People don't trust smartphone security – and that's choking the mobile economy

Security fears are diminishing consumer trust

Nearly every week we read about another high-profile hacking story on the news. From major attacks such as Heartbleed to iCloud's targeted celebrity hack, it's not surprising that consumers just don't trust mobile security. Mobile devices are continuing to boom, and with no sign of that abating, security is in need of a radical revamp if we are to avoid throttling the mobile economy.

We conducted a consumer survey to uncover just what effect this mistrust is having on the mobile economy. Surveying 2,000 UK consumers (Atomik Research did the legwork), we found that over half (53%) would never use mobile banking services, while many are avoiding the use of any mobile financial services at all – including PayPal and mobile transfer apps.

Lack of confidence

Furthermore, in the wake of the Heartbleed security breach, only a minority of consumers (18%) still feel confident that they are secure, while almost a quarter (24%) of those surveyed would not feel safe shopping on their handsets. Given the latest advancements in ecommerce this does raise some concerns – how can Twitter's 'buy' button or Apple Pay reach their full potential without the backing of consumer trust?

Overall, 54% of consumers are worried about the level of security on their mobile device. Of those with the greatest concerns, 18 to 24-year-olds, the following was found:

  • 62% said they would never use mobile banking compared to 53% overall
  • 60% would never make mobile payments compared to 50% overall
  • 52% would never use PayPal on their mobile compared to 43% overall
  • 87% cited identity theft as their biggest concern with data loss in the event that their phone was lost or stolen

Among those unwilling to use finance-related apps, many believed the levels of security on their handsets or on the apps themselves were simply not enough to guarantee their banking details wouldn't fall into the wrong hands.

Personally, I believe this perception is not helped by the fact that there is no easily recognised symbol on a mobile device to indicate that an app is secure or that the cloud service it is fronting is from a bona fide service provider, and that the user's information will be protected.

What we do know from the survey is that most people don't PIN-protect their phones and 28% of consumers admitted to knowing a third-party's login details. Therefore they presumably know that they and their information are exposed to attack if the phone is lost or accessed by a friend or family member.

Building trust

We need to regain consumer trust if the mobile economy is to really take off. We all already have multiple digital identities – from online banking and social networking to email and many others, but these identities are becoming more and more prevalent, and how we secure them is a growing concern for consumers. The industry needs to sit up and listen – we need more sophisticated forms of trusted identity.

Modern smartphones already feature multiple on-board security features (e.g. Trustzone in the ARM core processor/UICC from the MNO/TPMs and virtual smart cards/secure MicroSD/keychain/biometric readers), however, through a lack of commitment from service providers and a dearth of security expertise in the app development community, this baseline security technology is not being fully incorporated to the benefit of consumers.

Ultimately, the smartphone has the potential to be the personal security enabler of the future and not the security bleed it is viewed as being today. For this to happen, however, the baseline security technology already available needs to be more widely embraced; only then will we be truly capable of regaining consumer trust.