According to a global survey of mobile internet users conducted at the end of 2020, the most common concerns among respondents were having their data accessed by cybercriminals, as well as being a victim of mobile fraud. Mobile privacy concerns might also vary greatly depending on users’ geographical location: in 2021, almost four in 10 smartphone users in Hong Kong reported feeling in control of their personal online data, while only 10 percent of users in South Korea felt the same.
As smartphones make their way into the professional world and onto organizations’ desks, mobile security threats have also become a matter of concern for companies’ cyber security. According to a survey of IT professionals conducted in 2021, the volume of smishing attacks targeting organizations has increased compared to the previous year. Similarly, IT professionals have reported more frequent encounters with vishing attacks since 2020: in 2021, almost seven in 10 of the surveyed IT professionals reported having encountered forms of phishing that used phone calls or mobile voice messages.
Apple’s privacy upgrades are being echoed by Google, which in February 2022 announced it will introduce a new initiative called Privacy Sandbox, aimed at restructuring ad tracking and data collection on Android mobile apps in the next years. Among the initiative’s purposes is also to replace the Android advertising ID with an identifier that can be deleted or reset by users to stop or divert tracking, as well as to implement a new permission system via the Privacy Sandbox.
Mobile security threats
Mobile devices, like their desktop counterparts, are not immune to cyber threats, data breach attempts, and privacy woes. While the number of mobile global cyberattacks has been diminishing in 2021 compared to previous years, the type of frauds and malicious software built to scam users out of their money and data are in constant evolution. In 2021, AdWare was the most common variant of mobile malware detected worldwide. AdWare, which can present itself in the form of pop-up windows containing aggressive advertising and are difficult to close, can be connected to different degrees of nuisance or danger.As smartphones make their way into the professional world and onto organizations’ desks, mobile security threats have also become a matter of concern for companies’ cyber security. According to a survey of IT professionals conducted in 2021, the volume of smishing attacks targeting organizations has increased compared to the previous year. Similarly, IT professionals have reported more frequent encounters with vishing attacks since 2020: in 2021, almost seven in 10 of the surveyed IT professionals reported having encountered forms of phishing that used phone calls or mobile voice messages.
Mobile data collection: the case of commercial period tracking apps
As of the beginning of 2022, global users had access to almost six million mobile apps available on the market across the leading app stores, the majority of which not only require additional permissions to function, but also might track and collect various types of data for third-party advertisers across multiple websites and other apps. Whilst one of tracking’s main objectives is to propose relevant advertising, the possibility for external actors to access sensitive information and distort the purpose of data collection is not to be overruled. Commercial health-related apps are often regarded as potentially invasive apps, with period trackers being a currently widely discussed example. As of March 2021, mobile period tracking and female health app Ovia was found to collect the largest amount of data from global iOS users, with four data points collected over users’ content and two data points collected over users’ health and fitness information. As of May 2022, public fears have been focusing on the possibility for commercial female health apps and menstrual cycle self-tracking apps to be used for monitoring women’s reproductive cycles and enforcing a potential abortion ban in the United States.Apple’s iOS and the ATT framework: a future model for transparent app tracking?
In April 2021, Apple released its iOS 14.5 version, introducing the App Tracking Transparency (ATT) framework for developers. Under the ATT, iOS users have the freedom to enable or disable tracking, by deciding if they want advertisers to identify them and collect information on their presence and activities in the app. Before the ATT, app marketers were able to access users’ Identifier For Advertisers (IFDA), a serial number that provides depersonalized users’ identification for tracking purposes. After the introduction of ATT, around 25 percent of app publishers and marketers reported expecting a drop between 10 and 30 percent in their ad revenues. In comparison, the policy appeared to be well-received among iOS users, with 80 percent of the mobile audiences of Snapchat, Facebook, and Twitter deciding to opt-out of tracking during the third quarter of 2021, resulting in 40 percent of all ad impressions on the platforms being untraceable.Apple’s privacy upgrades are being echoed by Google, which in February 2022 announced it will introduce a new initiative called Privacy Sandbox, aimed at restructuring ad tracking and data collection on Android mobile apps in the next years. Among the initiative’s purposes is also to replace the Android advertising ID with an identifier that can be deleted or reset by users to stop or divert tracking, as well as to implement a new permission system via the Privacy Sandbox.
