Beefing up smartphone protection

Five years ago, Symantec Asia-Pacific products manager David Hall just used his mobile phone for texting and for making and accepting calls.

Now, his smartphone was his mini computer which he relied on for his work and personal life.

"The big change is you don't need a keyboard or a pen to interact with your phone.

Instead of buying a program or suite for your PC, you buy apps for your phone that do one thing really well," he said from Singapore.

That change had given developers a new market to explore.

Mr Hall believes that losing your phone is the single greatest security threat users face, as so much important information is now kept on smartphones, with work data, personal passwords, photos and contacts.

Although hardware could be replaced if a phone was lost, the data sometimes could not be retrieved unless it was downloaded regularly to a PC in the home or office, he said.

Symantec had developed the Norton mobile phone security suite that was free and included the ability of the user to find a lost phone.

If a phone was lost, a user could text the phone and receive two texts in reply - one giving the GPS location and one a link to Google maps for the location.

While the feature of locating a phone was not exclusive to Norton and Symantec, most of the other programs required users to log into a website to download the information.

"We wanted to make it really simple. If you leave your phone in a taxi you need to get the information fast."

The Norton mobile security program also lets users lock a phone remotely and if they could not retrieve it, a "poison pill" could be sent remotely wiping the phone clean.

Version 1.5 of the security program was available on Android phones in the Marketplace, he said.

However, Mr Hall issued a word to the wise - never forget your password as it was impossible to retrieve if it was lost.

There was the ability to add buddies who could send you the password in an emergency.

Google recently removed 21 popular free apps from the Android Market that secretly stole available data on users' smartphones and allowed for more malware to be unknowingly downloaded.

Google reported that at least 50,000 Android users downloaded the malware-laden apps and decided to yank the list of apps to protect other consumers.

The apps were designed to obtain root access to mobile devices and available data, such as mobile provider and user IDs, reported AndroidPolice.com.

The Android watchdog site said the worst part was that the apps made it possible to download more malware without the user's knowledge and who knew what kind of personal information and data such bad software could extract and exploit.

The list of bad Android apps include: Falling Down, Super Guitar Solo, Chess, Photo Editor, Super History Eraser, Hot Sexy Videos, Falling Ball Dodge, Dice Roller, Funny Paint and Spider Man.

Mr Hall said using "trojans" behind popular apps was becoming more prevalent as cybercriminals found out how to make money from Android applications.

About 20,000 apps on the market asked permission to access the contacts list on the Android phones.

Android was shifting the responsibility of security to the user.

"While that can be a good thing, do you really question what you are saying yes to? They are conditioning you to not pay attention.

"Consumers just want to install the app and use it. They won't be paying attention to the conditions."

Cybercriminals played on that fact and had started to work out how to make money from slipping in trojan programs behind popular apps, he said.

One of the latest money-making schemes was to sign people up to "premium SMS" which were delivered each day to a phone at a cost of about $15 a message.

Identity theft and screen loggers were not prevalent but that was because the cybercriminals had not yet worked out how to exploit those issues, Mr Hall said.

Norton was developing its cybercrime index for use on mobile phones along with an anti-spam program for unsolicited text messages.

A survey by AVG Technologies and Ponemon Institute showed that more than a third of smartphone users were not aware of the increasing security risks associated with using their phones for financial purposes and to store personal data.

The study also showed that 29% of smartphone owners had considered downloading free or paid anti-virus software to help protect their most personal devices.

AVG New Zealand-Australia security evangelist Lloyd Borrett said the survey found an alarmingly low percentage of smartphone users were aware of the security threats that existed on many of the world's most popular devices, including Android handsets and the iPhone.

"A clear opportunity exists to better educate consumers on the steps they can take to minimise their risk and exposure, such as downloading low-cost and even free anti-virus products specifically geared to protect their mobile lifestyle and investment."

More than seven million Android smartphone, tablet and e-readers had installed AVG's free mobile security program on their devices.

The AGV AntiVirusFree (http://www.avg.co.nz/antivirus-for-android/?) for Android devices enabled users to scan, identify and remove viruses, check apps for malware before downloading from app stores and check website content, emails and SMS before downloading data or content, he said.