Nevertheless, the hazards that go hand in hand with smartphones are often underestimated. For instance, lots of valuable data are stored right on the smartphone—passwords for various services and online shops and the domain account for the company network, as well as stuff like credit card information. If a smartphone falls into the wrong hands, its owner faces the same situation as if her purse or his wallet had been stolen. But there are also perils lurking even in things that seem totally harmless: an app that “merely” displays the weather report can turn out to be a Trojan horse designed to smuggle malware into the smartphone, to automatically dial premium-rate telephone numbers, or to install phishing software to learn the user’s online banking passwords.
The obvious question: What can you do? And, at least for companies, the answer is relatively easy, though needless to say the solution comes at a price. Smartphones used to conduct company business have to be integrated into the firm’s IT security management system. This entails regulating the entire lifecycle of a smartphone—the initial selection of the device, installation and delivery, operation and support (including updates) as well as finally decommissioning it. Clear user guidelines have to be established (i.e. Is private use permitted or not? Which apps are permitted to be installed on the smartphone? Is there free internet access or only access controlled by the firm? Are GPS services being used?), and there has to be an emergency plan in place in case the device is lost.
The subject of mobile device management assumes increasing importance in this connection. A wide array of companies offer diverse products for remote-controlled management & surveillance of smartphones. For their corporate clients, these products frequently entail high license & maintenance fees, so that the benefits of these products should always be weighed against their costs and the degree of risk associated with the use of the smartphones.
Private smartphone owners can also take sensible steps—for example, install a virus scanner to the smartphone; set up an automatic limit to the volume of transmitted data (this is built into almost all Android smartphones—to issue a warning once, for example, 900 MB/month is exceeded); prior to installing an app, check what it really wants and can do (you should get suspicious when a weather report app requests unrestricted access to the contacts on a smartphone, and ask yourself why this app needs this access). And you should think long and hard about whether you really want to back up your data by entrusting it all to Apple and Google, if it’s really necessary to always input your own GPS position along with a search engine query as a means of improving the search results, and whether it’s so smart to use facebook and twitter in conjunction with your smartphone to post photos (perhaps showing you in compromising situations). The stuff we learned about how to deal with all the other things we use in everyday life should apply to smartphones too.
If, however, your smartphone is lost or stolen, you should begin doing damage control immediately: block the device/SIM, change all passwords to services you used with the smartphone, delete all credit card data on file at the various app shops, and file a theft report with the police. But as a rule, all that helps is just to pray that nothing worse happens…