Smartphones are the essential devices of the modern mobile world. We use smartphones to tackle seemingly limitless tasks such as texting, chatting, shopping online, updating our social networking status, researching, emailing, creating documents, making phone calls, video conferencing, and banking. The list will only grow as smartphone capabilities continue to expand. 50.4 percent of US consumers own a smartphone; a percentage which is projected to increase as it has, every previous year (http://techcrunch.com/2012/05/07/nielsen-smartphones-used-by-50-4-of-u-s-consumers-android-48-5-of-them/).
Smartphones are attractive devices that can simplify many of our most essential and mundane tasks. Not only do they allow us to connect and interact with others in a simplified manner, but they also allow us to conduct many essential business tasks without the need for comparatively bulky laptops. However, in addition to the seeming wealth of capabilities provided by these devices, smartphones also carry a certain number of risks.
Most consumers are aware of the risks that viruses and malware pose for computers, but how many are aware that smartphones are vulnerable to the same sort of pernicious attacks? In a study in the year 2012, antivirus program developer McAfee found that 19.32 percent of consumers either had disabled or nonexistent antivirus software. Assuming that this figure is correct, the vast majority of computers in the United States do possess some sort of active antivirus software. Therefore, most consumers in the US are aware of the risks posed by malware and viruses, and take active steps to protect themselves against such risks.
Compare this with the percentage of smartphones that do not possess some form of antivirus protection, that is, 40 percent. Even worse little more than one third of iPhone users actually have antivirus software installed on their device. Why? According to a research firm, Kaspersky, this is because mobile users feel relatively safe. Many consumers underestimate the danger that malware and viruses pose for their smartphones, even while they recognize the similar risk malicious software poses for their personal computers (http://www.kaspersky.com/au/about/news/press/2012/number-of-the-week-40-percent-of-modern-smartphones-owners-do-not-use-antivirus-software).
When we consider the number of reported malware attacks, the lack of awareness on the part of consumers becomes truly alarming. Between January and June 2012, Kaspersky recorded over 50,000 malware or virus attacks on smartphones. The number of attacks between January and March eclipsed the number of attacks for the entire year of 2011. In other words, there is a staggering amount of malware programs targeted at smartphones and that number is multiplying at an alarming rate (http://www.kaspersky.com/images/Kaspersky_Lab_Infographics_Android_Malware_Growth_2012-10-156085.png).
Because of the nature of smartphones as multi-purpose devices, the risk posed by malware or viruses can manifest in surprising ways. Consider the Geinimi Trojan, a malware that is embedded in certain apps and games. For a user to contract this Trojan, all they need to do is download an infected application. After installing the app, the Trojan allows hackers to remotely control the device; these criminals can use smartphones to place phone calls, send and delete text messages, and even locate the device geographically using the phone's maps application via the GPS (Global Positioning System) functionality that is embedded in the device. If the smartphone's owner had been using the device to conduct mobile banking, then the hackers would even be able to access their banking account or to record their account information. Once the customer data has been identified or captured, then the hacker can send the data back to the "mother ship" via a number of mechanisms, including e-mail and/or text messages (http://www.nbcnews.com/technology/technolog/smart-phone-malware-six-worst-offenders-125248).
Malware and viruses represent a significant risk for smartphones; a risk of which many consumers remain unaware. Unfortunately, this threat to smartphone security is not limited to illicit programs, such as malware or viruses. Legitimate programs produced by respected companies are also used to collect and disseminate our personal information. In addition to the well-known companies such as Facebook, smartphone-specific companies, such as our cell phone carriers, also track and monitor our usage. Occasionally, these companies even sell this information, thus further removing our ability to control our privacy. All of this means that containing security risks to our smartphone is not as simple as downloading and installing an antivirus program. In fact, many antivirus products for smartphones are relatively ineffective at stopping threats (http://www.msnbc.msn.com/id/45292075/ns/technology_and_science-security/t/study-some-free-android-anti-virus-apps-fail-miserably/#.UPRrEYYkKSo).
While risks to our smartphone security may seem daunting, there are steps that consumers can take to protect their devices. Using this book, we will teach you how to protect yourself against threats to your smartphone, as well as how to respond in the event that you become a victim of an attack.
By and large, the conveniences we enjoy on our smartphones duplicate the tasks we could only do previously on our laptops and desktops. From tweets to spam, it all started on our computers, and only later moved into the mobile space.
Facebook was not the first social networking site. Social networking, or the concept of using the Internet to form relationships and keep in touch with friends, may have begun as early as the mid 90s when sites such as Classmates.com and Geocities.com first gained prominence.
Facebook, the successful social networking site, was launched in 2004. Many of us already know the story of Facebook and its founder. Facebook originally began as a social networking site exclusive to Harvard students and alumni, but later expanded; first to all universities, and then to the general public. Today, Facebook has evolved into a complex and effective site which allows people to connect with one another in the online space. Members are no longer necessarily required to find and create their own friends network; Facebook has algorithms and automated processes which attempt to find friends for its members. In addition to the basic degrees method first pioneered by Friendster, Facebook also attempts to connect people based on criteria such as hobbies and geographical location.
The method by which Facebook collects this sort of information has even begun to expand beyond the details explicitly provided by members in their profiles. For example, Facebook has developed methods for monitoring external sites that its members visit. One that many may be aware of is the Facebook icon that adorns many websites. If a user clicks on one of these buttons, this provides Facebook with a method of linking a member's interests to their profile. What's more, this is done even if a Facebook member did not intend to provide such information to the site.
In 2006, Twitter launched with the concept that social networking may be best enjoyed in a smaller and more digestible format. Twitter's approach to social networking created a multi-layered network, whereby a visitor would easily be able to read both a particular member's post as well as the posts of that member's followed accounts. Of all of the social networking sites, Twitter may have been the most successful in the migration to the mobile space. The reason for this should be understandable; the screens on smartphones are smaller than laptop or desktop screens, and smartphones are often used in far more limited durations than computers.
It is important to remember that social networking is a two-way street. Users sign up for these services so that they can interact with friends and colleagues. However, many social networking sites are interested in collecting our personal information. As part of the relationship between users and social networking sites, users routinely provide personal information to these sites. Because social networking sites are businesses, they often consider customer information as one of their most valuable commodities.
With customer information, social networking sites are able to target their customer demographics for presentation to potential advertisers. In some cases, these sites even turn customer information into a commodity by selling it to other companies or parties. Finally, this information is useful as a method for pinpointing demographic deficiencies; Facebook, for example, may decide to expand its marketing for 21 to 45 year olds if it discovers a shrinking user base in that demographic.
This is important to you, the end user, because these practices place your personal information at risk; remember that protecting your information is one of the primary objectives in mobile and electronic security. As will be discussed in Chapter 3, Privacy – Small Word, Big Consequences, social networking sites do not always use personal information in the way you might intend. Also, these sites routinely share user's personal information with numerous third parties, thus further decreasing a user's ability to control their information.
Companies have always been interested in the demographics of their customers. Before the rise of the Internet, one of the more common methods of assessing customer demographics was through polling. A company spokesman might contact a customer after they have purchased a product or service and ask the customer about their experience. The company spokesman would then use this polling information to create a profile which might represent hundreds or even thousands of potential customers; demographic information, such as race, gender, income level, geographic locale, and personal hobbies or interests might all be incorporated into such a profile.
Today, companies still create exactly these sorts of profiles, but their methods for collecting our demographic information might be surprising; they do so by tracking our computer and smartphone activities. Do you shop on Amazon or at the online stores for Target or Walmart? Do you download music through iTunes? How about social networking sites? Do you use Facebook, LinkedIn, or Twitter? If the answer to any of these questions is yes, then you have provided some or all of these companies with demographic and personal information about yourself. Just like the polls mentioned previously, many company websites use monitoring algorithms to collect information on their visitors in an effort to understand their demographics. So, you might be wondering; how do they get this information? You may think that because you didn't purchase anything from Amazon or because you provided incomplete or inaccurate information on your Facebook account, that the company does not have your personal information. However, you would be surprised at exactly how much information a company is able to collect regardless of what you choose to provide. For example, you may have only browsed the products on Amazon.com, but not actually purchased anything. What you may not know is that sites, such as Amazon often have monitoring algorithms that trace their visitors back to their geographic point of origin. What's more, by browsing for certain items, Amazon can infer what age group you're likely to be in, what your gender is likely to be, and even whether you're married or have children. This may not worry you, but consider this; if you have an account on Amazon, they can use this information on your browsing habits to target you for particular sales. Some companies, though not necessarily Amazon, even sell these profiles to other companies.
The tracking habits of social networking sites can be even more worrisome. Let's consider the activities of Facebook. As a part of a Facebook profile, a user is requested to provide numerous personal details, including age, race, sex, marital status, geographic location, alma mater, and so on. Many users do not complete all of this information, choosing only to provide those details that they consider necessary for connecting with their friends. However, what many of us don't know is that Facebook can infer some of these details because the site monitors both your activities and the activities of your network of friends. The company can infer, for example, your geographic location based on the geographic location of your friends.
The danger of this sort of a practice has, unfortunately, been demonstrated by several scandals that have marred Facebook's reputation in recent years. In 2007, Facebook launched Facebook Beacon , which was a system that monitored the activity of Facebook members both within their profiles and through external sites, such as Fandango. What this means is that, if you purchased some tickets through Fandango, Fandango might, as a partner with Facebook Beacon, send this information to Facebook. The purpose of Facebook Beacon was to target advertising efforts to their members. Facebook addressed privacy concerns by arguing that no information was collected without a member's explicit approval, but they failed to specify that such approval was interpreted through acceptance of the privacy agreement. Practically, this means that every Facebook member's personal information could be collected and released to other Facebook partner companies, because everyone with a Facebook account was required to accept the privacy agreement upon signing up (http://www.zdnet.com/blog/btl/facebook-beacon-update-no-activities-published-without-users-proactively-consenting/7188).
Though Facebook Beacon was discontinued not long after its launch, other privacy scandals have continued to rock the company. In 2012, a number of users discovered that what they thought were private messages were appearing publicly on timelines (http://hypervocal.com/news/2012/facebook-bug-hack-private-messages-timeline/#). In 2011, Facebook even had to settle a lawsuit with the FTC, admitting that they had engaged in deceptive privacy practices; between 2007 and 2011, Facebook had altered their privacy agreement numerous times. Some have argued that this practice was an attempt to mislead users about their privacy rights. After all, how many of us really read the privacy agreements on websites, such as Facebook in any great depth before clicking on Accept? The manner by which these same companies, as well as hackers and other criminals, track our activities on smartphones and other mobile devices is covered in greater detail in Chapter 3, Privacy – Small Word, Big Consequences.
Throughout the 90s, computer and Internet technology revolutionized the way we socialized, purchased goods, and even found employment. By the end of the decade, many essential tasks could be completed without the need to leave the comfort of our homes. New concepts like "social networking", "telecommuting", and "digital goods" entered our collective vocabularies. Smartphones may represent a natural evolution of this process. While shopping for Christmas gifts from the comfort of our homes can be convenient, it can be even more convenient to shop for Christmas gifts from a smartphone while away from home. However, these new capabilities can be something of a double-edged sword; in some ways, smartphones are more vulnerable than laptops that have traditional antivirus software.
Originally, smartphones were any cell phones designed to perform tasks in addition to just making phone calls. These early smartphones had a dedicated and limited operating system. Today, however, smartphones are a specific class of device with a broad array of capabilities and features; what this is means is that the operating systems on smartphones are similar to the fully featured operating systems, such as Windows that run on our computers. Regular cell phones, by contrast, run on Real Time Operating Systems (RTOS) operating systems, which possess more limited capabilities and are designed to be more streamlined in nature. A smartphone is merely a mobile phone/cell phone that has more advanced computing capabilities, connectivity, and functionality than a conventional phone, which is limited in functionality to a basic handset or feature phone. The latter usually having the ability to run the third party apps via J2ME or BREW, but which have limited integration with the phone capabilities. Smartphones, on the other hand, usually have more advanced APIs that allow the third party apps to have tighter integration with the phone features and capabilities. Beyond this basic requirement, the variety of functions that smartphones can perform is seemingly limitless. Smartphones can organize our calendar and fax our documents, but they can also be used to update our Facebook status, download movies, and countless more functions through a variety of applications. You might say that this is what makes them smart; their focus on their additional functions as opposed to their ability to serve as mobile telephones.
The iPhone is the elephant in the room when it comes to smartphones. According to a report by technology publication Engadget, the iPhone commanded a staggering 34.3 percent of the cell phone market share in the US as of October 2012 (http://www.engadget.com/2012/10/02/comscore-iphone-moved-up-to-34-percent-us-share-in-august/).
When you consider that the remaining market share is spread out across all other cell phone manufacturers, from Samsung to Motorola, you can see why Apple's competitors might be envious of the iPhone's success. After all, according to Engadget, three out of every ten cell phones in the US are iPhones. But this data is changing quickly. Smart mobile devices, including notebooks, smartphones, and tablets, shipped 308.7 million units during the first quarter of 2013. This shows a net increase of 37.4 percent over the figures compiled from the previous year. The Android operating system, accounted for a hefty 59.5 percent. Apple's iOS took 19.3 percent of the market share, just 1.2 percent ahead of Microsoft's share of 18.1 percent.
Released in 2007, the iPhone was originally conceived as an iPod with the added functionality of a cell phone. The original iPhone could make and receive phone calls, but it could also play music and interact online. Subsequent iterations of the iPhone only cemented the success of the first release. In July 2008, Apple released the iPhone 3G. The primary feature of this device was in the title; it ran on the third generation of the mobile telecommunications network. The iPhone 3G was also the first generation of the device to include GPS functionality and included a maps application.
As you can see, in the years since the iPhone's release, functionality has been expanded that might allow the device to be easily tracked and monitored. Of course, users benefit from this functionality because they are able to find their iPhone, should they misplace it or should it be stolen. However, other parties may be able to use this same functionality. As will be discussed further in Chapter 3, Privacy – Small Word, Big Consequences, Apple is able to use the GPS functionality to track your phone's geographical location. Ostensibly, this is only for the purposes of targeted advertising and customizing consumer support. However, even if you consider Apple to be a trustworthy company, their ability to track your phone's location does render you vulnerable to an outside party. In addition to legitimate parties, such as corporations, illegitimate parties may also be able to utilize these new features. Consider that a hacker may be able to locate your phone geographically through the iPhone's Find my iPhone cloud feature; all a hacker would need is your user identification information and a working knowledge of iTunes (http://ign.com/articles/2010.06/24/the-history-of-the-iphone).
Most of Apple's competitors use the Android mobile operating system to run their user interface.
Comparatively, the iPhone runs on iOS (iPhone Operating System). This is Apple's internally developed operating system, which cannot be used to operate other devices without Apple's permission (and Apple has not, as of the time of this writing, provided such permissions to any other manufacturers). From the perspective of maintaining your mobile security, this is significant because Apple is the sole entity which is able to operate and monitor this platform. Apple protects this operating system (OS), so that it is not easy for the standard end user to alter and/or modify the OS. The best way to understand the difference between the Android and the iOS operating systems for smartphones is by considering the difference between the Windows and Apple operating systems that run on PCs and Macintosh computers. The latter, like iOS on iPhones, only runs on Apple products. The former, like the Android, runs on a variety of devices produced by a variety of manufacturers.
The Android operating system, like the iOS on iPhone, is an operating system designed for the use on smartphones with a multi-touch screen. The Android operating system is currently open source, which means that anyone can access the code and make alterations. What this means for the consumer is that the Android operating system can run quite differently on different phones that use it.
The Android OS is being used in a variety of electronics, including laptops, TVs, cameras, smart glasses, treadmills, headphones, and many other items. This is due to the customizable open and native nature of the Android operating system. One cool use of Android is the Android@Home technology that provides home automaton. This technology provides a mechanism to remotely manage smart house devices, including:
Thermostats
Power sockets
Light switches
Scheduling for powered devices
Using an Android OS these home services allows end users to manage their home devices using a PC, phone, or tablet
As one might imagine, this lack of parity between the Android phones can also create some problems for the end user, in terms of performance and functionality. Some apps purchased on the Android App Store may only work on certain phones, and thus it is the user's responsibility to ensure that their phone can run the application in question before they choose to download it.
Google introduced a security service to automatically scan applications that are posted in the Google Play Store known as bouncer. This service reviews the applications to determine if there are any malicious applications. This service is not a 100 percent solution and there is no guarantee that this will block all malicious applications. The bouncer program does the following:
As soon as an application is uploaded into the Google Play Store, the bouncer program starts to analyze the application for known spyware, malware, and Trojans
Based on a set of rules, the bouncer program looks at an application for any code that may cause issues with the OS
Also the bouncer program will review the uploaded application against other applications to identify possible issues
There is also an emulation process that Google executes to determine how the application may run on the Android OS
The bouncer program will also check the hosting account to determine if this account is known for posting a bad code
Because of the open source nature of Android, Android phones are at a greater risk to security infringements than the iOS phones. According to Bloomberg news, Android phones are far more vulnerable to malware and virus attacks than the Apple devices (http://www.kansascity.com/2011/11/15/3267279/android-more-virus-prone-than.html). The primary reason for this is the lack of a rigid infrastructure like the one that exists with Apple's products. While you may utilize Google's official Android App Store to purchase apps, you may also choose from half a dozen other application markets that are available for Android users (http://www.techrepublic.com/blog/smartphones/iphone-or-android-five-questions-to-help-you-decide/4456). The oversight on these alternative application markets varies, which means a user may be less assured that a particular app does not contain a virus or malware.
Social networking and shopping aren't the only things that have gone mobile. Just as other activities have been modified for the mobile space, so have our identification and payment methods. If a customer is not physically present, but is instead ordering an item through a virtual store accessed by their smartphone, how can they present their ID?
There was a time when, if someone wanted to purchase something, they might write a check. By the late 1990s, checks had been largely replaced by credit cards for most transactions. In either case, however, a customer would often be asked to provide a form of ID such as a driver's license to verify that the name on the check or credit card was their own. The next evolution in this vein might well be the usage of smartphones, thus eliminating the need to carry both a credit card and an ID to make purchases.
In 1999, Digital Convergence Corporation released the CueCat. The CueCat was a small device which was, appropriately enough, shaped like a house cat. The purpose of the device was to redirect a user, through scanning a barcode or through an audio tone broadcast during a television program, to a particular website. The idea was that a user could automatically be routed to a website through another medium, such as print or television without the need to enter in a URL or to search for a company through a search engine. While the device was ultimately unsuccessful, it foretold the later developments in the mobile space.
Today, the concept of a barcode containing a variety of personal or company information has evolved into the Personal QR, or Quick Response Code (QR Code). To many, the Personal QR Code will look like little more than a random series of black and white pixels within a small box. However, this box can contain a website address, product specifics, or even personal information. Put another way, a QR box can contain any sort of information. So, you might ask, how does one access this information? You may be surprised; all you need is your smartphone.
To enable your smartphone to read the QR boxes, whether it is an iPhone or a Galaxy S, all you need to do is download a QR reader app. There are a bewildering number of apps which can perform this function; a search on the Apple App Store for QR Reader, for example, will yield 559 results. Once downloaded, a user can use this app wherever they see a QR code box. Recently, big-box stores have been the most aggressive in creating these QR boxes for customer convenience; a March 2012 article by consumer advocate website Adage relates how Macy's, BestBuy, and Post Cereals were just a few of the companies that were expanding the QR box usage in their stores and on their products (http://adage.com/article/digital/qr-codes-gaining-prominence-macy-s-buy-post/149474/). In the case of Bestbuy and Macy's, the companies attached the QR boxes next to the product information displays in their stores. If a customer so chose, they could scan this box using a QR app on their smartphone and obtain pricing and product information.
Recently, some governments and companies have even begun to use the QR codes for official uses. In China, the tickets for bullet trains have been augmented with a QR code to combat ticket fraud and passenger impersonation. Placed on the bottom-right corner of a ticket, the QR code can contain the passenger's name and more worryingly, the passenger's passport or other personal identification number (http://www.techinasia.com/qr-train-tickets/). In 2011, the Royal Dutch Mint even issued an official coin with a QR code which would route a user to a website about the Royal Mint's centennial. The company Hackerspace created the world's largest QR code in 2010 by painting on the top of their company building in Charlotte, North Carolina (http://www.wcnc.com/news/neighborhood-news/Rooftop-QR-code-in-NoDa-verified-as-worlds-largest-146726605.html).
Keep an eye out for updates; see http://www.guinnessworldrecords.com/ for the latest record for the largest QR code.
Creating a QR code is actually a relatively simple process. With the following steps, you can create your own QR code box for personal use:
First, find a QR code generator online. This can be done by simply searching for one, through the search engine of your choice. Kaywa.com, for example, hosts a reliable QR code generator on their website. (http://qrcode.kaywa.com/)
Next, choose what sort of information you wish to enter into your QR code. Different generators will provide you with different categories. Using Kaywa's generator as an example, allows you to categorize your information as a phone number, an SMS text message, a URL, or as a plain text. Enter the information you wish to encode into the QR box, and click on the Submit or Generate button.
The QR code should appear on your screen. Where it appears may vary depending on the automated generator you chose.
Now, you can simply save the image to your hard drive. (Right-click on the image and click on save as.)
The following screenshot shows the basic process:
Congratulations! You have created a QR code. It should look something like this:
Now that the QR box image is saved to your hard drive, all you have to do is choose where to post it. The options are numerous, and should depend upon what sort of information you've chosen to place into your QR code. If the information is about your company or business venture, you might place the QR code on your company's website. If it's a URL for your personal portfolio, you might place the QR code on your resume to allow potential employers a convenient and automated link to your work. The QR box can, as mentioned previously, contain almost any information imaginable. How you use it, of course, is up to you.
Note
You may notice that we are using http://www.example.com as the destination for our QR code. This URL, originally reserved by Internet Engineering Task Force
in 1999, is a common tool for technology experts when they wish to test certain technologies. In this case, we've used example.com to test the QR codes. Did it work for you?
The advent of smartphones, along with their associated App Stores, has allowed for new methods of monitoring and spending money. While mobile banking has been around for a while now, banks including Chase and Washington Mutual have recently released apps that allow their customers to conduct all necessary transactions from the convenience of their smartphones.
The convenience of this new ability is evident; imagine that you just went to the store to purchase some Christmas gifts, but you didn't remember which account you'd organized the necessary funds for in anticipation of your purchase. Normally, you might have to find the nearest bank branch to check on your balance and rearrange funds. With these banking apps, you can simply log into your account and make the necessary changes while you wait in line to purchase your gifts. Recently, Chase has even added a new feature that allows their customers to transfer funds to other Chase bank customers by simply having their smartphone and the smartphone of their recipient in close proximity. In later chapters, we'll discuss how this convenience carries with it a number of associated risks, and why it may, in some cases, not always be the best idea.
On some occasions, smartphones have even made it possible to purchase goods without needing a credit card or cash. Recently, Salt Lake City has implemented a method of paying for parking by using smartphones. To be able to pay for parking with this method, visitors only need to download the Quick Pay app from the Android or Apple App Stores. After setting up an account through the app, customers can then automate the process through their smartphone (http://www.deseretnews.com/article/865562673/No-quarters-No-credit-card-No-problem-Just-use-your-phone.html?pg=all). One early example of using a device for e-commerce is from an example in Asia. In Singapore, one can even buy a Coca-Cola with only your smartphone. This development may be one of the oldest applications of smartphone purchasing possibilities, as it was first introduced back in 2001 (http://articles.cnn.com/2001-06-20/tech/phone.buys.coke.idg_1_singtel-vending-machines-cell-phone-users?_s=PM:TECH). Although these purchasing methods have not yet spread to other cities, these practices should still be seen as a sign of things to come; the ease of using a smartphone for transactions may be too alluring for businesses to long ignore.
Because of the bewildering possibilities afforded by App Stores, smartphones are increasingly being utilized as a method of simplifying our most common financial transactions. Today, we can use our smartphones to check our account balance, transfer funds from one account to another, pay for parking, purchase products through various online outlets, and even take payment for goods on those occasions when we are the ones selling goods. Although there are still some limits to what our smartphones can do, we should expect that these limits will only continue to recede as the capabilities of these devices are further realized.
Our increasingly mobile world has necessitated new methods of saving and accessing data. Smartphones can be very convenient, as they are mobile and can perform a wide variety of tasks. Unfortunately, smartphones are like computers, vulnerable to data loss through corruption or user error. Additionally, should you forget your smartphone at home, you will be unable to access whatever data it contains until you retrieve it. Cloud technology is an effort to subvert and address these problems.
While the origin of cloud computing is the subject of some debate, the technology was propagated most successfully by Amazon. In 2006, Amazon released Amazon Web Service, which is a cloud computing application designed for data retrieval. In the years since, cloud computing has become one of the major sources of innovation in popular computing, being released on consumer platforms, such as iPhone and even game consoles, such as the PlayStation 3.
The essential concept of cloud computing is not, in itself, necessarily a revolutionary idea; data is saved at an external location so that it can be retrieved from numerous devices. What is novel about the concept is that, in addition to data, basic computing and software can also be outsourced and accessed remotely. This means that a user might be able to use a bargain-basement laptop to conduct operations that would require far more powerful and expensive hardware. By outsourcing computing power to an external and more powerful server, such a user would be able to perform power-hungry tasks by connecting to this server over the Internet. This is only one possibility that cloud computing presents; new applications for this model are being developed even as of this writing.
Right now, cloud computing provides some of the following benefits. With cloud computing, if your computer were to crash or if your home burned down, you wouldn't have to worry about losing your data. That, at least, would be recoverable for a reasonable charge. You would only need to access the server from another device, such as a smartphone or laptop, and re-download your data. With the cloud, data is no longer divided by the hard drives of our various devices. Instead, our data can be considered more holistically, and shared among devices as needed to perform various tasks. Put another way, with the cloud, we no longer need to consider one laptop for work and another for home.
For an illustration of how this works in practice, see the following screenshot:
Although the benefits of cloud computing are numerous, there are also some risks of which we should be aware. Clouds are hosted by an external provider. It is the provider's server, after all, that we use to store our data. Thus, just as we can access our data, so can the provider; how safe the data is depends upon the provider you have chosen. There are safe providers out there, but how do you decide which one to use? It is important that each user conducts some requisite research regarding the security protocols of each provider. Apple's security protocol, for example, which may be found in its service agreement, pays particular attention to those sections which concern the iCloud and user privacy.
Regardless of the service provider, it is important to remember that uploading data to a cloud carries some inherent risks. By deciding to place your data on a cloud, you are sacrificing your ability to control that data. Consider the case of Mat Honan; hackers were able to use some of Honan's personal information to convince both Apple's and Amazon's tech support departments to provide them with Honan's cloud login information. Once they had Honan's login for these services, the hackers were able to access all of the data Honan had chosen to upload to both clouds. Unfortunately for Honan, he had chosen to upload certain sensitive documents that allowed the hackers to extrapolate his login information for his Facebook and Twitter accounts. The result was that Honan's online persona was hijacked because hackers were able to access his cloud data (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/). To mitigate the risk of something similar happening to you, it is important to carefully choose which sorts of data you wish to upload to the cloud. Documents or data which contain sensitive personal information should not be considered for upload; should you wish to back up these sorts of documents, you should instead use an external hard drive or thumb drive.
Our world is increasingly going mobile. Where we once had to use our computer to surf the Internet or had to go to the store to shop, we can now use our smartphone for both. What's more; we can often do these tasks simultaneously. This multi-tasking capability presents the possibility for new takes on old activities. Today, we might go to the store instead of shopping from our computer, but by bringing our smartphone, we're able to compare prices online while we visit the store, so we can touch and see the item we wish to purchase. In other words, we no longer have to choose between visiting the store and shopping online. Smartphones have allowed us to do both simultaneously.
Despite the advantages that this new mobile world offers, it is important to remember that there are also some distinct disadvantages. Facebook, Twitter, Target, Amazon, some government organizations, and even our phone carriers are able to track our activities on our smartphones. This may seem rather innocuous at first glance, but there is more to worry about than simply targeted sales. These tracking methods can be used to spread your personal information to numerous other entities for both legal and illegal purposes. After all, once the information is compiled, it becomes just like any other container of sensitive information; it can be stolen or utilized for purposes that we did not originally intend. Consider your wallet as an example, you keep your driver's license and credit cards in this container so that you can easily access them to purchase items or to prove your identity. However, just like with online data tracking, this wallet can be stolen and used to impersonate you or even be used to steal your resources. In Chapter 2, Users and Mobile Device Management, you will learn about the impacts you can experience based on how you company can control your device.
In this chapter, we discussed the ways in which mobile and smartphone technology has changed the way we live. Topics we discussed include:
Social networking sites
How sites we visit track us
The iPhone as the most ubiquitous smartphone
iOS and Android mobile operating systems
How commerce is increasingly going mobile, from banking to shopping
QR codes as a convenient method of creating an identity verifier in the mobile space
Cloud computing and its applications
Also the specifics of the risks inherent in the new mobile world will be discussed and expanded upon in the later chapters. We are here to help you navigate this social world and to help keep you safe.
