
I don't wear a helmet when I walk the dog, anyone could swing a baseball bat at my head, and kill me in an instant.
I don't even know how I would stop someone from dropping a handful of dandelion seeds onto my green lawn.
Really, I don't care about my phone, nor anything in it. Between, insurance, accountability, and having chosen a safe place to live, I don't expect anyone is actually worried that their life and family would be disrupted by anything in their phone.
There are ways to secure from all but the most determined. For example, on Android, encrypting /data with a password separate from your screen locker PIN ensure that someone power cycling the phone is dealing with a 30+ character passphrase, which will be a lot harder to guess than 4-6 digits. Using a firewall program, one can block outgoing network communications. Backups can be handled by Titanium Backup (which has a very well thought out encryption system.) If xPrivacy were updated, that would provide further protection by allowing apps to slurp data... but the data they getting is bogus and random.
Google and Apple don't care about you as an individual. To the extent they care about your data, it is as an aggregate, for statistics and optimization and advertising. They aren't interested in trying to get your bank account number and steal your money, for example, the amount of money you have is fuck-all on their scale. They would not be interested in committing a crime with very real consequences for a totally inconsequential amount of money.
However a random thief that steals your smartphone? Ya they are absolutely interested in something like that. They are interested in getting as much money from you in any way they know how. That is how they operate.
While we certainly do need to consider information security and privacy with regards to big companies, the risks and reasons are very different with relation to individuals and it doesn't mean that we just ignore the problems of individuals. They are the bigger issue.
Like at work, we get people who manage to get their accounts compromised all the time. It has never, near as we or the FBI can tell, been a big company doing it. Google has never Phished someone's password and used it to spam, Apple has never used someone's information to get in the employee system and change their direct deposit target. That has always been an individual, or small group of hackers: A criminal (or criminals) dedicated to criminal activity. That is the real risk that our users really face, and the one we need to be far more concerned about than analytics Google gathers on them.
After I upgraded my phone from Android 6.0 to 7.0, I discovered that feature of being able to set trusted spaces where the phone would remain unlocked if it had been unlocked in a configurable number of hours. I have my phone set to lock when put to standby, and I don't let it sit running if I'm not actively doing something with it, so I found myself having to unlock it often at home when I was picking it up frequently while doing short tasks. That setting is great. Much more convenient when I'm in my own home and I wont be losing my phone, but once I leave home it goes back into its normal locked down mode.
I clicked through to the detailed report (which was about lots of other things), and they didn't classify the results by at least iOS/Android/Windows Phone, or even better by manufacturer.
It's very possible 99% of Google and Apple device users update the OS as quick as possible, and 0% of Samsung/HTC/etc. users update (because there are none), and so this doesn't tell us anything.
Plus, I would answer "when it's convenient for me", meaning always within a day or so.
It's like they phrased questions to get results to give the most click-baity headlines. This is my shocked face.
As if I would do something with my smart phone that required any type of security. I may be dumb, but I'm not stupid.