2. services
in personal devices, connected objects, the cloud and in
between.
Our solutions are at the heart of modern life, from payment to
enterprise security and the internet of things. We authenticate
people, transactions and objects, encrypt data and create value
for
software – enabling our clients to deliver secure digital services
for
billions of individuals and things.
Foreword 3
Executive Summary 4
PART 1: MOBILE SECURITY SURVEY 5
Fig 1: Most popular apps 5
Fig 2: App attributes 6
Fig 3: Smartphone vulnerabilities 7
Fig 4: App protection 8
Fig 5: Facebook and banking 9
Fig 6: Security perception 9
Fig 7: What makes an app secure 10
4. on television, our natural instinct is to reach for our
smartphone or tablet in response. If we want to get
in touch with a friend, it is our mobiles we turn to.
Governments, too, are capitalizing on the mobile
revolution, illustrated by the emergence of mobile ID
initiatives, such as mobile driving licenses in the USA.
Our mobile devices have quickly become the primary
way we engage with the world.
There is however a threat in this new mobile-centric
world, and it comes in the constantly evolving shape of
cyber-attackers. Hackers know a successful data breach
could net them financial details, social network logins,
mobile network account details and perhaps enough to
commit identity fraud. This threat is especially pertinent
now as app development is rising quickly; 90% of
companies will increase mobile app investment by the
end of this year1. And it’s not just large businesses - in
the US, 47 percent of small businesses will either have
or be planning their own app by the end of 20172. More
apps mean more opportunities for cyber-attackers.
There’s also been an increase in app usage, further
increasing the number of opportunities for attack.
Consumers are spending more time with their devices
than ever before. End users will spend over three hours
a day on their smartphones this year3, and 87 percent of
this time will be spent using apps.
Attackers are increasingly aware of this; they are well-
organized and skilled at spreading malware, exploiting
non-official app stores, infecting emails, distributing
fraudulent SMS messages and infiltrating browsers to
achieve their aims. App providers need to adopt a vigilant
attitude towards these threats and help consumers
feel safe with genuine solutions that protect against
5. vulnerabilities.
In line with this, enterprises need to take strong action to
protect their brands on mobile as malware deployed by
‘lookalike’ apps is a growing problem. If apps and services
are copied, trust can be quickly eroded if consumers are
scammed into using non-official versions.
It is a problem we need to address by finding a security
solution that works for everyone in a convenient way, and
that does not intrude on the user-experience. In order
to do that, it is crucial we understand what consumers
need and expect from their mobile devices and their
perceptions of mobile security.
With this in mind, we commissioned a study of over 1,300
adult smartphone users across six markets: Brazil, UK,
South Africa, Singapore, the Netherlands and the U.S.,
asking people about their mobile behavior and security
expectations. We wanted to discover how consumer
expectations would have an impact on those providing
applications and infrastructure for mobile applications
and services; be they banks, government, MNOs and
any other large enterprises which develop apps for end
users.
In this report, we use these insights to offer a series
of recommendations to help build greater trust in the
mobile ecosystem and deliver a secure and convenient
experience for users.
1: 90% Of Companies Will Increase Mobile App Investment In
2016,
ARC
2: Mobile Apps and Small Business in 2016: A Survey, Clutch
7. password, or pattern authentication once and then
have total access to all apps on their phone
• 70% would want to use digital identity documents
on their smartphone, such as passport or national
ID card, if they knew all apps on their phones were
100% protected
• 66% of end users say they would perform more
transactions if they knew mobile security was on
board with their devices
With these findings taken into consideration, we’ve
made a range of recommendations for the mobile app
ecosystem to increase security and build trust with end
users. These include:
• The use of (Software Development Kits) SDKs, so
that apps can become self-reliant and deal with the
dynamic nature of malwares. The use of SDKs gives
apps the much-needed ability to defend themselves
while in the field, detect unsecure environment and
react accordingly. SDKs also better protect users as
they enable strong authentication
• User experience needs to become as centric to the
design process of mobile apps as possible. This
includes embracing the “psychology of security”
together with biometry, which plays a key role in a
user’s experience and ensures strong authentication
• In conjunction with SDKs, flexible risk management
systems should be adopted, which can respond to
new situations and implement adaptable security
policies while the apps are used in the field
9. popularity. Looking closely at the results, it’s been
intriguing to see how the UK, one of the most saturated
smartphone markets, has the lowest percentage of social
app users (83 percent), while Brazil has the highest (97
percent). It is clear Brazilian consumers attach great
importance to using their smartphone – coming first in
app usage for all categories.
Unsurprisingly, social apps such
as Facebook and WhatsApp top
the list in all countries in terms
of popularity.
What type of apps do you use?
27.8 %
33.5 %
36.6 % 36.9 %
41.0 %
43.9 %
69.1 %
73.5 %
91.2 %
0.0%
10.0%
20.0%
30.0%
12. by just under half (48 percent) of respondents. This shows
Fig 2: App attributes
that while security is vital, people expect a frictionless
experience. Industries and those in government
designing apps for their own users should take note of
this and ensure their software is lean, runs quickly, but
is also fundamentally secure.
Customer care narrowly pips rewards as the third most
important attribute. And this is only because of regional
differences. 42 percent of Brazilians see great customer
care as a critical attribute (in addition to reliability and
security), by far the highest of any country, and yet only
eight percent of all respondents value rewards. If Brazil
is omitted then rewards rises to third in importance,
suggesting that for the majority of mobile users, this is
more valued than access to app support.
Banking and payment apps are
used more than ever before now
by smartphones; these apps are
prime targets for hackers.
It is encouraging that the
vast majority of end users (80
percent) value reliability and
security above other attributes.
What are the most important attributes of a paid app?
0.0%
10.0%
15. well-aware of phishing and fraud attacks. It is the more
sophisticated attacks that now need to be addressed.
Mobile industry bodies need to show end-users how
attacks like the man-in-the-middle attack work and the
steps consumers should take to protect themselves. The
first step is recognizing them as a legitimate threat.
What do you fear the most
regarding your smart phone
or apps?
31.5%
16.5%
10.4%
10.4%
6.5%
6.2%
5.8%
5.3%
4.3%
1.9%1.2%
Losing all my data if my smartphone
is lost or stolen for instance
Fraud when I make online purchases
(ex through Amazon, Pay Pal etc...)
17. Fig 4: App protection
Who ultimately is best placed to safeguard a user’s
security has been a debate for years. Many within the
industry would suggest it is the app stores’ responsibility
to police the software available, or the smartphone
maker who controls the OS. However, when it comes
to the general public, the results are pretty evenly
split. Interestingly, many place the greatest onus on
the app provider (such as bank, corporate enterprise,
or government) itself – suggesting that if their app’s
security was compromised, the brand who made it would
take the greatest reputation hit.
While it is true that ultimately security lies with the
app provider, once a party wants to create malicious
software or has discovered a vulnerability in an app, it is
up to others to ensure the threat is discovered, and any
damage mitigated. As is clear, each stakeholder bears
responsibility for any serious security breach; the stores
must remove offending apps, smartphone makers must
patch any exploits in their OS, app providers need to
update their software, and MNOs need to be on-hand to
push out patches over the air quickly.
There are also some eye-catching regional contrasts,
albeit familiar as Brazil was the outlier again. Those in
the UK think the mobile operator is best placed to protect
the end-user from third-party apps, while in Brazil it is
the job of the app store. Those in South Africa, Singapore,
the Netherlands and the United States all think the app
provider must ensure their apps are secure.
Many place the greatest onus
on the app provider (such as
bank, corporate enterprise, or
19. Fig 5: Facebook and banking Fig 6: Security perception
The results suggest that our respondents
recognized there is too much risk involved with
pairing social media credentials with something
as important as your bank account.
In the UK and U.S., where the app ecosystem is very
mature, we note that respondents have the most faith
in app providers. A quarter have enough confidence in
the security expertise of their providers that they do not
need a visual cue that they are secure. This means that
app providers may want to vary their apps to meet the
needs of end-users in individual markets.
It seems when it comes to security, the saying “out of
sight, out of mind” does not apply. People want to know
they are protected, even if they have an app installed. It
illustrates the psychology of security as, unsurprisingly,
four out of five users feel more confident if a security
app is visually displayed on the smartphone screen.
This suggests that as long as users recognize a form of
security or feel they are in a safe digital environment,
they feel more secure, which will encourage application
uptake and usage. This is an important lesson for
industries and governments to learn, to establish how
they can incorporate this feeling of security into their
applications.
Would you log on to your
bank account using
Facebook login and
passwords, or Facebook
two-factor authentication?
13.1%
20. 8.7%
74.6%
3.6%
Facebook login and passwords
Facebook two-factor authentication
Neither, I would not use Facebook
to log in to my bank account
I would be happy to use either
Which of the following do
you agree with most?
I don’t want to see anything visible -
I just trust my app provider (my
bank, my government, my company
etc.) that their apps are protected
I feel more confident if the security
app is visually displayed on my mobile
phone screen, with a sign or a symbol
which allows me to see if there are
updates on my phone
80.5%
19.5%
22. working alongside each other.
It could be argued that app
providers and the wider mobile
industry need to do more to
convince users of the need
for vigilance when it comes to
mobile.
50.6%
56.5%
29.0%
42.4%
53.3%
34.5%
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
Anti-virus
24. The response to this question reiterates the importance
of building frictionless security solutions which do not
impact upon the user experience. Overall, a strong
majority of respondents (60 percent) prefer one-time
authentication. It’s clear authentication methods will
continue to play a role in the quality of mobile experience.
Consequently, app providers face an important challenge
if they want to change the user journey. They will have to
find a way to provide secure authentication in a way that
isn’t disruptive or perceived to be inconvenient. Otherwise
people will just sign in, and click the ‘remember me’ tick-
box to avoid the hassle, or avoid the digital route entirely
in favor of a costlier customer experience touchpoint,
like a face-to-face visit or call to the call center.
60.2%
39.8%
I feel better protected if each app
asks for its own password or PIN
each time I use it
Security on a smartphone must be
easy and frictionless. I want to use a
PIN, fingerprint, password, or pattern
ONCE and then have total access to
all my apps
Which of these two
statements best describes
what you would like to
experience when using your
mobile apps?
26. 38.1%
36.1%
6.7%
Digital Identity documents such as my
passport, or national ID card
Access to my house/apartment
Other (please specify)
I would perform more transactions if I
knew that mobile security was on board
I would pay a premium to get the level
of security I want on my mobile phone
I do not agree with either of the above
sentences
Signing my official documents such
as tax declaration
66.1%
30.6%
22.0%
Do you agree with either of
the two sentences?
services due to poor physical infrastructure. Health,
voting, education, and identity services are just a few
28. want and expect a secure app ecosystem, with their
experience to be frictionless.
• For those organizations who have developed or
are planning to release an app, there are a series
of steps they can take to build trust with their end-
users. Apps must be securely designed to coexist in
an environment where there are many others from
third-parties they do not control: they need to be
able to react and defend themselves, while on the
field
• Layers of protection should be implemented, with
the psychology of security in mind, to make the
user feel secure. This can range from visible icons
to show everything is operating as intended, to login
procedures like biometric authentication such as
fingerprint, facial recognition, iris scanning
• App providers must gauge their audience and the
purpose of their app. In some instances, connecting
a user account with a social network may be
acceptable, but many in others—such as banking or
government providers should tread more cautiously
as consumers are more wary about sharing
credentials across services
• User convenience needs to be part of the design,
from enrolment through to everyday app usage.
It is also imperative that the same experience
applies regardless of the mobile device handset and
operating system
• Consider how biometric authentication could
increase user convenience, driving trust and adoption
of new services. Biometric authentication is being
30. Designing self-protecting apps
App providers need to implement end-to-end security
architecture which can deal with new dynamic malware.
Some solutions such as purpose-built software
development kits (SDKs) can address the problem
through security mechanisms that allow apps to:
• Defend themselves through coding techniques and
cryptography
• Detect threats through secure environment detection
• React in the presence of threats: stop the execution,
send an alert to a risk management server
Strong authentication
SDKs allow developers to design strong user
authentication methods.
Biometric technology, which as we learned in part one
of this report is particularly popular among end-users,
is an innovation that’s well suited to mobile. People trust
that their fingerprints and faces are unique enough to
act as their authentication key. Furthermore, if app
providers want to explore other options for strong
authentication, they could consider one-time passwords,
or Out-of-Band (OOB) via Push, a method where a push
notification is sent to the user’s phone, requesting
approval for any app login request. Secure PIN pads
also warrant consideration as they are integrated in the
app instead of using the default PIN pad of handsets,
protecting sensitive authentication credentials such as
PINs and passwords. In addition, SDKs also enable the
design of digital signatures, which serve as another good
example of a strong authentication method for securing
32. • This coding technique can help protect intellectual
property and licensing
App programming code analysis: the logic of the codes
can be revealed and exploited.
• Code obfuscation
• Anti-debugging
• White box cryptography
• These techniques also help protect against reverse
engineering
User interface: PIN/Password capture through key
loggers (malwares) which can enable hackers to
fraudulently log onto a user’s online banking account, or
fraudulently log on to remote enterprise resources and
steal sensitive data.
• Alternate virtual keyboard, as part of the app design
instead of using built-in keyboards
• Biometry such as fingerprint authentication
• Both solutions provide strong user authentication
Mobile device and passwords stolen and used by an
unauthorized party, which could access user’s online
banking account or a user’s online government accounts
and steal enterprise resources.
• Risk Management System which can detect unusual
user behavior and apply security policies accordingly
• Mobile Device Management (MDM) featuring remote
33. data wipe: in this case the user can remotely erase the
phone memory and keep their personal data private
OS emulation replacing a genuine OS / phone memory
cloning in order to fraudulently access online resources
(bank, enterprise, government…)
• Risk Management System which can detect if the
mobile device is not genuine and prevent unauthorized
access to online resources, according to its security
policies
The operating system of the device is corrupted, with
lower access rights. This can happen when users change
the security settings of their mobile devices, without
realizing the potential risks. If they download malware,
it can potentially control all the apps, since it will have
“super user” rights
• Jailbreak/root detection for these coding techniques
allows apps to detect an unusual or unsafe
environment on the device and can stop it working or
send an alert to the risk management server.
• These techniques help protect an app’s integrity
Transaction values modified: such as the amount of
money that users want to transfer through mBanking for
instance
• Anti-debugging
• Anti-hook
• Anti-tampering
35. transaction patterns, evaluate the risks of a transaction
and remotely stop the transaction or ask the users for
further authentication, to minimize the risk. Crucially,
this analysis is executed in real-time so as to counteract
threats immediately, before it’s too late.
To combat growing levels of
sophistication from hackers, it
is important to adopt a layered
approach to security.
Cyber threats are not static,
but constantly evolving and
increasingly unpredictable.
Depending on what is at stake,
multiple security layers can be added,
increasing the level of security
Security layers
ENCRYPTION
PROTECTION OF APP
INTEGRITY
PROTECTION AGAINST
REVERSE ENGINEERING
STRONG USER AUTHENTICATION
SECURE ENVIRONMENT
DETECTION
NOTIFICATIONS TO RISK
MANAGEMENT SERVER
37. governments – as this happens, more and more threats in this
space continue to arise.
At every step of the user journey, protection is crucial. Strong
authentication and identity protection are necessary
to ensure mobile software receives adequate protection.
Moreover, it is crucial to include user convenience and the
‘psychology of security’ as part of the security design,
in order to trigger service adoption. In particular, the use of
biometry such as fingerprint readers, facial or iris
recognition is becoming more popular.
It’s also worth noting how the research has demonstrated there
is widespread awareness of cybersecurity issues.
Consumers clearly value robust protection to the point that
many would pay a premium for guaranteed security.
In a world where cyber threats are constantly evolving and
consumers have access to an unprecedented number
of valuable services through their smartphones, it is important
each player is prepared. Cybersecurity cannot
be treated as an afterthought; effective risk management and
evaluation systems need to be in place to protect
end-users, otherwise trust in mobile apps will be severely
undermined and the full potential of mobile will not be
achieved. We know the opportunity is out there; we know users
would embrace digital identity for example if they
knew their mobiles were 100% secure (see page 15). Electronic
Identification and Signature (eIDAS) Regulation
is already law within the EU today; it’s now just a question of
gaining momentum.
As our lives increasingly exist on mobile, it is imperative we
can trust the devices and services we use every day.
This is why Gemalto’s mobile security solutions are purpose-
39. identities and protecting data so they stay safe and enable
services
in personal devices, connected objects, the cloud and in
between.
Contributors:
Rémi de Fouchier, Vice President, Marketing Communications
for Gemalto Mobile
Xavier Larduinat, Senior Technologist for Gemalto
Our solutions are at the heart of modern life, from payment to
enterprise security and the internet of things. We authenticate
people, transactions and objects, encrypt data and create value
for
software – enabling our clients to deliver secure digital services
for
billions of individuals and things.
Foreword 3
Introduction 4
General trends for the future of mobile 5
International trends 6
Smart Cities 7
The rise of the driverless car 7
41. by Rémi de Fouchier, Vice President, Marketing
Communications for Gemalto Mobile
No other device today dominates our lives as much as
the mobile phone. We would be both figuratively and
literally lost without them. We use them to wake-up,
to play music on our way to work, to look up facts, plan
our social lives, to work, connect with friends, find love,
and discover new interests, places and opportunities.
This is all commonplace now, in stark contrast to the
years before 2000. I’m currently 45 years old and have
therefore spent most of my life without a mobile phone;
instead, I grew up using paper maps, paper agendas
for meetings and appointments, physical notebooks for
phone numbers and a Sony Walkman – incredibly heavy
by today’s standards - to provide me with music on the
move. With my paper past behind me, it’s been stunning
to see the rise of mobile all around us and how it’s now
woven into almost everything we do.
Every company is now deploying a mobile strategy, and
few people would dare to go without their smartphone for
a week. So we wondered, if we’re so tied to our mobiles
now, what do people think will happen ten years’ down
the line? We polled 1,200 young adults from around the
world about their expectations will be for the world of
mobile in the future, and what they think (and hope!) the
services and features of mobile technology in 2025 will
look like.
The results paint a picture of a world populated by smart
cities, where people live in a hyper-connected society,
using their mobiles for more than many thought possible
only a few years ago. There are a great many dreamers
too, with huge expectations for the way the world will
change in the years to come.
43. have required all manner of gadgets and real-world
resources. Our relationship with other technology, from
MP3 players, to digital cameras, and the humble printed
map has been transformed by the smartphone, and as
the technology develops, more and more is becoming
possible, from healthcare to atmospheric monitoring.
This transformation has resulted in a huge demand for
mobile data. Over time, as mobile technology improved
and consumers became accustomed to using their
phones to go online, mobile internet usage caught
up with fixed connections. In 2014, mobiles overtook
desktops, and since then have only continued to rise.
One important element in the rise in mobile data
consumption is the introduction of smartphone apps.
Since the launch of the iPhone App Store in 2008 (followed
by many similar stores), apps have evolved to turn our
phones into devices as powerful as most PCs. With the
world now at our fingertips, it’s no wonder consumption
has grown so quickly. And as apps continue to increase
in diversity and compatibility, it’s only a matter of time
until mobile phone internet penetration goes over 60%
worldwide. In fact, the figure is expected to grow to 61.2
percent in 20181
In parallel to the evolution of mobile technology,
technical advances have rapidly altered what is possible
over the Internet. We have secure, fast networks able to
stream HD video, and the industry is constantly pushing
the boundaries of what’s possible.
Table 1: Source: Akamai State of the Internet Report
www.stateoftheinternet.com
Average
44. broadband speed
Q3
2007
Q3
2015
%
growth
France 3195 8154 255%
UK 3268 12974 397%
Brazil 698 3646 522%
China 673 3687 548%
USA 3672 12572 342%
Germany 3208 11528 359%
In the last 8 years alone, average Internet speeds in the
six markets surveyed alone have risen more than 400%.
What the next 10 years can bring, we can only imagine,
especially if the promises of 5G – which should be coming
onto the market by then – come to fruition.
In the last 8 years alone,
average Internet speeds in the
six markets surveyed alone
have risen more than 400%
Those we surveyed therefore describe a world in which
the leap from only ten years ago to that of 2025 seems
insurmountable. The rate of change seems improbable,
but as with many future gazing projects, we may actually
find that our projections are too conservative.
46. come equipped with a DNA scanner to ensure only you
can unlock your phone.
Fig 1: How do you expect to unlock your device in 2025?
66.8%
44.3%
43.4%
32.5%
39.5%
40.4%
Finger print reader
Facial biometrics
Retinal scan
DNA scan
Voice biometrics
0% 10% 20% 30%
PIN/password
40% 50% 60% 70% 80%
61%
expect always on mobile
50. environmental monitoring for flood protection. A city
Smart Cities
that syncs multiple infrastructure layers is certainly an
attractive idea, and our respondents certainly buy into
the idea that the getting about will be much simpler.
Our survey touched on a few key areas.
The rise of the driverless car
While Google, Tesla and a few others are running
autonomous car trials as you read this, almost two thirds
(63 percent) think that by 2025 cars will be driverless. But
their appetite for innovation didn’t end there. 60 percent
think car keys are a thing of the past, with access to your
car granted by a simple touch – thanks to DNA sensors.
Of course the interior of the cars that roam the smart
cities will also be updated. 62 of people thought that 3D
maps will be displayed in front of you as you drive so you
never get lost.
And there are some very optimistic youth amongst our
sample, with 27 percent thinking that flat beds will be
an option, allowing you to catch a few winks while the
driverless-car whisks you around town. More than a third
(36 percent) thought that cars would become places you
could catch up on your workload.
Fig 3: What features would you expect from the connected car
of 2025?
62.6%
59.1%
52. shows while zooming through the tunnels. It also looks
like printed tickets are a thing of the past, with 56 percent
thinking NFC will be the de facto ticketing option.
Also interesting is the idea that the transport systems
in tomorrow’s smart cities will be intelligent. 44 percent
agree that public transport networks will be able to
gauge demand and increase or decrease the frequency
of service. This could hugely benefit not only the
environment, reducing nearly empty trains and buses,
but also allow one-off events like concerts or sports
events in a particular part of the city to be better served.
Waiting for a bus or train will also be more interesting
in the future. 53 percent believe that screens will
dynamically display personalised offers, allowing
passengers to fill the time on their journey by checking
out the latest concerts happening that day, or booking a
table at a new restaurant.
People expect high-speed
connectivity even when
travelling underground
Fig 4: What do you expect from a connected transport system?
55.7%
69.3%
52.8%
44.3%
NFC-enabled readers at entrances
54. time the British respondents also have high
expectations, perhaps buoyed by the already evident innovation
in London’s transport infrastructure which
supports NFC card and smartphone payments already.
Fig 6: What do you expect from a connected transport system?
0
10
20
30
40
50
60
70
80
90
100
Workspace Flat beds
Brazil
China
57. all sorts of health data such as their heart rate, blood
pressure, daily steps-taken, and their sleep patterns.
Soon you will be able to track your blood sugar levels to
get an even more detailed view of your health.
Health
The prospect of telehealth resonated well in the survey.
63 percent of people think heart-rate monitors will evolve
to the point of being able to show you a 3D display of your
heart, with daily reports telling you how you are doing.
A fun use of the IoT comes in the form of a connected
toothbrush that will show a detailed 3D display of your
teeth on your smart glasses. The image will highlight
the areas where plaque has built up, dramatically
reducing cases of gum disease, and the toothbrush will
also connect to your dentist to schedule an appointment
if a problem is sensed while brushing. Also, no more
missing that check-up as your toothbrush just made the
appointment you’ve been putting off for months.
One area that surprised us was the respondents’ positive
attitude to connected implants. Six in ten thought
we would have a one that would monitor our blood
pressure in real-time, helping to diagnose problems
long before they become serious. A further 51 percent
thought another implant would do the same for body
fat, synching readings to our smartphones which in turn
would recommend a healthier diet to follow.
46 percent thought that we would have a pulse and
oxygenation monitor built into your smart watch
that combines with a peak flow meter you blow into
occasionally checks your lung performance. Finally, one
third thought that smart toilets would be able to analyse
58. our waste to pick up any symptoms of disease.
Fig 7: What health data would you expect technology to help
collate, assess and
support you and your healthcare adviser?
49.8%
59.3%
62.5%
50.8%
39.7%
32.3%
45.6%
Dental
Blood pressure
Heart rate
Body fat
Flexibility
Digestive
0% 10% 20% 30%
Respiratory
60. items to our homes, and even returning them if we don’t
need or like them. And just over four in ten (42 percent)
think they will also take the hassle out of managing
our social lives, with our free time mapped out with the
latest our smart cities have to offer. Equally 41 percent
think the future Siris and Cortanas will be able to offer
sound business advice on company plans.
Fig 8: What services would you expect from a virtual Personal
Assistant like
Apple’s Siri?
61.2%
41.2%
55.7%
52.4%
41.9%
42.6%
42.9%
5.3%
Organising agendas and meetings
Offering business advice
Discovering new things
Managing your IoT devices and services
62. will take place instantaneously.
Fig 9: What services do you expect from contactless payment
technology in 2025?
61.7%
63.3%
69.3%
41.5%
31.6%
Top-up alerts
Instantaneous payments
Dynamic security
No limits
0% 10% 20% 30% 40%
No more coins
50% 60% 70% 80%
The most striking finding
was that almost a third (32
percent) think that there will
be no coins used in 2025
65. Brazilians are most optimistic about using them to
discover new things, with 70% expecting instant answers to any
question (versus less than half of French and
German consumers). The Chinese meanwhile are most expectant
of virtual assistants to run their IoT devices
(expected by 67%), their social lives (58%) and do their
shopping for them (62%).
Fig 11: What services would you expect from a virtual Personal
Assistant like
Apple’s Siri?
In payments, almost half of Chinese respondents (48%) don’t
expect to be using any coins in 2025. This compares
with a third (35%) of Americans, the next highest group in the
survey. Optimism about cybercrime is greater
across the board, with over three quarters of Americans (79%),
Chinese (84%) and Brazilians (81%) expecting
dynamic cards to significantly improve security. Europeans are
less optimistic here, but over half of respondents
still expect a big improvement.
Fig 12: What services do you expect from contactless payment
technology in 2025?
90
100
80
70
60
73. 25 percent think our computers
will pull thoughts straight
from our minds rather than
waiting for us to type them in
Fig 14: What technology do you expect to be using in the
workplace in 2025?
Fig 15: What do you expect people’s mind-sets around data
security to be in 2025?
59.0%
43.2%
58.4%
51.9%
50.6%
34.5%
24.6%
Smart glasses
Wearable trackers
Smartphones
Tablets
Laptops
Desktop computers
78. Direct-ethanol fuel cells are smartphone batteries capable of
providing the 3000mAh
power needed for periods ranging from weeks to months.
Consumers will love the idea
of charging their phone every couple of weeks rather than every
night. A sure bet by
2020.
The 3.5mm phone jack is the last design frontier to prevent
fully waterproof smartphones.
This is an easy win the industry will pick up as early as 2016,
thanks to Bluetooth low
energy headsets. In time, scuba divers will love to bring their
smartphones on diving
trips and shoot incredible 4K videos.
Shockproof devices: that goes hand in hand with waterproofing.
Handsets makers can
are already doing this today. They will do it on a wider level as
soon as they can be sure
you will only have to change your phone every 18 months.
Touchscreens now double up as 3D sensors, and will soon add
biometric readers right-
on-the-screen. Security engineers will be able to add an X,Y
random screen location to a
fingerprint query, offering a 3FA solution.
HD audio will trigger a brand new range of body-bound devices
to listen to sounds.
Human bones are far more efficient than human ears for low
frequencies, deep sound
reconstruction. Bone conduction is a “mature” technology
which could even enable a
T-Shirt to be your next audio device. We should see amazing
81. What Haven’t Young
People Thought Of Yet
A view from Dan Kaplan, Growth Marketer and Columnist for
Tech Crunch
It’s hard to read much technology journalism and commentary
without coming
across jeremiads worried about all the bad things the pervasive
internet will do to
our bodies, minds, and souls. To see that such a large cross-
section of young people
is so enthusiastic about the potential of emerging tech is
interesting. It makes much
of the hand-wringing about the downsides of new technology
look like angry cane
waving and shouts to “get off my lawn, you damn kids!”
That being said, there are some blind spots in their enthusiasm:
► A.I. automation in this report centers on intelligent personal
assistants. While I’m
as excited as the next optimistic futurist about powerful, useful
bots, how will large
scale automation change the landscape of work? While I’m not
as concerned about
robots coming to take our jobs as some observers, I do wonder
about this risk. Maybe
young people are less worried and more confident in their
ability to adapt than their
parents and grandparents, but I’m surprised there wasn’t more
thought here.
► The implications of pervasive monitoring also do not seem to
register with young
people. Devices and technological infrastructure that can tell me
all about my body,
83. planners, city-states, technology firms, automotive
manufacturers and beyond will all be playing a big role
in delivering some of the elements that make up the
vision the world’s youth share. At least, that is as far as
we can guess what’s coming based on what people want
today. After all, as Henry Ford is famously attributed with
saying, “…if I’d asked my customers what they wanted,
they would have said ‘a faster horse’.”
Operators today are facing challenges on multiple
fronts. These include decreasing revenue per user,
the gradual erosion of SMS revenues as phones have
become ‘smarter’, apps and OTT services devaluing
lots of operator innovation investments, the cost of
infrastructure upgrades and spectrum, the complexity
of managing sector regulation and beyond. The Internet
of Things really opens up opportunities to develop new
fruitful business models. In 2015, almost 5bn Things were
already connected (Source: Gartner). And for 2025, even
if it’s hard to predict at the moment, the most optimistic
people say 50bn Things will be connected, from which a
majority will rely on MNOs’ connectivity services. So to
establish new revenue streams, operators will have to
overcome exciting challenges:
Moving towards dynamic management
of the infrastructure
Ubiquitous, high speed connectivity is high on the wishlist
of consumers everywhere, be that in their homes, on the
subway or beyond. There are boundless opportunities
for mobile operators to explore partnerships with local
communities, with transport networks, brands and
beyond.
To monetize the increasing demand for connectivity
within the massive rise of IoT, network infrastructures
85. Positioning as IoT connectivity
aggregator
The IoT is opening up the development of thousands
of new services using broadband connectivity; MNOs
can play the service transitional role. As connectivity
providers, and having full control of their network
infrastructures, MNOs are in a powerful position to
manage the rights for entering the connected world to
new IoT players.
It is also a responsibility to play a “hub” role for the
connected world. They are the link between the consumer
and their connected activities, and could become the
main interface. In this position, operators will have to
make the connected world accessible to every service
provider. To always provide a seamless connected service
to their customers, every service will have to be easy to
access from any device through any network, without
any friction for the end-user. Standardization will be the
key here. For example, as smartphones will probably be
the main means for payment, any financial institution
will need its service available on any device, without any
constraint.
MNOs are in a powerful
position to manage the rights
for entering the connected
world to new IoT players
As a consequence of the extraordinary rise of new
connected devices, operators will have to be able
to provide flexible connectivity services remotely,
everywhere and anytime, for any device to embed an
instant connection feature. For this, it will be necessary
to work closely with device manufacturers.
86. Taking some risks to enable the IoT
The IoT market is set to grow in excess of 15bn connected
devices in 2020, generating a vast opportunity across
consumer devices, industry, Smart Cities, cars and
connected homes. Making the IoT effective in this context
requires significant work on the technology, standards,
security and beyond. A wide range of new connected
devices or use cases will develop very fast. Operators
will need to follow the pace of new trends, and will have
to try... and fail.
It will be necessary to set up 20, 50 or 100 pilots or beta
test programmes in line with new disruptive connected
technologies that could potentially arrive on the market,
and task the business with assessing the ones that could
be successful – then develop and market those more
aggressively. This requires a bit of (controlled) gambling,
but could be worth it.
Providing next level of Customer
Experience
The market is converging to more simplified User
Interface models, to reduce the number of actions we
make on devices. In the future, our connected devices
will be so smart that they will anticipate our actions,
based on previous behaviour, for a simpler and more
convenient experience. For example, approaching a
cashier would automatically activate our mWallet, or
our car heater would automatically start when the car
detects we’re a few minutes away from going for a drive.
This critical mission will involve providing the most
reliable connectivity experience to make consumers
88. authorized data brokers
Mobile operators hold a wealth of data about their
customers, which will enable them to become authorized
data brokers. This puts them in a good position to
facilitate exchanges of information of mutual benefit to
their customers and themselves; for example, putting
together people who travel a lot with the best travel
insurance policies that meet their needs, or directing
their customers to download apps that might help them
with tasks they are carrying out laboriously on their
phones otherwise. This will need to be handled with
care, and with respect for customer data protection. But
knowing the customer profile through their connected
life habits will be beneficial for them avoiding marketing
message pollution.
Defending the data and enabling the
security of end-users
It’s clearly going to be an even more digital world by the
time we pop the champagne corks on January 1st, 2025.
Consumer expectation in the study is that their providers
– including their mobile operators – take a bigger role in
securing them and protecting their data. Operators today
could start to carve this out as a point of differentiation as
we prepare for the connected future. They need to make
sure their services are always secure, and build a trusted
foundation for the IoT by securing data everywhere.
Most new connected devices and services will not use
a regular SIM card where data and credentials are kept
securely. New types of secure elements, embedded
within the device for most of them, will probably emerge.
And for data in motion, MNO’s will consider setting up
secure authentication and encryption solutions to secure
communications between devices and the cloud.
90. 54%
of respondents say their battery
drains faster than expected,
several times a month.
They would like to understand.
Smartphone users are expected to reach
5.9bn by 2020. ¹
And most new users don’t understand,
and don’t want to understand their device.
But they do want it to be user-friendly,
and when it isn’t, they get frustrated !
«How can
I make my battery
last longer?»
«What am I doing
wrong?»
Poor battery life
47% of respondents experiencedata loading issues
35% experienceconnection failures
28% experiencedropped calls
These experiences are frustrating
and disappointing for end users when
they have to start a task again,
or feel they’re getting poor service
from their operator.
91. They don’t know if problems are caused
by their handset or the network,
but they do want to know how to solve them.
«Where are these
problems
coming from?»
«How can
I fix them?»
Connection issues
47% of respondentssay their phones
are slow
Consumers tend to think that deleting useful apps
and personal photos and videos is the best way
to boost their phone’s speed.
They want performance from their phones.
«Where are these
problems
coming from?»
«How can
I fix them?»
Slow navigation
Available for
«How can
I make my battery
92. last longer?»
«What am I doing
wrong?»
Data plan max-out
25%
of respondents
max out their
contracted data limit
at least once a year
Consumers don’t understand how
their data is used. Some limit their
online activities as a result.
The 4 main pain points for smartphone users
Consumers want help optimizing their smartphones,
but they want it to be quick and easy.
And mobile operators are best placed to provide that.
Provided to MNOs as a white label
solution, Quality of Experience App.
enables end users to optimize
their smartphone usage from
a single application.
Quality of Experience app is part of
our comprehensive LinqUs QoE offer,
enabling operators to monitor network
quality and device performance,
based on real subscriber experiences.
97. -M
ar
sa
tw
or
k
BlackBerry OS iOS Android
Measuring User Confidence in
Smartphone Security and Privacy
Erika Chin∗ , Adrienne Porter Felt∗ , Vyas Sekar†, David
Wagner∗
∗ University of California, Berkeley †Intel Labs
{emc,apf,daw}@cs.berkeley.edu, [email protected]
ABSTRACT
In order to direct and build an effective, secure mobile ecosys-
tem, we must first understand user attitudes toward security and
privacy for smartphones and how they may differ from attitudes
to-
ward more traditional computing systems. What are users’
comfort
levels in performing different tasks? How do users select appli-
cations? What are their overall perceptions of the platform?
This
understanding will help inform the design of more secure smart-
phones that will enable users to safely and confidently benefit
from
98. the potential and convenience offered by mobile platforms.
To gain insight into user perceptions of smartphone security and
installation habits, we conduct a user study involving 60 smart-
phone users. First, we interview users about their willingness to
perform certain tasks on their smartphones to test the hypothesis
that people currently avoid using their phones due to privacy
and
security concerns. Second, we analyze why and how they select
applications, which provides information about how users
decide
to trust applications. Based on our findings, we present
recommen-
dations and opportunities for services that will help users safely
and
confidently use mobile applications and platforms.
Categories and Subject Descriptors
H.1.2 [Information Systems]: User/Machine Systems; J.4
[Social
and Behavioral Sciences]; K.6.5 [Management of Computing
and Information Systems]: Security and Protection
General Terms
Security, Human Factors
Keywords
Mobile phone usage, Laptop usage, Application installation,
Smart-
phones
1. INTRODUCTION
Smartphones have dramatically changed the computing
landscape.
They complement and, in some cases, supplant traditional com-
99. puting devices such as laptops and desktops [8]. We have seen a
tremendous growth in the number and diversity of smartphone
ap-
plications in marketplaces such as the Apple App Store,
Android
Market, and Amazon AppStore.
Copyright is held by the author/owner. Permission to make
digital or hard
copies of all or part of this work for personal or classroom use
is granted
without fee.
Symposium on Usable Privacy and Security (SOUPS) 2012, July
11-13,
2012, Washington, DC, USA.
Despite the popularity of smartphones, there are reasons to be-
lieve that privacy and security concerns might be inhibiting
users
from realizing the full potential of their mobile devices.
Although
half of U.S. adults own smartphones [5], mobile online
shopping
is only 3% of overall shopping revenues [7], suggesting that
users
are hesitant to perform these tasks on their smartphones. A re-
cent commercial study also found that 60% of smartphone users
are concerned that using mobile payments could put their
financial
and personal security at risk [4].
Our goal is to help smartphone users confidently and securely
harness the power of mobile platforms. In order to improve the
se-
curity of mobile systems, we must understand the challenges
and
100. concerns that users currently have with performing sensitive
oper-
ations on their smartphones and identify opportunities to
improve
the security of the device. We interviewed 60 smartphone users
about their willingness to perform certain actions on their
phones.
We found that participants are significantly less willing to make
shopping purchases, provide their Social Security Numbers,
access
health data, or check their bank accounts on their smartphones
than
on their laptops. Our data also sheds some light on why users
might
be more reluctant to perform these tasks on their phones (see
Sec-
tion 4). We expect these results may be helpful in identifying
op-
portunities to improve the security of these devices.
Applications play a critical role in users’ experiences with their
smartphones. To help protect users while selecting applications,
it
is important to understand each step in the mobile application
in-
stallation process: how users discover applications, the factors
they
consider before installation (e.g., price, brand name), and where
they download applications from. We survey the 60 study
partici-
pants about how and why they install mobile applications.
This paper presents the results of structured interviews and sur-
veys of 60 participants. The participants span four popular plat-
forms: Windows and Mac for laptops, and Android and iPhone
for smartphones. We compare and contrast laptop and
101. smartphone
behaviors and perceptions, using laptops as a reference point for
understanding smartphone-specific concerns. The structured
inter-
views were a tool to (1) test our hypothesis that people are less
will-
ing to perform sensitive operations on their smartphones, and
(2)
collect qualitative data about users’ mobile security concerns.
We
also survey participants about the applications that they
installed on
their smartphones to guide the design of new security
indicators.
Contributions: This paper makes the following contributions:
• We find that users are (1) more concerned about privacy on
their smartphones than their laptops and (2) more apprehensive
about performing privacy-sensitive and financial tasks on their
smartphones than their laptops.
• We report the threats that participants worry about on their
smartphones: physical theft and data loss, malicious applica-
1
tions, and wireless network attackers. We also find that partic-
ipants’ fears of wireless network attackers stem from miscon-
ceptions about how wireless network communication works.
• We make several recommendations that could increase
security
and/or user confidence in their smartphones: (1) improved data
102. backup, lock, and remove wipe services; (2) new security indi-
cators in smartphone application markets to increase user trust
in their selection of applications; and (3) user education and
improved user interfaces to address common misconceptions
about wireless network communication.
2. BACKGROUND AND RELATED WORK
2.1 Application and Security Models
Windows: The Windows platform has encouraged a relatively
ad hoc application ecosystem, with third-party application soft-
ware being commonly acquired from diverse sources (e.g.,
online,
physical retailers) without any centralized application market
place.
Given this decentralized nature, there is little by way of
curation of
the applications, and users have to install anti-virus software
(again
from third-party sources) to protect themselves against
malware,
which is a well-documented problem for Windows.
Mac: In contrast, the Mac platform is generally perceived to be
more immune to malware, as there have been relatively fewer
doc-
umented cases of malware attacks. Macs also have anti-virus
op-
tions, but they are less widely adopted [17]. Similar to
Windows,
the traditional application ecosystem has also been largely
decen-
tralized. Motivated by the success of the mobile App Store,
Apple
launched the Mac App Store as a centralized market for desktop
103. applications. It appears to be reasonably successful [1].
Android: There are several “marketplaces” for Android users to
download applications, with the Android Market being the most
popular. The Android Market is not curated, although recent re-
ports suggest that it is scanned for malware by Google [2].
(Google
also removes software that is found to violate their TOS.) There
are several demonstrated malware attacks on the Android
platform.
Anti-virus applications are available for Android, although their
ef-
fectiveness has been publicly questioned [33, 29].
iOS: The App Store is a centralized, curated marketplace for
down-
loading iPhone applications. While the exact details of the
curation
process is unknown,1 there is evidence to suggest that Apple
does
check for security violations. Although there have been few
sam-
ples of iPhone malware, there is plenty of grayware and
jailbreak-
ing applications [23]. Users are prompted when applications
want
to access location or other information via pop-up notifications.
2.2 Related Work
Application Selection: Past research suggests that privacy and
se-
curity play roles in users’ installation decisions. Wash
interviewed
people about computer security threats, and several
interviewees
104. indicated that they were cautious when installing new software
be-
cause of malware concerns [39]. In an experiment performed by
Good et al., people preferred applications with better privacy
poli-
cies unless the privacy came at the cost of application function-
ality [25]. We further explore users’ concerns about application
trustworthiness (and how they prioritize those concerns) by
asking
people to recall the factors that led them to install applications.
We
1Most visible media reports of applications being denied have
to
do with the content served rather than specific security reasons.
also ask people about how they discover applications, which
may
provide insight into how trust in software is established.
Matthews
et al. found that word-of-mouth and browsing the App Store are
important discovery methods for iOS applications [30]; we
further
expand the scope of this study to Android as well.
Researchers have investigated whether placing privacy
indicators
in search results influences users’ online shopping decisions.
They
found that privacy indicators can cause users to pay a premium
to
purchase items from online vendors with better privacy scores
[24,
38]. However, the timing and placement of the indicators affects
whether users heed them [21]. We hypothesize that privacy and
security indicators could play a similar role in application
selection,
105. so we investigate users’ installation workflows to identify
potential
places for security and privacy indicators.
Smartphones vs. Computers: We explore whether users have
different security and privacy concerns for their smartphones
and
computers. Past studies have found that people often begin tasks
on
smartphones but complete them on computers [12, 28, 30].
Many
platform switches can be attributed to screen size, network
perfor-
mance, or typing difficulties. However, we suspect that privacy
and
security concerns may also play a role. Matthews et al. observed
that some users shop for items on their phones but defer
payment
until they are at a computer [30]. We investigate whether
security
concerns about smartphones may be responsible for users’
prefer-
ences for computers in certain situations.
Smartphone Privacy and Security: Smartphones are ideally
suited
for location-aware services. Consequently, prior research has
fo-
cused on users’ attitudes towards location privacy. A large body
of work addresses how users share location information with
social
contacts [14, 26, 18, 11, 40, 13] and companies [20, 19].
However,
smartphones can also be used to handle other types of confiden-
tial data, and there are threats beyond social contacts and
advertis-
106. ing companies (e.g., muggers and man-in-the-middle network
at-
tackers). Ben-Asher et al. surveyed smartphone users and found
that people consider other information on their phones sensitive
(e.g., photos and contacts) and worry about physical attacks on
their
phones [15]. As such, the scope of our inquiry goes beyond
loca-
tion and social contacts. We ask people about their willingness
to
access several types of information on their phones, and our
survey
design allowed study participants to describe their own threats.
Smartphone Application Usage: Prior work has studied how
smartphones are used. Falaki et al. examined Android and Win-
dows Phone application usage from the perspective of reducing
energy consumption [22]. They found that smartphone users pri-
marily spend their time interacting with a small subset of their
in-
stalled applications; relative application popularity can be
modeled
as an exponential distribution. Others have similarly studied the
time that people spend using certain applications [28, 30]. Our
in-
quiry focuses on application discovery and installation rather
than
usage, as our end goal is to help users avoid installing malicious
or
otherwise-undesirable applications.
3. METHODOLOGY
We performed structured interviews and surveys of 60 users to
obtain both a quantitative and qualitative understanding of how
people use their smartphones. As a point of comparison, we also