Security of the mobile internet

Several years ago, I was involved in an international project that focussed on security when using mobile devices and how trust could be enabled in users. At that time, very few users were accessing the mobile internet on a regular basis and consequently, it was very difficult for them to envisage the dangers posed by hackers, malware and unauthorised access to both personal and business data stored on their mobile device.Things have changed since then in terms of mobile internet usage as a boom seems imminent, fuelled by the rise of 3G, smartphones and affordable data package tariffs. Indeed, all around us smartphones are becoming ubiquitous with a spike in smartphone adoption predicted as users come out of contracts and seek a better deal for their money. However, does this increase in mobile internet usage correlate with heightened awareness of security risks? My personal opinion about this (based on conversations I have had and research I have conducted), is that security on mobile devices is a relatively unknown entity which, dependant upon the type of user you are, you either ignore or err on the side of caution and avoid any type of risk completely.

For example, I have spoken to users at one extreme who vocalise concerns such as malicious keystroke logging programmes and an unwillingness to connect to a WLAN network in public places such as cafes etc, as they do not know if the network has security measures in place.
Whereas, at the other extreme, some have told me that they use the mobile internet without any concerns or reservations – viewing their phone very differently to how they view their PC i.e. as something personal and private and not susceptible to attack.

Lack of knowledge and understanding of security can have massive implications in mobile internet usage. For instance, ecommerce has not emerged as yet as a major player within the mobile internet space. This may be attributed to several factors such as problems viewing products on a small screen etc, but many have voiced concerns regarding payment security. Certainly, the small number of people I have spoken to who have purchased items using the mobile internet would only be willing to do so for small-ticket items.

So, it appears that in order to promote usage of this potential revenue stream, businesses have to promote trust (e.g. by using recognisable security symbols) as well as educating users regarding what they should be aware of and what risks they may be susceptible to. The question is then – what is the best way of doing this?

Tip 1: Use clear, recognisable security symbols e.g. padlocks etc, on secure pages.

Tip 2: Browsers could indicate the security status of pages e.g. by using colours such as green for OK.

Tip 3: Retailers could allow users to save a card onto their account by managing their account from a PC – then they could shop for instance, by one-click ordering using the mobile internet. This would reduce the need to enter any details.

Tip 4: Retailers could use a third-party payment system such as Google Checkout or PayPal, again reducing the need to input details.