Security solutions provider Symantec wanted to find out what finders did after discovering a lost smartphone, so they “misplaced” 50 phones in five cities: New York City; Washington D.C.; Los Angeles; San Francisco; and Ottawa, Canada. Before they “lost” the smartphones however, Symantec boffins installed tracking software to monitor all activity on the phones. They also installed “honey stick” files and apps simulating personal data, business information and remote access to corporate accounts. The researchers did not lock the gadgets with passwords or any form of security.

The goal of this research is to show what smartphone users should expect to happen on their phones if they are lost and then found by a stranger. In today’s world, both consumers and corporations need to be concerned with protecting the sensitive information on mobile devices. While devices can be replaced, the information stored and accessed on them is at risk unless users and businesses take precautions to protect it.

Symantec Test Results

Researchers left the phones in heavily trafficked areas such as elevators, malls, food courts and public transit stops. Then they monitored the devices as finders picked up the phone and opened apps and browsed data. The data showed surprising results:

• An attempt was made to access at least one of the various apps or files on nearly all – 96 percent – of the devices.
• A total of 89 percent of devices showed attempts to access personal apps or data.
• Attempts to access a private photos app occurred on 72 percent of the devices.
• An attempt to access an online banking app was observed on 43 percent of the devices.
• Access to social networking accounts and personal email were each attempted on over 60 percent of the devices.
• A “Saved Passwords” file was accessed on 57 percent of the phones.
• 66 percent of the devices showed attempts to click through the login or password reset screens (where a login page was presented with username and password fields that were pre-filled, suggesting that the account could be accessed by simply clicking on the “login” button).
• There was an average time of 10.2 hours before an access attempt was made; with a median time of 59 minutes (based on actual access attempts).
• Of the 50 devices, the owner only received 25 offers to help, despite the fact that the owner’s phone number and email address were clearly marked in the contacts app.

Use Password Protection

This 2011 Symantec honey stick experiment shows the importance of protecting your privacy by locking your smartphones ans mobile devices. Enable passwords on your devices and activate the security features. Some smartphones allow you to encrypt your phone, SIM card and send you an email if the SIM card is replaced.

A smartphone feature called Remote Controls allows you to lock, track and wipe your phone’s data remotely. Most of these functions are included in your phones, you don’t even have to purchase security software. The simple password phone lock is a first step in protecting yourself from data theft and privacy intrusion.

Android 4.0 has a nifty screen security feature called Face Unlock, where users can set this up, snap their picture and save the setting. When unlocking the screen, the phone’s forward-facing camera recognizes the user based on the saved image. It’s not as secure as a password though, so you should rethink using this feature if you’re prone to losing your phones and IDs (because the phone will unlock the screen if you show the owner’s ID picture).

Lost Phones: 2008 vs 2011

Symantec’s results seemingly show a decline in standards compared to a world-wide study by Readers Digest (RD) in 2008, where 68% of the people who found the misplaced phones returned them.

Local researchers from each country arranged and conducted their own tests, observing the mobiles from a distance. They rang the phones and waited to see if anyone would answer, and then watched to see if the person would (1) agree to return it, (2) call later on preset numbers that were programmed into the handsets, or (3) keep the phones for themselves. After all, these were tempting, brand-new phones with usable airtime.

Out of 32 cities studied, the following placed in the top 5:

1. Ljubljana, Slovenia – 29 out of 30 phones were returned.
2. Toronto, Canada – 28 of 30 phones returned.
3. Seoul, South Korea – 3 people kept the phones
4. Stockholm, Sweden – 26 out of 30 returned
5. Mumbai, India; Manila, Philippines; and New York City, USA – 24 phones returned

All over the world, the most common reason people gave for returning a phone was that they too had once lost an item of value and didn’t want others to suffer as they had.

I think the RD study didn’t give the finders enough time to actually “find” the phone and go through it. I think they skewed the results by calling the misplaced phone. Give finders enough time to mull over the options of keeping or returning a lost phone, and half of them will decide to keep it, as shown in Symantec’s study.