Finders Keepers of Your Smartphone Data

If you lose your smartphone, you have a 50-50 chance of someone contacting you to return it—but even then the person probably has tried to access private or company data on the phone.  That’s the conclusion reached in a “honey stick” experiment by Symantec that was recently released.

For the experiment, 50 smartphones were “lost” in five cities.  The phones contained apps with fake information and were programmed to send back information concerning whether the finder attempted to access the contents of the apps.  The phones also contained GPS technology to track their locations.  The apps included items such as HR salaries, corporate email, remote administration, online banking, and personal photographs.

The experiment found that an attempt was made to access at least one app or file in 96 percent of the phones, including:

  • 89 percent of the devices showed attempts to access personal apps or data.
  • 72 per cent of the devices showed attempts to access private photographs.
  • 43 percent of the devices showed attempts to access online banking.
  • 60 percent of the devices showed attempts to access social networking and personal email.
  • 66 percent of the devices showed attempts to click through the login to reset the password.

Of the 50 devices, the “owner” of only 25 received offers to help return the devices, despite the fact that the owner’s phone number and email address were clearly marked on the contacts app.  “If a mobile device is lost, the owner has only a 50 percent change of being notified by a finder that their smartphone was found.  However, just because the finders offer to return the device does not mean they are not taking liberties with the owner’s information,” Symantec noted in its report.  Here’s a copy of the summary of the Symantec Smartphone Honey Stick Project.