Information wants to be free.
Most of us, have in our possession the latest iDevice or android device, however, a very few of us are aware of how cavalier we are with our information. In the defense of those mobile device manufacturer, it is not the physical devices themselves but rather, the applications that are installed and how they interact with the native operating system. The scary truth is that the information gets scattered by the East wind.
These are a few examples of ways the end user could lose sensitive data.
Data on mobile device: Oftentimes, a developer will store sensitive data onto the mobile file system with no form of protection at all. This data could include usernames, passwords, address, and financial information.
Database: Not securing data at rest is a practice I’ve seen far too many times to be able to turn a blind eye. Typically a SQL database will lay at rest unencrypted neatly organizing critical information for the eyes of any and all who are capable of viewing.
Photos: We regularly find that cameras and/or screenshots are capable of capturing sensitive data. The issue with screenshots and pictures is that these images are not usually stored securely. Often, any appliation or person can view these images.
Know how to protect yourself.
The important thing in knowing how to protect yourself is to maintain and enforce industry best practices.
It is crucial to realize that when data is entered into a mobile device, that data will get spread around in multiple places on your phone, moved across many independent networks, and stored in many databases.
Best practices include but are not limited to: Encrypting the device, requiring authentication to the device, utilizing remote wipe capabilities, controlling third-party applications, and finally, consider sandbox applications.