Smart Phone

Smartphone Security Survey of U. S. consumers Sponsored by AVG Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon Institute © Research Report Smartphone Security Survey of U. S. Consumers Ponemon Institute, March 2011 Part 1. Introduction Ponemon Institute is pleased to present the findings of the Smartphone Security Survey: A Study of U. S. Consumers sponsored by AVG Technologies. The goal of the research is to determine consumers’ perceptions about the potential privacy and security risks when using their smartphones.In addition, we wanted to learn if participants in our study care about these risks and if they take security precautions. We surveyed 734 consumers who are 18 years and older and own a smartphone. The risks that we address in our survey concern location tracking, transmission of confidential payment without the user’s knowledge or consent, diallerware (specialized malware unique to smartphones), spyware, viruses from insecure WiFi networks and others. What we learned is that most of the consumers in our study are using their smartphones without understanding that they are exposing their sensitive information to the risks listed above.We also believe the findings of this study signal a potential security risk for organizations because so many consumers surveyed use their smartphones for both business and personal use. With business confidential information stored on these smartphones, organizations should make sure employees and contractors take appropriate precautions to secure such sensitive information. We also recommend that security policies state these precautions and ensure they are enforced. Following are the most salient research highlights: ?Eighty-four percent use the same smartphone for both business and personal purposes. The cross over of business and personal usage means much more sensitive and confidential data is at risk and suggests that the smartphone is with them most of the time. Sixty-six percent admit they keep a moderate or significant amount of personal data on their smartphones. Such personal data include email address, name, contact lists, photos, videos, anniversary and personal dates, music, Sixty-seven percent of consumers surveyed say they are concerned about receiving marketing ads and promotions.However, less than half (44 percent) are concerned about having a virus attack on their smartphone when it is connected to an insecure Internet network. In addition to using it as a phone, 89 percent use their smartphone for personal email and 82 percent use it for business email. A smaller percentage of consumers use their smartphones for financial transactions including payments. In fact, 38 percent of consumers use the smartphone to make payments and 14 percent use it for banking. Sixty-six percent of consumers have paid at least once for an item using their smartphone.In addition, 12 percent of consumers say they have experienced a f raud attempt vis-a-vis a mobile payment scheme. Despite this fact, only six percent say they check their mobile bill or statement every month and eight percent check the statement when the bill is higher than usual. Fifty-eight percent of consumers say that based on how they used the smartphone for purchases, Internet browsing and location they were targeted by marketers. Accordingly, 67 percent say they are very concerned or concerned about aggressive or abusive marketing practices. ? ? ? ? ? Ponemon Institute © Research Report Page 1 ?Despite security risks, less than half of consumers use keypad locks or passwords to secure their smartphones. In addition, only 29 percent of consumers said they have considered installing an anti-virus product to protect their smartphone. Forty-two percent of consumers who use social networking apps say they allow smartphone versions of well-known social networking applications such as Facebook to access the same key chains, passwords and log-ins that they use of their desktops, laptops or tablet. Only 10 percent of consumers say they turn off Bluetooth â€Å"discoverable† status on their smartphone when not in use. ? ?Ponemon Institute © Research Report Page 2 Part 2. Key Findings In this report we have organized the findings from the study according to the following topics: Consumers’ use of smartphones, consumers’ awareness about the security risks that accompany their use of smartphones, scenarios that illustrate potential smartphone security risks and how consumers are or are not managing these risks. Consumers’ use of smartphones Most consumers use their smartphone for both business and personal use. Forty percent use their smartphone for business and personal use equally and 25 percent use it for personal but some business use (Bar Chart 1).Only 6 percent of consumers surveyed use their smartphone exclusively for business. Bar Chart 1. What best describes your smartphone use? Both busine ss and personal use equally 40% Mostly personal but some business use 25% Personal use only 16% Mostly business but some personal use 13% Business use only 0% 5% 6% 10% 15% 20% 25% 30% 35% 40% 45% Despite using the Smartphone for personal use, 34 percent say their employer purchased the smartphone and pays all monthly charges. As shown in Bar Chart 2, 35 percent say they purchased it without any reimbursement.Bar Chart 2: Who purchased your smartphone and who pays the monthly service fee? I purchased it without any reimbursement from my employer My employer purchased it and pays monthly charges I purchased it and my employer provided some reimbursement I purchased it and my employer pays monthly charges My employer purchased it and I pay monthly charges 0% 5% 13% 35% 34% 10% 8% 10% 15% 20% 25% 30% 35% 40% Ponemon Institute © Research Report Page 3 Smartphones can perform a wide range of tasks. However, the most popular use next to the phone is business and personal emailing.The mo st popular smartphone uses are checking both personal and business email, using it as an address book, texting, Internet browsing, storing or moving data, obtaining and viewing documents, as a calendar and listening to music (Bar Chart 3). Least popular are banking, travel assistance and video conferencing. (For a complete list of tasks, please see Q. 24 in the Appendix to this paper. ) We suggest this finding may indicate why many in our study are not concerned about the security risks. Because consumers believe its primary use is as a phone or to email they may think (incorrectly) that there are negligible security or privacy risks.Bar Chart 3: Tasks that consumers do on their smartphone Phone Personal email Business email Address book Texting Store or move data Internet browsing Obtain documents Calendar View documents Listen to music Schedule tasks Shop Camera Social networking 0% 20% 100% 89% 82% 57% 54% 53% 53% 52% 51% 51% 50% 48% 44% 42% 40% 40% 60% 80% 100% 120% As reported in Bar Chart 4, 66 percent have paid for an item via their smartphone once, irregularly (once every two months) or regularly (maybe once a month). Fifty-one percent were surprised that they were charged for a service of product they signed up for.Bar Chart 4: Key questions about smartphone use Each bar defines the percentage yes response Did you ever pay for an item via the mobile phone? Did you every sign-up for a service or product on a mobile without realizing that there would be a cost? Have you ever signed a terms and conditions request on your mobile phone? 66% 51% 46% Have you ever been the victim of mobile payments fraud? 0% 10% 12% 20% 30% 40% 50% 60% 70% Ponemon Institute © Research Report Page 4 Consumers store confidential information on their smartphones. Sixty-six percent (40+26) of consumers store a moderate or a significant amount of personal data.Bar Chart 5 shows that only 11 percent say they do not store personal data on their smartphone. Bar Chart 5: How much p ersonal data do you store on your smartphone? 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% A moderate amount of A significant amount of personal data personal data A small amount of personal data None 11% 26% 23% 40% As shown in Bar Chart 6, data most often stored on smartphones include email addresses, names, contact lists, photos, anniversary and other personal dates and location. Consumers are less likely to store planned future purchases, purchase history, health data and security test questions (see Q. 3 in the Appendix for the complete list). Bar Chart 6: What kinds of data do you store on your smartphone? Email address Name Contact lists Photos Anniversary & personal dates Location Music Home address Confidential business documents Date of birth Gender Credit or debit card numbers Videos Passwords 0% 20% 97% 85% 69% 59% 53% 52% 47% 40% 37% 33% 32% 29% 25% 23% 40% 60% 80% 100% 120% Ponemon Institute © Research Report Page 5 Many consumers surveyed have used email and text to sign u p for services or products without realizing they would be charged.As noted previously in Bar Chart 4, 51 percent made what they thought was a free service and later found out they were charged for it. Bar Chart 7 shows most of these purchases were made by consumers using email (46 percent), text message (34 percent) and website (31 percent). Bar Chart 7: The methods used to sign-up for services or products on your smartphone 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Email Text message Website Other 12% 34% 31% 46% Despite these unexpected charges, Bar Chart 8 shows consumers surveyed rarely check their bills for unusual or unidentified payments.Only six percent check their bills every month and eight percent check their bills only if it is higher than usual. Fifty-two percent never check their smartphone bills. Bar Chart 8: Do you check your mobile bill or statement for unidentified charges? 60% 52% 50% 40% 30% 20% 10% 0% Never Yes, occasionally Yes, but only if the bill is higher than usual Yes, I check it every month 8% 6% 34% As previously noted in Bar Chart 4, the majority of consumers (78 percent) say they have not experienced any mobile payments fraud. Twelve percent say they have experienced such fraud and 10 percent are not certain. Ponemon Institute © Research ReportPage 6 Consumers’ awareness about the security risks that accompany their use of smartphones Marketing messages—not privacy and security risks—worry consumers. While the majority of consumers do not feel their private information is at risk or that their smartphone will be hacked (56 percent and 58 percent, respectively), they do worry about receiving unwanted marketing messages. A shown in Bar Chart 9, consumers also worry about being tracked when using their smartphone (64 percent). Bar Chart 9: Attributions about privacy and security risks The agree response is a combination of strongly agree and agree.The disagree response is the sum of unsure, disagree and stro ngly disagree. I worry more about the security of my desktop or laptop computer than my smartphone. When downloading software to my smartphone I do not always check to see if the app is from a trustworthy source. I do not worry that a hacker will attack my smartphone. I do not feel my private information or privacy is at risk when I use my smartphone. I do not worry about losing my smartphone while traveling. I do not worry about being tracked when using my smartphone. I do not worry about receiving marketing messages on my smartphone. 5% 35% 62% 38% 58% 42% 56% 44% 50% 50% 36% 64% 33% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%100% Agree Disagree They also worry more about the security of their desktop and laptop computers than the security of their smartphone. Because of these perceptions about the security of the smartphone, they are not likely to check to see if an application comes from a trustworthy source before downloading it. Scenarios concerning smartphone risks In the surv ey, we asked consumers to respond to eleven scenarios illustrating a range of security issues and risks.Specifically, they were asked if they are aware that what is described in the scenario could happen to them, if they are aware that they experienced what was described in the scenario and what was their level of concern. Following are the 11 scenarios: 1. Location data embedded onto image files can result in the tracking of the smartphone user. 2. Smartphone apps can transmit confidential payment information (i. e. credit card details) without the user’s knowledge or consent. Ponemon Institute © Research Report Page 7 3.Smartphones can be infected by specialized malware called â€Å"diallerware† that enables criminals to make use of premium services or numbers resulting in unexpected monthly charges. 4. Smartphone apps may contain spyware that allows criminals to access the private information contained on a smartphone. 5. Financial apps for smartphones can be infe cted with specialized malware designed to steal credit card numbers and online banking credentials. 6. If a social network app is downloaded on a smartphone, failing to log off properly could allow an imposter to post malicious details or change personal settings without the user’s knowledge. . A smartphone can be disposed of or transferred to another user without properly removing sensitive data, allowing an intruder to access private data on the device. 8. In many cases, people use their smartphone for both business and personal usage, thus putting confidential business information at risk (a. k. a. cross-over risk). 9. A smartphone can connect to the Internet through a local WIFI network that is insecure. This may result in a virus attack to the smartphone. 10.Smartphones contain basic security protections that can be disabled by jailbreaking, thus making the smartphone more vulnerable to spyware or malware attacks. 11. Smartphone users can be targeted by marketers based o n how the phone is used for purchases, Internet browsing and location. As a result, the user may receive unwanted marketing ads and promotions their smartphone. Bar Chart 10 summarizes the consumers’ level of awareness about the above-mentioned smartphone security risks. Consumers are most aware of receiving unwanted marketing messages based on their smartphone usage (60 percent).They also understand that they may be putting business confidential information at risk when using the smartphone for both personal and business use (55 percent), and that they are vulnerable to a virus when connecting to the Internet through a local WIFI network is insecure (35 percent). Bar Chart 10: Are you aware of the following smartphone security risks? Each bar defines the percentage yes response Marketing abuse Cross-over Insecure WIFI Improper disposal Location tracking Jailbreaking Spyware Social network snafu Auto transmission Diallerware Specialized malware 0% 11% 11% 10% 9% 10% 20% 30% 4 0% 50% 15% 15% 21% 35% 31% 55% 0% 60% 70% Ponemon Institute © Research Report Page 8 Bar Chart 11 reports consumers’ actual experience with these security issues. Fifty-eight percent of consumers say they indeed have received unwanted marketing messages. In addition, 52 percent say they have experienced cross-over risk – wherein the security of business information was jeopardized because of the personal use of the smartphone. Bar Chart 11: Have any of these situations happened to you? Each bar defines the combined very concerned and concerned responseMarketing abuse Cross-over Insecure WIFI Improper disposal Location tracking Spyware Jailbreaking Social network snafu Diallerware Auto transmission Specialized malware 0% 5% 10% 20% 30% 40% 50% 8% 8% 6% 11% 10% 16% 13% 23% 52% 58% 60% 70% Bar Chart 12 summarizes consumers’ level of concern about eleven smartphone security risks. Accordingly, a large percentage of these consumers say they are very concerned or co ncerned about each scenario happening to them, especially diallerware (68 percent), unwanted marketing (67 percent), and the auto transmission of personal data from the phone (66 percent).Bar Chart 12: Are you concerned about of the following smartphone security risks? Each bar defines the combined very concerned and concerned response Diallerware Unwanted marketing Auto transmission Jailbreaking Spyware Location tracking Specialized malware Improper disposal Social networking snafu Insecure WIFI Cross-over 0% 10% 20% 30% 42% 40% 40% 50% 60% 51% 50% 60% 68% 67% 66% 65% 65% 65% 70% 80% Consumers are concerned about being tracked while using their smartphones or having their security protections disabled through â€Å"jailbreaking† but generally are not aware of this risk.In Ponemon Institute © Research Report Page 9 contrast, only 40 percent of consumers are very concerned or concerned about cross-over and 42 percent about an insecure smartphone-to-WIFI connection. While the re is some awareness that a smartphone that is disposed of or transferred to another user without removing sensitive data could allow someone to access private data on the device, about half of consumers are not very concerned about this occurring.In summary, consumers surveyed are least aware that the following can happen on their smartphone: the transmission of confidential payment information without their knowledge or consent, downloading a financial app for their smartphone that has specialized malware designed to steal credit card numbers and online banking credentials, â€Å"diallerware† infections that enable criminals to make use of premium services or numbers resulting in unexpected charges and spyware that allows criminals to access the private information contained on a smartphone.Those who are aware of these risks are generally very concerned about how these risks may affect their smartphone. Line Graph 1: Summary of consumer responses to eleven smartphone securi ty risks 80% 70% 60% 50% 40% 30% 20% 10% 0% Location tracking Auto Diallerware transmission Spyware Specialized malware Social network snafu Improper disposal Cross-over Insecure WIFI Jailbreaking Marketing abuse Are you aware? Has this happened to you? Level of concern Ponemon Institute © Research Report Page 10 Part 3.How consumers are managing security risks associated with smartphones Despite the confidential information on their smartphones, consumers are not taking appropriate security precautions. As showing in Bar Chart 13, less than half (43 percent) of consumers surveyed consider security features to be important when deciding which smartphone to purchase. It is not surprising, therefore, that they are not taking security precautions. Bar Chart 13: How important is security as a feature on your smartphone? 60% 50% 43% 40% 30% 20% 10% 0% Important Not important 57%Bar Chart 14 shows 51 percent of consumers surveyed have neither keypad locks nor passwords on their smartpho ne. Nineteen percent have passwords and 10 percent have both keypad locks and passwords. However, when we analyzed the responses of the more experienced users the percentage dropped to 31 percent who do not use keypad locks or passwords on their smartphone. Bar Chart 14: Do you have keypad locks or passwords on your smartphone? 60% 51% 50% 40% 30% 20% 10% 0% No, neither Yes, keypad locks Yes, passwords Yes, both keypad locks and passwords 20% 19% 10% Ponemon Institute © Research Report Page 11Forty-two percent of consumers allow smartphone versions of well-known social networking applications such as Facebook to access their key chains, passwords and log-ins that are used on their desktop computer or tablet (see Bar Chart 15). Twenty-nine percent of consumers say they have considered installing an anti-virus product and 10 percent turn off Bluetooth â€Å"discoverable† status on their device when they are not using it. Only 10 percent set up download controls on their smart phone to protect against apps and games that may contain malware. Bar Chart 15: Security habits of smartphone users Each bar defines the percentage yes responseDo you allow smartphone versions of well-known social networking applications such as Facebook to access your key chains, passwords and log-ins that you use on your desktop computer or tablet (only for those who use social networks)? Have you considered installing an anti-virus product on your smartphone? 29% 42% Do you turn off Bluetooth â€Å"discoverable† status on your device when you are not using it? 10% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Ponemon Institute © Research Report Page 12 Part 4. Methods Table 1 summarizes the sample response for this study of US consumers who own or use smartphones.Our sample frame consisted of nearly 30,000 adult-aged consumers located in the Unite States. These individuals were screened to ensure they use a smartphone for both personal and business purposes. A total of 793 respo nded to our web-based survey. Fifty-nine surveys failed reliability tests, resulting in a final sample of 734 consumers (2. 5 percent response rate). Table 1: Sample response Sample frame Invitations sent Total returns Rejections Final sample Frequency 29,921 27,498 793 59 734 Pct% 100. 0% 91. 9% 2. 7% 0. 2% 2. 5% Table 2a provides the types of smartphones used by consumers.Table 2b lists the operating systems contained on these smartphones. As can be seen, the top rated smartphones are Apple’s iPhone, RIM Blackberry and Google Nexus One. Accordingly, the top rated operating systems are iPhoneOS, RIM and Windows Mobile. Table 2a. Type of smartphone Apple iPhone RIM Blackberry Google Nexus One Nokia N8 Motorola Droid X T-Mobile G2 Sprint HTC EVO 4G Palm Pre Plus Samsung Epic 4G Other Total Pct% 27% 21% 12% 9% 9% 6% 6% 5% 4% 0% 100% Table 2b. Operating system iPhoneOS RIM Windows Mobile Android Symbian OS Linux Maemo Garnet OS Bada MeeGo Other or unsure Total Pct% 24% 19% 12% 9 % 3% 3% 2% 2% 1% 1% 25% 100%Pie Chart 1 reports the age range of consumers in our study. Pie chart 2 shows the employment status of consumers. The largest segment of consumers are aged 36 to 45 (21 percent), and 52 percent are employed in a full or part-time position. Pie Chart 1: Age range 10% 2% 18% 18 to 25 26 to 35 36 to 45 46 to 55 19% 17% 56 to 65 66 to 75 75+ 21% 14% 10% 9% 52% 8% Pie Chart 2: Employment status 5%2% Employee Homemaker Retired Student Unemployed Business owner Active military 13% Ponemon Institute © Research Report Page 13 Pie Chart 3 reports the household income of consumers.Pie Chart 4 shows the location of consumers according to their region in the United States. A total of 44 states are represented in our sample. The median household income of consumers is $81,000 per year. Pie Chart 3: Household income Pie Chart 4: Regional location 1% 4% 10% 13% Below $20k 20 to $40k 41 to $60k 19% 19% Northeast Mid-Atlantic 14% 20% 61 to $80k 81 to $100k 101 to $150k 12% 18% Midwest Southeast Southwest 15% 17% Pacific west 16% 22% 151 to $200k Over $200k In addition to web-based survey analysis, we conducted debriefing interviews with a random cross-section of consumers.In total 128 individuals were contacted, resulting in 66 one-to-one interviews to discuss certain questions and probe for additional insights from the consumers when appropriate. A total of 53 percent of consumers are female, 47 percent male. Forty percent of consumers say they use their smartphone for both business and personal reasons. Only six percent say they use their smartphone solely for business (see Bar Chart 1). Ponemon Institute © Research Report Page 14 Part 5. Conclusion The key finding from this research is that consumers in our survey are unaware of the security risks associated with their smartphones.This could be attributed, in part, to the lack of information being published about smartphone security risks. We also conclude that there may be a perception that because the most popular uses are phoning and emailing they are not putting the data on their smartphones at risk. In contrast, the security of desktop and laptop computers receives much more attention. It is not surprising, therefore, that consumers surveyed are more worried about protecting their computers from security risks. This is despite the fact these devices can contain just as much sensitive data that if lost or stolen could result in financial harm.Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most Web-based surveys. ? Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of adult-aged consumers in the United States, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that auditors who did not pa rticipate are substantially different in terms of underlying beliefs from those who completed the survey.Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are information system auditors. We also acknowledge that responses from paper, interviews or telephone might result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from consumers. While certain checks and balances were incorporated into our survey evaluation process, there is always the possibility that certain consumers did not provide responses that reflect their true opinions. B ? ? Ponemon Institute © Research Report Page 15 Appendix: Detailed Survey Responses Following are the survey results for a final sample of 734 adult-aged consumers located in all regions of the United States. Fieldwork concluded in February 2011. Sample response Sa mple frame Invitations sent Total returns Rejections Final sample Part 1. Background Q1a. Please select the smartphone that you presently use. If you use more than one smartphone, please select the one you use most frequently.T-Mobile G2 Apple iPhone Motorola Droid X Samsung Epic 4G RIM Blackberry Sprint HTC EVO 4G Nokia N8 Google Nexus One Palm Pre Plus Other (please specify) Total Q1b. Please select the operating system your smartphone runs on. Symbian OS Android Linux Windows Mobile Bada MeeGo Maemo Garnet OS iPhoneOS RIM Other Unsure Total Q2. What best describes your smartphone use? Please select only one. Business use only Mostly business but some personal use Personal use only Mostly personal but some business use Both business and personal use equally Total Frequency 29,921 27,498 793 59 734 Pct% 100. 0% 91. 9% 2. 7% 0. % 2. 5% Pct% 6% 27% 9% 4% 21% 6% 9% 12% 5% 0% 100% Pct% 3% 9% 3% 12% 1% 1% 2% 2% 24% 19% 0% 25% 100% Pct% 6% 13% 16% 25% 40% 100% Ponemon Institute © Resea rch Report Page 16 Q3. Who purchased your smartphone and who pays the monthly service (usage) fee? Please select only one. I purchased it without any reimbursement from my employer I purchased it and my employer provided some reimbursement I purchased it and my employer pays monthly charges My employer purchased it and I pay monthly charges My employer purchased it and pays monthly charges Total Q4. Please select all the tasks that you do on your smartphone?Phone Personal email Business email Address book Texting Internet browsing Store or move data Obtain documents View documents Calendar Listen to music Schedule tasks Shop Camera Social networking Payments Games Maps and navigation Upload videos Location services Watch TV/films Banking Travel assistance Video conferencing Monitor health Q5. Have you ever paid for any item via your mobile phone? Yes, only once Yes, irregularly (maybe once every two months) Yes, regularly (maybe once a month) Never Total Q6a. Have you every signed u p for a service or product on your mobile without realizing that there would be a cost?Yes No Total Q6b. If yes, please select the all the methods you used to sign up for the service or product. Text message Email Website Other Total Pct% 35% 13% 10% 8% 34% 100% Pct% 100% 89% 82% 57% 54% 53% 53% 52% 51% 51% 50% 48% 44% 42% 40% 38% 34% 24% 24% 23% 21% 14% 10% 9% 5% Pct% 11% 32% 23% 34% 100% Pct% 51% 49% 100% Pct% 34% 46% 31% 12% 123% Ponemon Institute © Research Report Page 17 Q7. Do you check your mobile bill or statement for unusual or unidentified payments? Yes, I check it every month Yes, but only if the bill is higher than usual Yes, occasionally Never Total Q8.Have you ever signed a terms and conditions request on your mobile phone? Yes No Unsure Total Q9. Have you ever been the victim of mobile payments fraud? Yes No Unsure Total Part 2. Attributions Q10. Please rate each one of the following statements using the scale provided below each item. Strongly agree and agree shown . Q10a. I do not feel my private information or privacy is at risk when I use my smartphone. Q10b. I do not worry that a hacker will attack my smartphone. Q10c. I do not worry about receiving marketing messages on my smartphone. Q10d. I do not worry about being tracked when using my smartphone.Q10e. I do not worry about losing my smartphone while traveling. Q10f. I worry more about the security of my desktop or laptop computer than my smartphone. Q10g. When downloading software to my smartphone I do not always check to see if the app is from a trustworthy source. Part 3. Scenarios Pct% 6% 8% 34% 52% 100% Pct% 46% 21% 33% 100% Pct% 12% 78% 10% 100% Strongly agree 18% 25% 10% 11% 18% 25% 21% Agree 38% 33% 23% 25% 32% 40% 41% Q11. Sometimes location data can be embedded onto image files such as digital photos contained on your smartphone so that other people can track where you are.Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total Pct% 21% 45% 34% 100% Pct% 13% 28% 59% 100% Ponemon Institute © Research Report Page 18 On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your location could be tracked while using your smart phone? Concerned and very concerned shown. Response Q12. Smartphone apps can transmit confidential payment information such as credit card details without the user’s knowledge or consent. Were you aware that this could happen?Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your credit card details could be transmitted with your knowledge or consent? Concerned and very concerned shown. Response Q13. Smartphones can be infected by specialized malware called â€Å"diallerware† that enable criminals to make use of premium services or numbers resulting in unexpected monthly charges. We re you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone?Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone could be infected by diallerware? Concerned and very concerned shown. Response Q14. Smartphone apps may contain spyware that allows criminals to access the private information contained on a smartphone. Were you aware that this could happen? Yes No Unsure Total Very concerned 29% Concerned 36% Pct% 11% 53% 36% 100% Pct% 6% 41% 53% 100% Very concerned 31% Concerned 35% Pct% 10% 58% 32% 100% Pct% 8% 65% 27% 100% Very concerned 36% Concerned 32%Pct% 15% 53% 32% 100% Ponemon Institute © Research Report Page 19 If yes, has this happened to your smartphone? Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone could be infected by spyware? Concerned and very concerned shown. Res ponse Q15. Financial apps for smartphones can be infected with specialized malware designed to steal credit card numbers and online banking credentials. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone?Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone or downloaded apps could be infected by this specific type of malware? Concerned and very concerned shown. Response Q16. If a social network app is downloaded on a smartphone, failing to log off properly could allow an imposter to post malicious details or change personal settings without the user’s knowledge. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone?Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your failure to close the social networking app on your smartphone could allow unauthorized access and/or malicious posts your user account? Concerned and very concerned shown. Response Pct% 11% 56% 33% 100% Very concerned 33% Concerned 32% Pct% 9% 57% 34% 100% Pct% 5% 66% 29% 100% Very concerned 32% Concerned 28% Pct% 11% 56% 33% 100% Pct% 8% 55% 37% 100% Very concerned 26% Concerned 23% Ponemon Institute © Research Report Page 20 Q17.A smartphone can be disposed of or transferred to another user without properly removing sensitive data, allowing an intruder to access private data on the device. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total Pct% 31% 36% 33% 100% Pct% 16% 54% 30% 100% On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that private information on the smartphone would not be removed properly before disposing of it or transferring it to another user? Concerned and very concerned shown. Response Q18.In many cases, p eople use their smartphone for both business and personal usage, thus putting confidential business information at risk. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your use of a smartphone for personal reasons could put the confidential information of your business at risk? Concerned and very concerned shown. Response Q19. A smartphone can connect to the Internet through a local WIFI network that is insecure.This may result in a virus attack to the device. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total Very concerned 23% Concerned 28% Pct% 55% 28% 17% 100% Pct% 52% 36% 12% 100% Very concerned 19% Concerned 21% Pct% 35% 42% 23% 100% Pct% 23% 45% 32% 100% Ponemon Institute © Research Report Page 21 On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone when connected to an insecure Internet network may result in a virus attack?Concerned and very concerned shown. Response Q20. Smartphones contain basic security protection that can be disabled by jailbreaking, thus making the smartphone more vulnerable to spyware or malware attacks. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone’s security settings could be disabled remotely by a third party without your knowledge or consent?Concerned and very concerned shown. Response Q21. Smartphone users can be targeted by marketers based on how the phone is used for purchases, Internet browsing, and location. As result, the user may receive unwanted marketing ads and promotions. Were you aware that this could happen? Yes No Unsure Total If yes, has this happened to your smartphone? Yes No Unsure Total Very concerned 22% Concerned 20% Pct% 15% 57% 28% 100% Pct% 10% 55% 35% 100% Very concerned 34% Concerned 31% Pct% 60% 17% 23% 100% Pct% 58% 15% 27% 100%On a scale of 1 to 5, where 1 = not concerned and 5 = very concerned, how concerned are you that your smartphone could receive marketing ads and promotions? Concerned and very concerned shown. Response Part 4. Other Questions Q22. On average, how much personal data do you store on your smartphone? None (Go to Q24) Only a small amount of personal data A moderate amount of personal data A significant amount of personal data Unsure Very concerned 31% Concerned 36% Pct% 11% 23% 40% 26% 100% Ponemon Institute © Research Report Page 22 Q23.What kinds of data do you store on your smartphone? Email address Name Contact lists Photos Anniversary and other personal dates Location Music Home address Confidential business documents Date of birth Gender Credit or debit card numbers Videos Passwords PIN number Hobbies, sports and travel interests Ages and gender of children Names of children Alarm codes Planned future purchases Purchase history Health data Security test questions Q24. Do you use a one Gigabyte (or higher) storage device on your smartphone? Yes No Unsure Total Q25. What do you worry more about?Losing my wallet/purse Losing my smartphone I worry about both equally Total Q26. What do you worry more about? Losing my laptop computer Losing my smartphone I worry about both equally I don’t have a laptop computer Total Q27. Do you have keypad locks or passwords on your smartphone? Yes, keypad locks Yes, passwords Yes, both keypad locks and passwords No, neither Total Pct% 97% 85% 69% 59% 53% 52% 47% 40% 37% 33% 32% 29% 25% 23% 19% 15% 13% 13% 11% 8% 8% 5% 2% Pct% 19% 68% 13% 100% Pct% 50% 23% 27% 100% Pct% 38% 10% 19% 33% 100% Pct% 20% 19% 10% 51% 100%Ponemon Institute © Research Report Page 23 Q28a. Do you synch your smartp hone with any of the following devices? Laptop Desktop Another smartphone An online backup storage solution None of the above Total Q28b. How regularly do you synch your smartphone with any of the devices listed in Q28a? Hourly Daily Weekly Monthly Irregularly Total Q29. Do you allow smartphone versions of well-known social networking applications such as Facebook to access your key chains, passwords and log-ins that you use on your desktop computer or tablet?Yes No Unsure I don’t use social networking apps Total Q30. Do you turn off Bluetooth â€Å"discoverable† status on your device when you are not using it? Yes No Unsure Total Q31. Have you considered installing an anti-virus product on your smartphone? Yes No Total Q32a. Do your children have a mobile/cell smartphone? Yes No I don’t have children Total Q32b. If yes, do you use your children’s smartphone to keep track of them (from a security perspective)? Yes No Total Pct% 44% 38% 9% 8% 45% 144% Pct% 25% 29% 14% 8% 24% 100% Pct% 21% 25% 4% 50% 100%Adjusted 42% 50% 8% 0% 100% Pct% 10% 83% 7% 100% Experienced 30% 62% 8% 100% Pct% 29% 71% 100% Pct% 22% 33% 45% 100% Experienced 53% 47% 100% Pct% 41% 59% 100% Ponemon Institute © Research Report Page 24 Q32c. If yes, do you set up parental controls on the smartphone to protect your children when they access the Internet? Yes No Total Q33. Do you set up download controls on your smartphone to protect against apps and games that may contain malware? Yes No Unsure Total Q34. When deciding which smartphone to purchase, how important are its security features?Very important and important shown. Response Part 5. Demographics D1. Please check your age range. 18 to 25 26 to 35 36 to 45 46 to 55 56 to 65 66 to 75 75+ Total D2. What is your present employment status? Full-time employee Part-time employee Business owner Homemaker Retired Student Active military Unemployed Total D3. What range best defines your annual household income? Below $ 20k 20 to $40k 41 to $60k 61 to $80k 81 to $100k 101 to $150k 151 to $200k Over $200k Total Pct% 21% 79% 100% Pct% 10% 74% 16% 100% Very important 21% Important 22%Pct% 18% 19% 21% 17% 13% 10% 2% 100% Pct% 48% 6% 5% 13% 10% 9% 2% 8% 100% Pct% 13% 20% 22% 17% 14% 10% 4% 1% 100% Ponemon Institute © Research Report Page 25 D4. What is your highest level of education attained? High school Vocational University or college Post graduate Doctorate Other Total D5. Please check gender: Female Male Total D6. Are you head of household? Yes No Total D7. US Region Northeast Mid-Atlantic Midwest Southeast Southwest Pacific Total D8. Please rate each one of the following statements using the following five-point scale.Strongly agree and agree sown. The Internet is central to my lifestyle I often give advice to others about how best to use computers and software I need to ask for help if something goes wrong with my computer I always try to spend as little time as possible online I am often confu sed when I try to use the Internet to do things I am really concerned about online threats Only people who do risky things on the Internet are at risk to online threats I don’t feel the online threat is that significantPct% 21% 22% 45% 7% 1% 4% 100% Pct% 53% 47% 100% Pct% 48% 52% 100% Pct% 19% 18% 17% 15% 12% 19% 100% Strongly agree 25% 19% 22% 16% 23% 18% 15% 18% Agree 32% 21% 23% 24% 24% 35% 28% 34% Ponemon Institute © Research Report Page 26 Please contact us at 231. 938. 9900 or send an email to [email  protected] org. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting he management and security of sensitive information about people and organizations. As a member of the Council of American Survey Resea rch Organizations (CASRO),we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute © Research Report Page 27