Security Experts:

Apps Essential to Modern Living But Treated Carelessly: Report

A new research report takes an unusual angle. Rather than analyzing a threat or an attacker, it looks at the psychology of the user -- or more specifically, the user of smartphones and apps. What it found is that the modern use of apps is so interwoven with daily life, they have almost become part of their users' DNA.

The Application Intelligence Report (AIR: PDF) is a new intelligence survey produced by A10 Networks. A10 surveyed 2,000 business and IT professionals in more than 20 different countries -- and it is important to note that these were professionals rather than unemployed teenagers glued to their phones.

The purpose, says Andrew Hickey in an associated blog, a director at A10 Networks, is to "better understand how the global workforce's experiences and behaviors with apps impact personal and corporate security... Why they use them. Their perception of personal and business security when using them. And potential behavioral risks to businesses and IT teams."

The result is sobering, and could fuel a raft of psychology and sociology theses. It first demonstrates how apps and their use is deeply interwoven into everyday life. For example, 42% of respondents globally say they 'cannot live without their apps' while another 44% said 'it would be a struggle' to live without them.

The detail varies by both age demographic and geolocation. Newly emerged and emerging economies seem particularly attached or reliant on their apps: China (99%), India (97%), Brazil (96%) and South Korea (90%). It is the older economies that seem less reliant. Germany ranks highest of participants who say, 'I can easily live without apps' (30%), followed by France (23%), and Great Britain and Japan (21%). Similarly, respondents under the age of 40 are much more likely to say they cannot live without apps than those over 40. 

This basic pattern largely repeated itself throughout the survey. For example, in an emergency that would allow people to take only one item, 45% of respondents elected to grab their phone. It was 74% in China, but only 29% in France.

While details such as these are interesting and possibly surprising (perhaps depending on the reader's geolocation and age demographic), it is the attitude towards security that becomes sobering. "At least four out of five (83%) respondents either agree or strongly agree that they think about security risks when first downloading an app," says the report, "but after that, security becomes much less of a thought or priority in dictating behavior."

One reason seems to be a belief that it is the developer, or the company IT department, that is responsible for app security. Forty-seven percent of respondents "expect to be protected from cyber-attacks by either their company or third-party app developers."

This lax personal attitude to security best shows itself in the use of passwords. One in 10 (11%) of all respondents said they never change their passwords for their apps, while another three out of 10 (29%) use the same password for the majority of their apps. Fewer than one in five (17%) use a different password for every app. The usual demographics apply: 50% of the 21-30 demographic either never change passwords or use the same password the majority of the time, compared with only 26% of those aged over 50.

Surprisingly, the US (49%) is second only to South Korea (52%) in using the same password for the majority of apps -- but less surprisingly, Germany leads in best practices for those who use different passwords (34%).

The effect of poor personal security is born out in practice. Globally, 13% of all respondents have been the victim of identity theft. This grows to 39% in China (a figure that, pro rata, suggests more people than the entire population of the US). Thirty-one percent of respondents have had their phone hacked; and 24% of respondents under the age of 30 have had their phone stolen.

A10 Network draws few conclusions from this report, instead inviting its study and promising to 'dig deeper' in the future. "From a cultural perspective," blogs Hickey, "IT can study the app-blended life, consider user behavior as a factor in security planning, build enterprise-wide security awareness and influence a security-minded culture.

"And from a technology perspective, IT pros can use this data to make the case for improved per-app visibility, per-app analytics, performance, removal of security blind spots and implementation of tighter controls across all application environments." But one thing is immediately obvious: companies with a BYOD policy cannot afford to leave the security of mobile devices to the user.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.