Protect your smartphone from ID thieves

Your favorite apps might be your worst enemy -- allowing thieves access to your personal information.

By Stacy Johnson Aug 24, 2011 10:50AM

This post comes from Gideon Grudo at partner site Money Talks News.


Money Talks News has given you seven ways to prevent identity theftthree tips to prevent ID theft on social networks, and even advice on how to protect yourself from old-fashioned ID theft from your mailbox. Now comes the newest threat, and it's right in your pocket.


We're talking about your smartphone, and it has nothing to do with British reporters hacking into them, although we've explained how they did that, too.


PCWorld reported that a new study from security firm viaForensics found that popular apps might be allowing hackers to easily pluck your personal information.


ViaForensics tested 100 popular apps on both iPhone and Android systems and graded them in one of three ways -- pass, warn, or fail -- and only 17% passed while 39% failed.


Here's a basic breakdown of what the categories mean:

  • Pass. Your password and user name are encrypted, or written in code, making it harder for hackers to copy and paste.
  • Warn. Either your password or your user name isn't encrypted, but stored as plain text, giving hackers the opportunity they've been waiting for.
  • Fail. All of the private information is in plain text -- and in plain sight for the bad guys.
Who failed -- and why

The 39% of apps that failed have a lot in common: Most of them are social networking apps. Of all social networking apps tested, 74% failed, 26% got a warn rating, and none passed.


Why would an app choose to not protect its users? Chris Palmer, a digital rights advocate, told The New York Times that many sites prioritize speed over security: "The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense."


If you don't think that's a big deal because it hasn't affected you yet, you might be wrong. According to USA Today, many hackers simply place monitoring software on your phone and watch what you do and when you do it. The problems could come later, when you least expect it. Post continues after video.

It seems that banks are the most willing to foot the bill for security. Financial apps (like mobile banking) got much higher scores. Only 25% (eight apps out of 32 tested) failed. In fact, the study claimed that financial apps were indeed the safest.


What you need to know

How do you protect yourself? Two ways.


First, check out viaForensics' list of tested apps. If the one you want to download is on it, consult the app's score. You can click on the score for an in-depth look at what it means.


Second, know your apps' weak points and be prepared. ViaForensics says people tend to use the same password on multiple devices. I know I do. According to Consumer Affairs, many people use obvious passwords, like ABC123, the most common one. And even worse, they tend to use the same password on multiple apps and websites.


If a thief hacks into one vulnerable app, he can gain access to everything in your phone that's not encrypted. And that can include your password from other apps. In other words, once a hacker gets into your phone through one insecure app, all of your information may be at his disposal.


Even if your password is encrypted in sensitive apps, an experienced hacker might still figure it out -- especially if it's an obvious password.


A better password

According to a technology consultant at Sophos Security Software, a password like "F+Wsdfadoe&h" works. How did the expert come up with it? He created a phrase: "Fred and Wilma sat down for a dinner of eggs and ham." Easy enough to remember, right?


PCWorld also suggests various tactics to come up with strong passwords:

  • Use a different password for each account.
  • Avoid using proper names, pets' names, dictionary words, or names of sports teams.
  • Use a mix of uppercase and lowercase letters.
  • Use a mix of symbols, like &, %, $, #, and @.

If you're going to input passwords or account numbers, stay away from Wi-Fi hotspots, as they tend to be more dangerous and susceptible to hackers. Best to stay at home when dealing with sensitive data on your smartphone.


More on Money Talks News and MSN Money:


Aug 24, 2011 4:08PM
Yeah, kind of like not driving a car because you might get in an accident. Or don't swim in a pool because you might drown. Or browse the web because you might get a virus or malware.
Point is - You can't let this stuff stop mankind from progress based on fear. Learn the risk, and invest time to learn how to protect yourself.

Aug 24, 2011 4:04PM
Don't buy the smart phone and you won't suffer from theft.
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.