* * *
Smartphones are part of the fabric of our daily digital lives. According to the latest study by Kantar Worldpanel over half of the population in the U.K. alone now own a smartphone. However, this rise in device penetration has been matched by an increase in both the sophistication and number of threats targeting mobile devices. Specifically, the central role of applications — which we download to do everything (consume news, play games, go shopping) — leave our smartphones increasingly vulnerable to the threat of malicious code and malevolent applications.
At AdaptiveMobile we have observed first-hand a significant and startling growth in the number of rogue applications, applications that appear harmless but are actually accessing and sharing your personal information without your consent.
This development prompted me to conduct research into rogue applications and consumer expectations. In addition, Loudhouse, an independent marketing research consultancy, was commissioned to conduct a survey of 1,000 smartphone users to gauge current usage patterns of mobile applications and the awareness of security threats associated levels of subscriber trust in mobile network operators, and the factors that serve to both build and erode that trust. The combined research produced some surprise findings for both operators and consumers.
Take free mobile apps such as Jaws, Paper Toss and Angry Birds. All these apps have access to personal information (such as the user’s city, location and name), and what’s more, are actively sharing this information with external partners including advertisers. And then there’s the issue of social gaming networks – with many having the ability to automatically post and share (on behalf of the individual user) to Facebook and/or Twitter.
The main point: There are many apps and services that compromise our data (and our trust). But don’t expect people to take matters into their own hands. While the majority of respondents voiced concern over what they consider to be an unacceptable breach of their personal privacy, many more simply choose not take action to prevent or limit the damage done by rogue applications. In fact, the vast majority of survey respondents (75 percent) fail to take the time to read an application’s terms and conditions – a simple action that could easily protect privacy.
Clearly, there is a disconnect. Users are outraged that their data may not be secure, yet they are unwilling to take the steps to protect themselves. How can that be? The answer is simple: they expect their mobile operators to do it for them.
Consumer expectations
Whether users need help configuring their mobile devices, or want to ask their money back for disappointing apps/content, most people view their mobile operators as a one-stop contact for advice and assistance. Clearly, the relationship we have with our mobile operators is a complex one. We hold them responsible for many aspects of our mobile experience. But we also reward them with our trust.
The good news: reports show consumers trust mobile operators more than other service providers. The not-so-good news: this trust hinges on the ability of those operators to safeguard subscribers’ personal data and protect them from financial loss.
Critically, our research shows that 83 percent of consumers would change their service provider if their privacy was compromised. I should add that it’s not just U.K. subscribers who would take this action. Recent research from Canon shows consumers in France and Germany would react to privacy breaches in the same way, cutting ties with any business that lost personal data.
This finding alone should have alarms ringing in the offices of all mobile operators everywhere. In my opinion, this statistic confirms that customers expect mobile operators — not developers or third-parties — to ensure the integrity of the services (and apps) they use. And, with 80 percent saying they feel extremely strongly about mobile security, the need for operators to take the lead and provide reassurance is clear.
Sure, you could argue that many smartphone owners are in fact making themselves vulnerable to attack by not taking simple precautions (reading the terms and conditions before they download apps, for example). But that’s not the way consumers see it. Indeed, less than a third of respondents take responsibility for creating this risk.
Security sells
Perhaps more importantly, our research also highlighted a new business opportunity for mobile operators that make mobile security their business.
Specifically, 75 percent of consumers would happily pay more for privacy protected applications. This presents mobile operators with a clear opportunity to make margin and retain customers. While many mobile operators provide some guidelines about mobile security, operators would be foolish not to delve deeper into mobile security and the opportunities it offers to increase revenue and lower churn.
Put another way, mobile subscribers need to be educated on how best to protect themselves, and operators need to provide the advice and the tools to help them.
Two trends — the increasing complexity of smartphones and the rise in consumer concerns about the data privacy — are coming together to underline the pivotal importance of addressing mobile security. While mobile is clearly playing an increasingly central role in our lives, our devices are also becoming increasingly vulnerable to attack. And, just to complicate matters, fighting off these attacks will also get harder since no one really ‘owns’ the security for mobile devices.
Responsibility for this is the domain of several stakeholders — mobile operators, handset manufacturers and consumers — and each has its own ideas about what constitutes good security measures.
While the industry works out who is responsible for what, it’s clear is that smartphone users don’t now have what it takes to defend themselves against the inherent risks of rogue applications masquerading as harmless apps. As our research shows, people have strong concerns about their privacy, but are unable (or unwilling) to take responsibility for their protection. Instead, they expect mobile operators to protect them from these increasingly sophisticated threats to their personal data.
Smart operators can turn this problem into an opportunity to enhance loyalty, tackle churn and safeguard their future. Put another way, security could be the value-add that equips operators to be competitive and more than make up for the drop in mobile data revenues operators are currently experiencing.
It’s easy to imagine a service that relieves subscribers from the burden of their privacy worries, while — at the same time — empowering them to decide and control just how far their device is protected. People can pay for additional levels of security (some people may want to broadcast their location at all times and others may want to restrict the delivery of any location-linked information full stop). Mobile operators can step in to provide a seamless and secure experience to all customers on their terms. Implementing security at the network level makes all this (and more) possible. Sure security can be hard to sell without traditional scaremongering, but, by leveraging the trust of their brands, there is a unique opportunity for operators to differentiate and protect against the “over the top” services offered by Apple and Google.
About Ciaran
Ciaran Bradley is VP of Handset Security at AdaptiveMobile. A father of three, he has a keen interest in scuba diving after learning to dive in Saudi Arabia when he was a teenager. Ciaran received a first class degree in Marine Science but after working as a Marine Scientist in Ireland for just over three years, decided on a career change after realising the Atlantic is too cold and miserable in winter. With a strong interest in computers and gadgets Ciaran moved into the technology sector and has stayed ever since. After achieving another honours degree in Computer Science, he held positions with Caudwell Group, Anam Mobile and Sentry Wireless – before being acquired by AdaptiveMobile in 2011. Ciaran has a keen interest in mobile malware and the increasing mobile threats being developed by cybercriminals and as a result is active in several industry security groups. You can follow AdaptiveMobile on Twitter @AdaptiveMobile.