How data leaks from your smartphone – and can you stop it?

You can’t overstate how central smartphones have become to people’s lives. The average time a person spends using their mobile device is about five hours a day – one-third of the time a person is awake. Nothing wrong with that really. Until you consider how much data – often personal – this activity involves. Android phones are inherently insecure in the way they handle this data. And while volumes of it leak all the time, there is no shortage of parties looking to put your data to malicious use.

How does data leak from your smartphone?

There are two main avenues, through which data leaks happen:

The first is via Google Services – a framework of functionalities embedded in the Android OS that serves as the foundation, on which various app features operate. If an app has to use the map interface, the Google Maps service provides all the map-related data it needs. It could be a legit app that needs to visualize a map. But it also could be malware sending it to cybercriminals. (Not to mention the company behind your legit app might also be gathering this data and selling it to advertisers.)

The second avenue is internet browsing. The web browser is usually the most frequently used app on a device. It is where you do all your reading, web searches, online shopping, banking, and whatnot. It is also an app that stores all the login passwords you need for these services. Quite convenient for cybercriminals to have everything in one place, don’t you think? They certainly think so, and because of that, about half of leaking data happens to be extracted from browsers.

However, malware is the main thing that should have the average smartphone user worried. It is the umbrella term that stands for all kinds of malicious code or whole apps, designed with the purpose to compromise devices and steal data – or, in the case of ransomware, blackmail you so you could resume using your device. Browsing the internet is how malware usually makes its way on your device, and Google Services is like the fertile soil that lets it flourish – and gives it access to all kinds of data to steal.

Why you should be worried about data leaks?

When it comes to data leaks, smartphones aren’t like a dripping faucet. They are more like a fountain spewing everything they have in all directions around them. If that statement strikes you as somewhat exaggerated, it is because the perceived volume of leaks is to a certain extent reined in by the fact that the most sensitive information – financial data – is encrypted and secured rather well. A Wandera study reveals only 2.3% of the examined data leaks include credit card details, versus 90% for email addresses.

Who cares about the unimportant stuff, when the crucial data is secured then? Well, cybercriminals. There are a handful of “fun” things personal data could be used for:

• Spread malware. An email account comes with a list of contacts – people who are prone to opening messages they received from you. If someone uses your account to distribute some viruses, Trojans, and ransomware, that will get the with their guard down.
• Improve malware. You read that right. If hackers have access to your system’s logs they can read how it deflected certain types of malware – and use that knowledge to design improved malware.
• Get credentials. An email inbox usually is where all the credentials for other services you use get sent. By hacking your account, criminals could potentially access all your other ones.
• Blackmail. Everyone has conversations that better stay private. Cybercriminals could intercept emails and messages and threaten to make the contents public unless you pay up.
• Identity theft. Details such as address, birthdate, and social security number could be used by a criminal to open up a credit account in your name. This could have terrible consequences, ranging from your savings being drained to you being framed for crimes committed by impostors.

The list goes on.

What can you do?

Browsing the internet on a mobile device, although convenient and useful, greatly expands your device’s attack surface. Depending on how privacy and security-conscious you are, there are a few things you could do.

The first is to limit browsing. Be extra careful about what data you share and fill in forms, and on what websites (because of phishing). Also, do the serious stuff like online shopping and banking only over secure connections, preferably via secure devices.

The next step is what we have done with Secure Phone and Secure BlackBerry – disable Internet browsing altogether. We designed our encrypted communications devices for people who value their privacy and the security of their personal and business information. And this is something that doesn’t go hand in hand with browsing the Internet.