If you’re one of those people who tend to lose their phone shortly after putting it down, then you’ll want to read this. According to a new study, if you lose your smartphone, you have a 50/50 chance of getting it back. But chances are much higher -- nearly 100 percent -- that whoever retrieves it will try to access your private information and apps.
According to a study by Symantec, 96 percent of people who picked up the lost phones tried to access personal or business data on the device. In 45 percent of cases, people tried to access the corporate email client on the device.
“This finding demonstrates the high risks posed by an unmanaged, lost smartphone to sensitive corporate information,” according to the report. “It demonstrates the need for proper security policies and device/data management.”
Symantec called the study the “Honey Stick Project.” In this case, the honey on a stick consisted of 50 smartphones that were intentionally left in New York; Los Angeles; Washington, D.C.; San Francisco and Ottowa, Canada. The phones were deposited in spots that were easy to see, and where it would be plausible for someone to forget them, including food courts and public restrooms.
None of the phones had security features, like passwords, to block access. Each was loaded with dummy apps and files that contained no real information, but which had names like “Social Networking” and “Corporate Email” that made it easy for the person who found it to understand what each app did.
Each phone also was loaded with programs to track what finders did with the devices, and to send that information to the researchers. Among people who found the phones, 72 percent tried to access photos, 57 percent tried to open a file called “Saved Passwords,” and 43 percent tried to open an app called “Online Banking.”
Most of the apps on the phones were protected by passwords, but the username and password fields were already filled out, so that users could simply press a button to access them. Well over half of the people who discovered the phones, 66 percent, clicked those buttons to try and start the programs.
The fact that the finders had to click a button to access the apps indicates that their attempts were likely intentional.
“This might be considered to be an unethical access attempt,” according to the study.
Also disturbing, only half the people who found the phones ever tried to contact the rightful owner, even though the owner’s phone number and email address were prominently listed in the phones’ contact lists.
“This finding highlights the fact that in many cases, regaining possession of lost device may be a losing battle,” according to the study.
If this study sends shivers down your spine, here are some tips for how to protect yourself:
- Always protect your phone with a password or a “draw to unlock” pattern.
- Use security software designed specifically for smartphones to lock up programs on your phone. Some of these programs can be used to help locate the phone, or to wipe its memory from remote locations.
- Don’t lose your cell phone. This falls under the category of “Well, duh.” Nobody loses a smartphone on purpose, obviously. But try to make sure you keep it in you pocket or purse when not in use.
- Companies that issue phones to their employees should make sure to train workers on security, and should secure every phone with passwords.
[Featured Products: Research and compare Identity theft protection plans at Credit.com]
Credit.com provides readers with unique insight, helpful tips and straight answers about their financial world. Our team of reporters and experts explore credit, loans, debt, saving, and identity theft topics, all designed to help you make smarter financial decisions. Visit Credit.com to sign up for your FREE Credit Report Card and find out where you stand today!
Christopher Maag Contributing writer for Credit.com, Chris graduated with honors from the Columbia University Graduate School of Journalism, and has reported for a number of publications including The New York Times, TIME magazine and Popular Mechanics. Reach Chris via email at email@example.com.