Mobile Malware Threat Overblown, Says PayPal Exec

A new study reveals potential gaps in mobile security, but dismisses industry hype about mobile malware

The question of how secure mobile devices are, has been addressed in a new PayPal and National Cyber Security Alliance study.

The study, based on a survey of 1,000 US adults sought their views on mobile device security and usage. It reveals where the shortfalls are in mobile security.

Mobile Security

Nearly two-thirds (63 percent) of respondents did not actually know what types of financial data are stored on their own mobile devices, Andy Steingruebl, director of ecosystem security at PayPal, told eWEEK. Nearly half the survey respondents were nervous about losing their devices and whatever data might be on them, he added.

While respondents were concerned about device loss or theft, Steingruebl noted that most users aren’t taking even the most basic steps to actually protect their devices. More than half the survey respondents admitted to not using any type of device lock, Steingruebl said.

Nearly all mobile devices on the market today offer some form of screen-lock functionality. The screen lock can be a PIN number, a lock pattern or in the case of the Apple iPhone 5S – a fingerprint.

“So the disconnect is that more than half of people are worried what happens if their device gets stolen, yet roughly that same percentage aren’t doing one of the easiest things they should be to doing  to keep themselves protected,” Steingruebl said.

As to why most people don’t set up a screen-lock PIN, Steingruebl said it’s all about convenience. “Most people don’t want to constantly be typing a passcode into their device,” Steingruebl said.

iphone mobile fingerpint scanner security © Tetiana Yurchenko ShutterstockMalware Myth?

That’s why he recommends making the passcode approach easier through the use of biometrics, like fingerprints, he said.

Despite the constant stream of reports about mobile, particularly Android, malware becoming an increasing problem, Steingruebl doesn’t see mobile malware as an impediment to mobile device adoption and use. “The threat is vastly overstated,” Steingruebl said. “The actual prevalence of mobile malware on people’s devices is actually quite low.”

One area that is often cited as a mobile best practice is to not allow users to root their phones. By “rooting” a phone, the user gets full administrative access to the device, which could potentially enable some form of malware to infect the user. While Steingruebl doesn’t necessarily encourage users to root their devices, he suggests that it’s not entirely evil either.

“On a traditional desktop or laptop platform, you could always install any application you wanted that could access any of your data, and we’ve kept our consumers safe on that for many years now,” Steingruebl said. “While you can stay safer if you don’t root your device, I don’t want to say it’s the be-all and end-all, since we already live in that world with desktops, and we do a pretty good job of keeping people safe there.”

What do you know about Internet security? Find out with our quiz!

Originally published on eWeek.