Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not...
Transcript of Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not...
![Page 1: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/1.jpg)
Mobile Device Security
and Privacy
Information Security and Privacy Office
January 2012
![Page 2: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/2.jpg)
Agenda
• Protecting mobile devices and your
privacy
![Page 3: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/3.jpg)
Protecting Mobile Devices and
Your Privacy
![Page 4: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/4.jpg)
Before We Start…
The City of Phoenix
does not endorse,
recommend, or vilify
any specific vendors,
products, apps, or
services.
![Page 5: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/5.jpg)
Goal: Convince You To…
1. Keep your device with you – don’t
leave it unattended
2. Protect your device with a strong
password
3. Use anti-malware software
4. Read those (often boring) privacy
policies
5. Don’t download or keep apps that
request more permissions than
needed
![Page 6: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/6.jpg)
Do You Have a Smartphone?
![Page 7: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/7.jpg)
Pop Quiz
• How many smartphone users are there in
the U.S.?
– As of September 2011
• 87.4 million
• 33.7 million
• 946,800 thousand
![Page 8: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/8.jpg)
Pop Quiz
• How many smartphone users are there in
the U.S.?
– As of 9/2011
• 87.4 million
• 33.7 million
• 946,800 thousand
![Page 9: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/9.jpg)
Pop Quiz
• In the U.S. 113 mobile phones are lost
every …
• Day
• Hour
• Minute
![Page 10: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/10.jpg)
Pop Quiz
• In the U.S. 113 mobile phones are lost
every …
• Day
• Hour
• Minute
![Page 11: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/11.jpg)
Top 10 U.S. Cities for Cell
Phone Loss or Theft
![Page 12: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/12.jpg)
Do You Access or Do Banking?
![Page 13: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/13.jpg)
Using Your Smartphone
• 44% use a browser to access the Internet
– 32.5 million Americans accessed banking
• Vendors, retailers, merchants, content providers,
mobile operators, and banks are all actively
establishing new payment services
– The value of mobile payment transactions is projected
to reach almost $630 billion by 2014, up from $170
billion in 2010
![Page 14: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/14.jpg)
Password-Protect Your Device
• 24% store computer or banking passwords on
their mobile devices
• More than half of smartphone users do not use
any password protection to prevent
unauthorized access to their device
• What’s the risk?
![Page 15: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/15.jpg)
No Password
What’s the Harm? • Access personal email and work email
• Access your financial accounts,
like banks, Mint.com, or PayPal
• Access your data in Google
Docs, Evernote, or Dropbox
• Post embarrassing updates to
Facebook and Twitter
• So use a strong password
– Require the password after minimum period of
inactivity
![Page 16: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/16.jpg)
When Purchasing a
Mobile Device • Ask about security features and functions
– Can you add a strong password, how are patches deployed…
– What apps are pre-loaded, are apps vetted
• Pre-loaded apps generally have more permissions than ones you
install
– What software protections can you can install after purchasing
• Do you really need all the bells and whistles
• Research the device
– What maintenance is needed, is it a hacker target or thief
magnet, how do you secure it
– Read reviews – are most consumers satisfied
![Page 17: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/17.jpg)
Smartphone Malware
What’s the Harm? • Force the infected phone call a given phone number
– Remember 900 numbers?
• Send premium rate text
messages
• Automatically visit websites
that the malware directs it to
– Earns money for malware writer
• Steal personal information
• Be alert for unusual behaviors on
your phone, which could be a sign that it is infected
– Unusual text messages, strange charges to the phone bill, and
suddenly decreased battery life
![Page 18: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/18.jpg)
What’s the Best
Anti-Malware Software? • Read app reviews
• Check reliable consumer
publications
• Check industry publications
• Look for names you trust
• The City of Phoenix does not endorse, recommend, or vilify any specific
vendors, products, apps, or services.
![Page 19: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/19.jpg)
Keep a Clean Machine
• Keep your mobile security software current
• Automate software updates
– Many software programs will
automatically connect and update
to defend against known risks
– Example: Sync regularly with
iTunes – don’t just charge the
battery
![Page 20: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/20.jpg)
Prepare for the Unthinkable
• Consider using a “find my device” to locate your
device if lost or stolen
• Enable remote wipe capability
![Page 21: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/21.jpg)
Mobile Device Privacy
![Page 22: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/22.jpg)
Do You Read App Privacy
Policies / Permissions?
![Page 23: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/23.jpg)
Using Your Smartphone
• 26% of smartphone owners say they always
read the privacy policy when downloading apps
– I’m not sure I believe that
• 31% say they never read the policy
![Page 24: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/24.jpg)
Example – Game
• New! 4 ½ Stars! Reputable Developer!
![Page 25: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/25.jpg)
Example – Game
![Page 26: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/26.jpg)
Why Do Apps Need “Read Phone State
and Identity” Permission?
• Phone State
– Lets the app tell whether you’re on a call or if the phone’s ringing
– Allows games, media players, podcasts to pause while you’re on
a call
• Phone Identity
– Developer may need a way to assign a unique ID to you for
registration/activation purposes
– Many ad publishers use this permission to get the Phone ID for
tracking purposes
• App may not know who you are exactly, but tracking your usage over time
allows a company to build a profile of your individual activity
![Page 27: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/27.jpg)
True or False
• A basic Android application has no
permissions associated with it
– This means the app cannot do anything that
would adversely impact the user experience
or any data on the device
![Page 28: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/28.jpg)
True!
• App developer must specifically state the
permissions he wants the app to have
![Page 29: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/29.jpg)
Flashlight App
![Page 30: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/30.jpg)
Compare – Flashlight App
• Free! 5 Stars! Lots of installs!
![Page 31: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/31.jpg)
Example – Flashlight App
![Page 32: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/32.jpg)
Example – Flashlight App
![Page 33: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/33.jpg)
True or False
• Most free app developers rely on
advertising to fund their businesses
![Page 34: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/34.jpg)
True!
• Most free app developers rely on advertising to
fund their businesses
![Page 35: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/35.jpg)
Why the App’s Free
• Free and cheap apps are usually supported by ads
– Marketers want to know user demographics to better target ads
• The advertising company pays the app developer and
supplies a library (of code/programs) that the developer
links to within the application
– The app developer might not really even be aware of what the
ad libraries do
• The ad library “piggybacks” on the app’s permissions
• So, for example, if the app can read your contact list, the
advertiser (through the library) can read your contact list
![Page 36: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/36.jpg)
“Read Phone State and Identity”
Trade-off • Some advertising systems, like AdMob, require
developers to use this permission so the advertiser can
collect statistics
• This means:
• Both the advertiser and the app publisher can track your
usage of the app, and your usage across multiple apps if
they collect all that data centrally (which advertisers
definitely do)
![Page 37: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/37.jpg)
I Know You
• Sign up for something and give your email address or
Facebook login
– Ties all of the profile information to a real individual
• I know where you live, work, and shop
– Because of your GPS info
• I know what you like
– Because of Facebook and your shopping
profile
• I know your friends and family
– Because of Facebook and device contacts and messaging
![Page 38: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/38.jpg)
Before Downloading that App
• Be especially wary of typically-suspicious apps
(like ringtone apps) that use unneeded
permissions
• Only install apps with
potentially harmful
permissions from
developers you trust
• Check the app’s marketplace rating to determine
safety
– Not a perfect indicator (like with Flashlight)
![Page 39: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/39.jpg)
Look For Apps That Tell You
How It’s Using Permissions
![Page 40: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/40.jpg)
Does the App Want
Passwords? • Think twice before giving an app
passwords
– Example: Some apps ask for passwords to
popular services, like GoogleDocs and
Dropbox to upload and store things
![Page 41: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/41.jpg)
App Stores
• Apple reviews all apps in its store and tries to
verify…
– Does the app do what it says it does? Does it function
reliably? And does it respect the limitations that Apple
has put on developers?
– This process does weed out some security threats,
like apps that carry malware
– Does not eliminate all risks to your privacy
• Android apps are not vetted
– Android market is considered the “wild, wild west”
![Page 42: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/42.jpg)
Example: Movie Trivia Game
Uses internet connection to see
what the rest of the world has
answered to current question
![Page 43: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/43.jpg)
Example: Whole Foods App
![Page 44: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/44.jpg)
iOS Location Services
• Tell if an iOS app is using location services
• Look for the arrow next to the battery
indicator
![Page 45: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/45.jpg)
eBook Reader Privacy
• Electronic Frontier Foundation researched
and published a guide to eReader privacy
– https://www.eff.org/deeplinks/2010/12/2010-e-
book-buyers-guide-e-book-privacy
![Page 46: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/46.jpg)
Quiz:
Would you use this IM service? From an instant messaging site
![Page 47: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/47.jpg)
Are You Convinced To…
1. Keep your device with you – don’t
leave it unattended
2. Protect your device with a strong
password
3. Use anti-malware software
4. Read those (often boring) privacy
policies
5. Don’t download or keep apps that
request more permissions than
needed
![Page 49: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/49.jpg)
More Cowbell
(Supplemental Info)
![Page 50: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/50.jpg)
What’s Wrong With This
Picture?
![Page 51: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/51.jpg)
QR Codes
• Quick Response codes are popping up
everywhere
– Magazine ads, newsletters, real estate signs,
newspaper ads, trade show booths
• A QR code is basically a 2D barcode that can be
read by smart phone users
– An easy way to direct a user to a website – just scan
the QR code
• Could be a link to a malicious website
![Page 52: Mobile Device Security and Privacy - phoenix.gov · Before We Start… The City of Phoenix does not endorse, recommend, or vilify any specific vendors, products, apps, or services.](https://reader030.fdocuments.in/reader030/viewer/2022040418/5d6715e888c993c54d8ba0cc/html5/thumbnails/52.jpg)
Malicious QR Codes are
Coming • QR codes will come in email messages
• QR codes will be physically distributed around
– Flyers in a parking lot
– Malicious stickers pasted over different legitimate ads
• Only use QR code reader software that allows
you to confirm the action to be taken, such as
visit a website link
• If you do not know and trust the link, cancel the
action