3. You’ve been tinkering with your new
gadget for a few good days, sending email,
downloading apps, browsing Facebook and
whatnot, when all of a sudden, one of those
pesky pop-ups indiscreetly hogs your screen.
It’s another product page that’s not in any
way related to what you’re currently doing
on your device. But you do remember
seeing that page before. Perhaps it’s
because you just searched for it earlier, yet
why does it suddenly feel like it’s searched
for you instead?
That’s just one example of how your privacy
is breached even while using mobile devices.
What do you do to protect your privacy from
mobile threats like this?
5. The United Nations recognizes everyone’s
inherent right to privacy.1
This right is violated every time someone tries
to access your personal information, in any
form or platform, without lawful reason or your
consent. If a friend, for example, borrows your
smartphone to spy on your Facebook account,
he or she disregards your right to privacy.
Cybercriminals are notorious violators of mobile
privacy. They create malicious apps such as
data stealers, which target your personal and
financial information. Free, high-risk apps
also pose a number of privacy issues with the
amount and type of information they collect. For
instance, some of Germany’s top Android apps
can possibly expose your location, equipment
identity, and address book.2
1 http://www.un.org/en/documents/udhr/index.shtml#a12
2 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-
know-what-data-your-mobile-app-discloses/
6. What?
Key areas to look over
Your Device’s Connectivity Features
Your device’s connectivity features are viable ways
for cybercriminals to get information from you.
These features are seen as locked doors they have
to pick to get in. Such is the case of Bluetooth
and wireless connections, both are intended to
make communication easier but they can also be
used for malicious reasons. Cybercriminals have
accomplished this on Mac desktops using the
INQTANA worm, which is able to send malicious files
to available Bluetooth devices that accept them. The
worm opens computers to further malicious routines,
like malware dropping and information theft.
More manufacturers are incorporating near field
communication (NFC) standards on devices as well.
This technology allows you to share content, make
payments, or perform other external transactions
with a tap on a scanner. As convenient as it may
sound, this can also be a point of entry for malicious
routines.3
3 http://blog.trendmicro.com/trendlabs-security-intelligence/good-nfc-habits/
7. Your Device Settings
Default device settings can be seen as strongly-
worded suggestions that you can further optimize
for added protection. This means, you are allowed
to change your mobile device’s security settings
to make sure no one has easy access to it.
Your Mobile Behavior
Having mobile devices can make you surf online
more frequently, but does it change your behavior
when it comes to security? Remember that you
become more vulnerable to mobile threats as you
immerse yourself in mobile activities like social
networking, shopping, and banking. Oversharing,
not checking app permissions, and clicking on
malicious links are ways to invite cybercriminals.
When it comes to app usage, you have mobile
adware to consider. Although most advertising
networks are perfectly legitimate, some are
known to collect personal information and push
ads as notifications, often without user consent.4
At least 7,000 free apps using aggressive
advertising modules were downloaded over a
million times as of October 2012.
4 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_
mothly_mobile_review_201209_the_growing_problem_of_mobile_ad-
ware.pdf
8. How?
“Privacy in peril” scenarios
Free Apps
Who doesn’t love free stuff? There are thousands
of free apps from legitimate and third-party app
providers you can choose from. But downloading
free apps often has a trade-off: free service for your
personal information.5
Surprisingly, a majority of consumers (73%) are willing
to trade personal information if they get something in
return, like free mobile service. Remember that even
the smallest bit information you give, like an address
or a birthday, is all that cybercriminals need to take
advantage of you.
Device Loss or Theft
In a survey done in September 2012, nearly one in
three cellphone owners lost their device or had it
stolen from them.6
Even if you try to guard your apps
and device settings, when you lose your phone, the
information it has can still put you in a sticky situation.
This is more so because of an existing lucrative market
for stolen devices and the information they contain.7
5 http://www.pwc.com/sg/en/tice/assets/ticenews201208/consumerintelli-
gence201208.pdf
6 http://online.wsj.com/article/SB10001424052702303815404577334152199453
024.html
7 http://online.wsj.com/article/SB10001424052702303815404577334152199453
024.html
9. Ever-Changing End-User License Agreements
(EULAs)
You’ve seen it before, those online services asking you to
agree that they can change their EULAs at any time, with or
without notice. Home movie provider, Blockbuster.com, was
rejected in court for using the said line to their privacy policy.8
However, this doesn’t seem to stop popular services from
applying caveats on EULAs that are detrimental to user
privacy.9
By not reading EULAs, you may already be allowing
developers to sell your photos, track your web activities, or
hand over personal information to authorities.
Bring Your Own Device (BYOD)
Three in four companies allow employees to use their
personal devices such as laptops, netbooks, smartphones,
and tablets for work-related activities.10
As the BYOD trend
continues, cybercriminals will use it as a motivation to get
past your defenses to access both your personal and work
information.
It’s not just cybercriminals, though. Your company’s
IT department can use a set of protocols that do not
differentiate personal from work-related data, allowing them
access to your information.
Your device can also be used as evidence in court. You can be
obliged to submit the device for review, with all information
intact, even if only work-related information is pertinent to
the case.11
8 http://www.jdsupra.com/post/documentViewer.aspx?fid=3897327d-161d-49df-b31c-
0b448bb1898a
9 http://business.time.com/2012/08/28/7-surprising-things-lurking-in-online-terms-
of-service-agreements/
10 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-
analytics-consumerization-surveys.pdf
11 http://consumerization.trendmicro.com/consumerization-byod-privacy-personal-data-
loss-and-device-seizure/
11. Cybercrime is driven by one agenda: money. Your
mobile devices are simply a means to an end for
cybercriminals. They gain by stealing the information
stored on your smartphones and tablets and then
finding ways use them for profit.
And just like your data, your reputation is also at stake
every time a cybercriminal gets hold of incriminating
information against you or the organizations you
represent. There are malware, like the SMS spy tool
for Android, that steal private SMS messages and
uploads them to a remote server.
What you stand to lose in the case of a mobile privacy
breach really depends on how you use your device.12
12 http://about-threats.trendmicro.com/RelatedThreats.aspx?language=de&nam
e=PIXSTEAL+and+PASSTEAL+Sport+New+Ways+To+Steal+Data
12. Mobile privacy breaches may appear to be easy
for cybercriminals, considering the problem areas
discussed. However, there are still stops you can pull to
prevent being victim to such scenarios.
Follow this General Checklist:
□□ Control how much information your device shares by
changing its privacy and browser settings. Here you
can tweak settings on location and network sharing.
□□ Activate screen locks, and change your passwords
every three months to minimize chances of hacking.
□□ Remove compromising photos, videos, and files that
you’re not comfortable with from your device.
□□ Regularly clear your mobile browser cache to escape
data leakage in case a malware tries to sniff your
device for information.
□□ Monitor your app and account settings, to make sure
sharing and connectivity are secure.
□□ Adjust your device’s data encryption and configure
your passwords.
What now?
Reinforce your privacy
13. Pay Attention to Apps
• Remove apps not in use.
• Select which apps really need location or address book access.
• Use your mobile browsers’ or browser apps’ private browsing
settings, especially for sensitive banking transactions.
Prepare for Device Loss or Theft
• Take note of your account credentials or use a convenient
password manager in case you need to reset them because of
device loss or theft.
• Backup files in the cloud. Trend Micro™ Mobile Backup and
Restore automatically stores the irreplaceable information
from your device without wasting its battery life.
• Prepare to contact the authorities, your service provider, and
any concerned organization to avoid the malicious use of
your identity and to block bill charges.
• Enroll your devices to a remote service that allows you to find,
lock, or wipe them. Trend Micro™ Mobile Security Personal
Edition does these and prevents uninstallation without your
password.
Ask these about BYOD Agreements
• Are you required to produce personal devices for forensic
analysis?
• Does this apply to devices shared with other family members?
• Who will get access to the personal information stored in your
device?
• Can your company track your location? Under what
circumstances can this happen? Are you required to let them?
Do they notify you if they do this?
• Are these systems active outside regular work hours?
• Are your personal online activity monitored and logged?
• Is this information retained when you leave your
organization?