Recent articles published on the web about smartphone security have focused on malicious software that users could inadvertently install on their phones. The reasons why smartphones are increasingly coming under attack is because more and more people are using them, and the information being stored on them is of value. Given the possibility of their smartphones being compromised, users ought to give consideration to the data they store on the phone and the security of that data.
A Wired.com article reports on a study done by ViaForensics stating that they have found a noticable number of both iOS and Android applications that store passwords on the phone in clear text. ViaForensics says as much as 76% of the apps they tested are storing user names in clear text.
Another concern is the data apps store on the phones and whether that data is encrypted. If you use a financial app it may store financial transaction and balance information on your phone, therefore I recommend finding out how such apps secure the data it stores on your phone. Unfortunately, some developers do not plainly state how they secure information on the phones. For example, Pageonce states in their FAQ that they use 256-bit encryption, but doesn’t plainly say that is used on phones, on their servers, or on both.
The ideal solution is for the mobile platforms to have built-in encryption of the data storage areas of phones to that users don’t have to rely on the app developers to implement data security. Such encryption should also include data stored in built-in apps like the calendar and contacts as well as the storage area file system.