A friend of mine recently had an issue with her phone. It was buggy and just doing weird things. She wondered if she had a virus and asked if I’d help her troubleshoot the problem.
It should be noted that a few weeks prior she and I were having a conversation about what Moki does: help secure consumer-facing mobile apps and devices. She asked, “Is that even an issue?”
It was gratuitous timing for me as the SSL bug in iOS was announced and patched. We discussed what the bug meant which lead to conversations about protecting data, hackers, etc. and she was convinced that it posed a pretty significant risk. She walked away educated and resolved to update her phone. I walked away feeling like a good citizen and gave myself a well-deserved pat on the back.
So back to her current problem – the first question I asked her was, “You updated your phone like we talked about, right?”
Her response was, “Well I went to update it, but didn’t have enough memory and didn’t want to get rid of my pictures and the apps that my kids use.”
After a short discussion about potential things that could be causing her phone’s buggy behavior, she cleared up the necessary memory and updated her phone. Her phone now works fine.
She was willing to delete pictures and apps to improve the usability of her phone, but would not do so to improve its security.
Do consumers care about mobile app security?
Tyler Shields weighed in by saying:
“The end user doesn’t want to have to care about security and privacy. They expect privacy to be “taken care of” and to be provided to them as a natural right. The end user will choose to accept permissions and behaviors that directly compromise their personal data for something as trivial as opening a new level in “Angry Birds” or listening to a new single using “Pandora.” Look at the apps on your phone. Are you making safe application choices?”
The need for users to be more aware is apparent. Dennis Fisher and Mike Mimoso recently discussed this in a Threatpost podcast (about 17:30), and actually discussed user attitudes similar to that of my friend.
Do consumers care about security? They should. Most don’t. And of those who do, very few know how to protect themselves.
The responsibility to secure mobile apps and protect consumers (and ultimately the business) lies on the enterprise, on the developer and on the service provider.