PayPal: You Can Trust Mobile Security--Really

A new PayPal-sponsored study shows where the gaps are in mobile security, and one exec refutes industry hype about mobile malware.

Are mobile devices actually safe? That's the question a new PayPal and National Cyber Security Alliance study is aiming to help answer.

The study, based on a survey of 1,000 U.S. adults about their views on mobile device security and usage, shows where the shortfalls are in mobile security.

Nearly two-thirds (63 percent) of respondents did not actually know what types of financial data are stored on their own mobile devices, Andy Steingruebl, director of ecosystem security at PayPal, told eWEEK. Nearly half the survey respondents were nervous about losing their devices and whatever data might be on them, he added.

While respondents were concerned about device loss or theft, Steingruebl noted that most users aren't taking even the most basic steps to actually protect their devices. More than half the survey respondents admitted to not using any type of device lock, Steingruebl said.

Nearly all mobile devices on the market today offer some form of screen-lock functionality. The screen lock can be a PIN number, a lock pattern or in the case of the Apple iPhone 5S—a fingerprint.

"So the disconnect is that more than half of people are worried what happens if their device gets stolen, yet roughly that same percentage aren't doing one of the easiest things they should be to doing to keep themselves protected," Steingruebl said.

As to why most people don't set up a screen-lock PIN, Steingruebl said it's all about convenience. "Most people don't want to constantly be typing a passcode into their device," Steingruebl said.

That's why he recommends making the passcode approach easier through the use of biometrics, like fingerprints, he said.


Despite the constant stream of reports about mobile, particularly Android, malware becoming an increasing problem, Steingruebl doesn't see mobile malware as an impediment to mobile device adoption and use. "The threat is vastly overstated," Steingruebl said. "The actual prevalence of mobile malware on people's devices is actually quite low."

One area that is often cited as a mobile best practice is to not allow users to root their phones. By "rooting" a phone, the user gets full administrative access to the device, which could potentially enable some form of malware to infect the user. While Steingruebl doesn't necessarily encourage users to root their devices, he suggests that it's not entirely evil either.

"On a traditional desktop or laptop platform, you could always install any application you wanted that could access any of your data, and we've kept our consumers safe on that for many years now," Steingruebl said. "While you can stay safer if you don't root your device, I don't want to say it's the be-all and end-all, since we already live in that world with desktops, and we do a pretty good job of keeping people safe there."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.