Smart-Phones Could Put Consumers at Risk of Identity Theft

Media Contacts
Jon Fox

CALPIRG

San Francisco, CA – CALPIRG warned consumers of security vulnerabilities found in many smart-phones posing a risk to identity and financial theft. While today’s smart-phones allow users to access the World Wide Web like little computers, they provide much less security, warned Jon Fox, a Consumer Advocate with CALPIRG. 

“Storing unencrypted financial data is like leaving your front door unlocked,” explained Jon Fox, “You’re not guaranteed to be robbed, but it makes it easier for ID thieves to make off with your information.” 

Researchers with ViaForensics recently reported that many apps for both Apple’s iOS and Google’s Android platforms are not secure. After testing 100 financial, social networking, productivity and retail apps, over 75% failed to adequately secure user account names and 10% failed to secure user passwords. Apps often store passwords in plain text. As a result, a quick malware infection could leave passwords compromised and consumers at risk of identity theft. 

“Consumers can use their smart-phone to update their FaceBook status or check their bank balance – but are doing so in a less secure environment” warned Jon Fox, adding “If a lost smart-phone fell into criminal hands, mobile apps expose consumers to a serious risk of identity and financial theft.” 

While financial apps lead the way in terms of data encryption and other security measures, many remain vulnerable. Researchers were able to recover app data from 69% of the tested apps and to recover payment history, partial credit card numbers, security PINs, login credentials and other transaction-related data. For example, Mint.com’s iPhone and Android apps kept financial account information, stored user transaction history and balance information directly on the phone which could then be easily recovered by criminals. 

 

CALPIRG has the following tips for consumers:

  • Password protect your smart phone to prevent un-authorized access.
  • Avoid using the same password across multiple accounts. This keeps your bank login information secure even when your Netflix login information is compromised.
  • Use authorized apps provided only by your bank or reputable publishers. Unsure? Check them out online for user reviews before installing on your smart–phone.
  • Download popular apps that have been accessed and used by many consumers. Wisdom of Crowds is a good indicator if the apps are legitimate and safe to use.
  • Keep track of your monthly bills, in case unknown phone calls or service charges were made on your phone account.

 

###

 

The California Public Interest Research Group (CALPIRG) is a result-oriented public interest group that protects consumers, encourages a fair sustainable economy, and fosters responsive democratic governance.

 

Topics