Toting the details of your financial life around with you on a smartphone may be convenient, but it also puts that information at risk for anyone who gains access to that phone.
“Our whole lives are on our phones,” says Robert Capps, senior director of customer success at RedSeal Networks, a digital security firm. Which means our whole lives, including our finances, are up for grabs.
The primary dangers to your cellphone privacy come in two forms:
- A criminal physically gets possession of your phone: When it comes to what they can pull from it, “for most people the sky’s the limit,” says Adam Ely, co-founder of Bluebox Security, a data security firm.
- Malware that infects your phone: Malware can come from another app you put onto the phone; even something as seemingly innocuous as a game could turn out to be a mask for an intruder.
Some basic protection
There are some basic steps you can take right now to protect your information:
- Use any kind of pass code system already on the phone. Sure, it’s annoying, but it creates a first line of defense in case anyone swipes your device.
- Make sure you can “brick” or wipe the phone remotely using built-in functionality, such as Apple’s Find My iPhone, or a security program such as Lookout. That way, if the thief breaks the code, there’s no information he or she can steal.
Still, those systems aren’t perfect, and your phone still knows an awful lot about you.
Here are three key things your phone may know, and how to stop someone else from accessing that information.
Financial Fact No. 1: Your bank login information
Accessing your bank account through an app is easy, but that means it’s also easy for a thief, especially if you skip the step of putting in your login and password each time.
“A lot of apps are storing usernames and passwords in the apps themselves,” says Capps. “Not all the app authors are taking the right sorts of protections to protect those credentials when the customer isn’t using the app itself.”
And if you use the same password and login for every single financial account in your life, hackers can grab access to those accounts, too.
What to do: If you’re going to use a banking app, make sure you set it up to sign in each and every time. Don’t let the app store that information for you. Also, make sure the app logs you out when you close it. If it doesn’t, do it yourself every time.
Financial Fact No. 2: Your Social Security number and answers to security questions
If you store this information anywhere on your phone, it’s accessible to anyone who gains access to that phone.
“I’ve seen cases where people record Social Security numbers in their contacts,” says Capps.
In that case, not only is it in your phone, but if you back up your contact list to a service like iCloud, it’s now in the cloud and vulnerable there, he says.
But that’s not the only place where your Social Security number can hide. Scan a W-2 document through an app on your phone? You’re number’s there. Email your tax return to your accountant through an email account that’s connected to your phone? Your number’s there. Text your spouse your kid’s Social Security number so grandma can buy him or her a savings bond? Your kid’s number is there.
Your phone can also give hackers clues about passwords and answers to security questions. For example: If you have a lot of contacts with the same last name, hackers may assume it’s a family name and guess it’s your mother’s maiden name — a common security question. Love to post pictures of your Siamese cat on social media? If your password or security answers are pet-related, smart hackers can guess that, too.
What to do: Pay attention to what permissions you give any app you put onto your phone, and avoid apps that want access to things like your contact list, other apps or text messages. Otherwise, you could download a game that’ll start pulling off information and data that you don’t want shared.
“If you don’t give the app any specific privileges, then the app can’t see a whole lot except information about itself and information about the version of the operating system you’re running,” says Ely.
And be careful about what you send through email. Sure, zipping off your tax return through your Gmail account is easy, but you’re putting some very important information at risk.
Keep those passwords strong, too. There’s not much you can do about the ubiquity of a mother’s maiden name being used to ID someone, but you can make sure your passwords have nothing to do with your personal life.
Financial Fact No. 3: Your account balances
One sneaky way hackers can steal your phone data without ever touching your phone is to present themselves through an otherwise innocuous app and then take over and harvest information from your phone.
One place they go: your app history.
“Just like a Web browser, a lot of applications will log some basic history,” says Ely, like what you looked at in the application and how much time you spent in different parts of the application.
That could include looking at your balances. Some credit card companies ask users to verify the last transaction on an account to make sure you’re really you. A hacker could get access to that information, too, and take over your account — especially if they’ve already swiped your Social Security number from your email and your mother’s maiden name from your contacts list.
Malware apps also can grab information from text messages, so if your bank, an app or account texts you something so you can login, the malware can snag and use that, too.
What to do: Download apps only from reliable sources, like the iTunes Store or Google Play. That way, you’ll avoid “overseas third-party pirated applications,” says Ely.
Also, make sure to read the reviews of any app, especially on anything that goes through your contacts, like an app that helps you remove duplicates from your phone.
“What I might not understand is that it’s taking the entire contact list and sending it out to the Internet somewhere,” says Capps.
Even if you’re buying from a reliable source, do some research on what permissions you give it before downloading it on your phone.
“It’s a ‘consumer beware’ market. You need to really understand where you’re getting your apps,” adds Capps.
Your wallet will thank you for it.