Smartphones are among the coolest gadgets of these days. Considering the pace at which new, slimmer, faster, no buttons/extra buttons and two screens-devices are being pushed onto the market every day, it suddenly makes sense why we tend to change our mobiles sooner than we probably did five years ago. Moreover, the extensive processing speed and the considerable amount of memory that smartphones currently have turns them into extremely useful and quite effective productivity tools (for reading and writing emails, books and documents, planning our agenda, etc) that no longer occupy en entire desk, but fit quite well in a pocket.
But no matter how smart our phones are today and no matter how much of the new technologies they have inside, they are in the end nothing else than communication devices. And as any device with a connection to the WWW, 3G or GSM they are subject to vulnerabilities and malware. Unlike regular desktop or laptop computer e-threats, mobile malware doesn't get into our phones by exploiting obscure breaches and it doesn't affect them by altering the way they work.
Mobile e-threats are actually random applications (sometimes clones or modified legit applications) that have a background agenda: stealing your emails, your contacts, your pictures, your files and reporting your GPS location. They can do even more damage when you use your device to connect to a VPN network.
Dissimilar to computer malware, mobile malicious apps are intentionally downloaded and installed by users who actually don't know that these apps have a secret plan. In the absence of a security solution that it's able to detect them and to warn you accordingly, the first level of defense is you, the user. You should in fact read the permissions list that the app is requesting. If it makes no sense to you why an app that surpassingly does a list of actions would require permissions to some other services that shouldn't access, maybe it would be a good idea to stay away from it.
Why is that? Let me give you an example. Imagine that you are the CEO or the CFO of a company. You have a top-technology smartphone and you obviously use it to read your emails while traveling. While getting bored in an airport, you decide to install a game or some other relaxing app. Since reading a list of permissions can get you even more depressed, you just click accept. And guess what? Yes, you can start playing the game. No wonder so far. But, in the background, your emails – which contain financial records, product planning (marketing strategies, positioning, plans, pricing, etc), intellectual property and so on – are being forwarded one by one to a certain address on the Internet. Also, your GPS position is being reported once a couple of minutes. And things can get even worse. Now, let's assume that one can sell all those details to your competitors or one could blackmail you or, even better, one will use all that data to further target other employees in the company. Not so pretty, isn't it? And all of this just because you didn't want to read... the permissions list.
One way or another, the discussion on how should things be done is long and the related questions numerous: should company smartphones have exactly the same lockdown as the company computers? Should mobile devices be managed by a special administrator or by the employees that use them? Are smartphones supposed to be subject of policies just as any computer will normally do or should they be regarded differently? And the list could go on and on and on. But one thing is for sure: smartphones need security.