Many Smartphone Owners Don't Take Steps To Secure Their Devices

From Pew Research's new report: More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone's apps or operating system, about 40% say they only update when it's convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten smartphone owners report they never update their phone's operating system (14%) or update the apps on their phone (10%).

Love to update the OS on my phone

Unfortunately that's down to the manufacturer and carrier, neither of which give a flying fuck after they sold you the contract. Probably take someone suing them until this changes in the UK.

Re:Love to update the OS on my phone

[SciFurz]

Probably take someone suing them until this changes in the UK

Or anywhere else, actually.
I haven't had an update in a long time (Samsung S4) but I only checked when it was convenient as well. Now I've rooted it, and secured it more by installing a firewall, hosts list, and program permission tool on it through the F-Droid repository.
But the main thing is to not install every silly app from the store, especially whhile not checking latest reviews and permissions.

Re:Love to update the OS on my phone

[CastrTroy]

That's basically like saying next time you buy a phone you better spend $700 on a phone or you don't deserve to have one running modern software. I can buy a desktop or laptop for half that price and the software remains updated. Why can't the same thing happen on a phone. Is it really too much to ask?

Re: Love to update the OS on my phone

[TheOuterLinux]

Upgraded an iPad 2 to iOS 9. Big mistake. All "upgrading" does on iOS is insure that you'll have to buy the latest device after ever two iOS versions or you're stuck with a slow choppy device that may not even get software updates. I use the term upgrade for system and update for software. It's a Linux thing.

Re:Love to update the OS on my phone

[hairyfeet]

Just buy a $100 phone and toss it every couple of years. Its sad that we have to do that these days but on the upside you can get a 5.5in quad core phone with a couple gb of RAM running Android 6 for around $110 so even if you toss it every couple of years you are still gonna come out ahead over iPhones and those other $700 phones as they will be no longer supported before you have spent even half that and your tech will always be relatively fresh.

Automatic for the win

[Highdude702]

To be fair most android phones I've seen have auto app upgrade enabled. iPhone doesn't but it's possible to set and forget about it until it's updating while you're trying to do something net or process intensive.

Considering how few are offered upgrades...

[Rob+Y.]

I'd be surprised if more than 14% of smartphone owners are even offered the option to upgrade... Presumably the 40% that do take upgrades constitute 40% of those whose phones offer them OTA upgrades.

Most cell phone users

[ColdWetDog]

Don't have anything on their phones of any particular import. Nor do they care that the CIA is following their Candy Krush progress. It's just not something that occurs to many people.

OTOH, there ARE folks who, at the minimum, don't want their credit card details or chats with their surreptitous boyfriends splattered about. Those people need to step up to the plate.

The big problem is that security is a process that requires thinking, planning and continuous execution, i.e., a PITA.

Do you really blame them?

Do you really blame the users for not updating? How many times have you updated an application and found the UI worse (such as filled with ads) or doesn't work as well? (I recently updated the BBC iPlayer and now find that it doesn't work as well - the only reason I updated is because the BBC app wouldn't play videos anymore - so it was a forced upgrade.)

Updating the OS can lead to slower operation, things that worked breaking (especially if you haven't updated your apps :-) ), etc..Even in the typical case, the application continues to work, the UI is somewhat better but nothing much changes.

Why take the time to update? We, as geeks, know why. But for the typical user it is often just a pain in the ass and the balance of risks is negative. Updating makes sense for most people only if something isn't actually working correctly.

Re:Do you really blame them?

[Daetrin]

I skipped out on the upgrade to 5.0 on my old Android phone because i'd seen screen caps of the "new and improved" UI. After getting a new phone and being forcibly leapfrogged to 6.0 i'm glad i resisted as long as i did. It took a couple hours of fiddling around with options and installing a new launcher to get the phone _mostly_ looking the way i wanted. (Still stuck with the bright white backgrounds for the notifications and all the updated Google apps though. And those damn floating buttons everywhere getting in the way of stuff.)

And as others have noted updating apps can be a crapshoot as to whether it actually improves anything or just breaks stuff.

Note: YOUR data is on their phones

[Toe,+The]

Keep in mind that these unsecured phones carry not only information about you (your name, email, phone, address, photos, etc.); but also many contain deep info that allows a hacker to get deeper into other data.

Imagine your doctor's phone isn't secure. Also imagine your doctor stores passwords to her office system in her notes app. The result: your medical records are open to the world.

If 1 in 4 phones is insecure, that basically means all data about you that is out of your direct control... is quite insecure.

Securing it from whom?

[DogDude]

What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?

Re:Securing it from whom?

You, friend, get it. So-called 'smartphones' are not very smart, at least not for the end-user. They're plenty smart for nosy government agencies, corporations, and criminals looking to steal your identity data and other valuable data. In the parlance of some places on the Internets: Smartphones are a troll, and you've all fallen for it. There is no way to actually 'secure' a so-called 'smartphone'; they're by-design inherently unsecure, and likely can't be made secure, either. But they're shiny, so people want them. The theft of their data and vital information is silent; the average, very much non-technical person is completely ignorant of it happening, and worse: between the trend towards believing the natural human need for 'privacy' is some sort of mental illness, and the incorrect belief that if 'you are doing nothing wrong you have nothing to hide', they don't really care, either. I've said it before and I'll keep saying it until the situation changes: you're a fool if you use a smartphone. The only way I'd have one at all, is if I intentionally misconfigured it such that it's not possible for it to connect to the internet AT ALL. That's about the only way you can actually make a smartphone 'secure'.

Re:Securing it from whom?

[Frosty+Piss]

Who would one be securing a phone from, exactly?

Wife.

Re:Securing it from whom?

[GuB-42]

What's the point? Google & Apple and all of the app makers already have all of the data. The government can get to it whenever they'd like. Who would one be securing a phone from, exactly?

If you think Google, Apple and the government are the only ones you need to protect against, you are terribly misguided.
The people closest to you are the most likely to use what they find against you in a way that could affect your life.
For example, I don't want my boss to know I am looking for another job, I don't want my parents to know I smoke pot, I don't want my wife to know I cheated her, I don't want a casual thief to access my bank account.

I don't know anyone who got into trouble because the government used data gathered from a smartphone. Dirty secrets being discovered by someone close looking at an unlocked smartphone, many times, and often with serious consequences.

Re:Securing it from whom?

[thegarbz]

If there's something on your phone you can't share with your wife, chose another wife.

Kids on the other hand, they should not touch adult phones.

They've been burned by upgrades in the past

[hackertourist]

New version of phone OS -> whoops, now my phone is painfully slow. Guess what users won't do next time an OS upgrade rolls by?

14% don't update? They're lying

[mveloso]

If you're an android user you can't really update the OS on your phone because for the vast majority of handsets there are no updates available.

For these surveys they really need to add some questions to determine if the respondent is just flat-out lying or just doesn't understand the difference between an app update and an OS update.

Plus, some answers make no sense. Who updates their OS when it isn't convenient for them? WTF does that even mean?

Obviously

[nospam007]

" about 40% say they only update when it's convenient for them"

Nobody does it when it's inconvenient, like during watching a movie, during a long phone call or when reading an eBook.

Ask any Windows user.

Why should I?

[sims+2]

Your're going to change my UI because you feel like it and make me have to relearn how to do everything just because.

App *app name here* works great now but after updating erases all saved files and cuts off the name's of new files.

No old versions are available online in case the new version does not work as expected.

Backups (if you include restoring the same app version) are only practical with home made scripts or done by hand no other functional recovery options exist (at least not for iphone)

So why should I update?

Re:How do you not secure your smartphone?

[Slalomsk8er]

Why you should set a pin or password for your phone:

The last time I bought a phone I had to wait in a queue was because the lady in front of me did not set a pin or password but her toddler did.
The shop clerk was very sorry but very sure that nobody not even the manufacturer could unlock the phone without her loosing all her data!

That was the argument I needed to get my wife to set a pin on her phone ;)

No kidding

[Sycraft-fu]

Google and Apple don't care about you as an individual. To the extent they care about your data, it is as an aggregate, for statistics and optimization and advertising. They aren't interested in trying to get your bank account number and steal your money, for example, the amount of money you have is fuck-all on their scale. They would not be interested in committing a crime with very real consequences for a totally inconsequential amount of money.

However a random thief that steals your smartphone? Ya they are absolutely interested in something like that. They are interested in getting as much money from you in any way they know how. That is how they operate.

While we certainly do need to consider information security and privacy with regards to big companies, the risks and reasons are very different with relation to individuals and it doesn't mean that we just ignore the problems of individuals. They are the bigger issue.

Like at work, we get people who manage to get their accounts compromised all the time. It has never, near as we or the FBI can tell, been a big company doing it. Google has never Phished someone's password and used it to spam, Apple has never used someone's information to get in the employee system and change their direct deposit target. That has always been an individual, or small group of hackers: A criminal (or criminals) dedicated to criminal activity. That is the real risk that our users really face, and the one we need to be far more concerned about than analytics Google gathers on them.

Re:Why would you?

[parkinglot777]

Exactly! Also, when does updating apps/OS become equivalent to secure? I agree that updating could make the device more secure because the new patch is supposed to close/fix security bugs. However, there are times that new update actually opens/allows new security holes/bugs as well. TFA is just an advertisement to influent people to keep updating apps/OS...

Poor Survey

[kent.dickey]

I clicked through to the detailed report (which was about lots of other things), and they didn't classify the results by at least iOS/Android/Windows Phone, or even better by manufacturer.

It's very possible 99% of Google and Apple device users update the OS as quick as possible, and 0% of Samsung/HTC/etc. users update (because there are none), and so this doesn't tell us anything.

Plus, I would answer "when it's convenient for me", meaning always within a day or so.

It's like they phrased questions to get results to give the most click-baity headlines. This is my shocked face.