For many Americans, fall is a magical time of the year. Leaves change color, the weather is more settled, baseball is moving towards the post-season and pumpkin becomes the go-to flavor in both coffee and beer. Fall is also when the leading smartphone manufacturers release the latest must-have devices to consumers.
Our love of the ubiquitous computer in the pocket is a success story that seems to have no end. Irrespective of whether you prefer Apple's iOS or Google's Android operating system, the major smartphone vendors always have bright and shiny new toys for people to play with. Both Samsung and Apple have already released their latest devices in time for the holiday season, while Google will be launching its Pixel 2 device in the not-so-distant future.
It should be noted that smartphone shipments have—by and large—leveled off in the last few financial quarters. According to IDC's latest Worldwide Quarterly Mobile Phone Tracker, global shipments (which do not equate to sales) reached 341.6 million units in the second quarter of 2017—a year-on-year decline of 1.3 percent. That incremental drop does not reflect an ongoing public interest in the latest models, with many people using their smartphone as both a personal and business tool.
Smartphones Must Protect Data
With that in mind, the thorny issue of what new devices constitute an information security risk raises its head. A recent report by mobile threat defense software provider Zimperium, cited by Digital Trends, found that both major mobile operating systems—Android and iOS—had exploitable vulnerabilities that could affect business users and, ultimately customers.
Android devices were more vulnerable than iPhones, thanks to the well-documented fragmentation of the Android ecosystem. That doesn't mean that Apple devices protect data more, rather that the "computers" most at risk from data leakage and cyber threats are mobile phones and tablets. One reason for this, the authors of the Zimperium report said, was that a significant portion of companies still operate a bring-your-own-device program. The risk is further intensified when you consider the fact that new devices are constantly being bought by employees and taken to work without clearance from an IT department.
Both Apple's iOS and Google's Android have exploitable vulnerabilities
On some levels, a well-documented desire for more efficient flash storage by smartphone manufacturers has increased the need for data protection in a workplace. Small computing devices such as smartphones rely on compact memory capabilities that can also withstand the constant movement that comes with being in a pocket or bag for an extended period of time.
This becomes extremely important when you take into account the high turnover rate of smartphone ownership. Flash storage drives have significantly higher performance and low latency rates, which makes them attractive to mobile device manufacturers. In effect, the compact size of a flash memory drive makes it the perfect storage unit for small consumer devices, including the smartphone and portable USB thumb-drives.
An additional advantage of flash storage is that it removes whole blocks of data at a time rather than a bit-by-bit basis as, say, electrically-erasable programmable read-only memory does. Anybody who has been prompted to clear space on a smartphone because they have taken too many photos will know that the process is beyond easy … highlight what you want to delete, click and that data or image "vanishes." In actuality, the data has not been deleted (as such) and can be recovered at a later date if the smartphone is not disposed of correctly.
Device Owners Should Securely Delete Files
The flip side of that particular data deletion coin is that device owners can become blasé about data protection and security, especially when the latest models trumpet just how secure they are.
Let's take Apple's new iPhone 8 and its iPhone X, for example. Both of these devices are expected to sell in their millions and, naturally, come with a host of baked-in data security features that should (in theory) alleviate the concerns of owners. For example, the iPhone X—which stands for either 10 or expensive, depending on your viewpoint—uses facial recognition to unlock the device and should be geeky enough for Apple fans to rush out and buy one.
The problem is that the act of buying a new iPhone just means that an existing device is, to all intents and purposes, discarded. Once the smartphone is powered up and in the pocket, whatever version of the iPhone that person used is either put in a drawer or given away to be recycled. On a singular level, that is not an issue but if numerous devices—that could have sensitive company data stored—are re-released into the wild, then there is a chance that malicious actors could access that data in the future.
Apple's decision to continually update its operating system opens another can of worms. As iPhone and iPad owners prepare to upgrade their devices to iOS 11—the current version of the mobile operating system—there may be some device owners that find their model is basically obsolete. According to Fortune, the five-year-old iPhone 5 will not be able to install iOS 11, as will any older iPhones or tablets that were built with a 32-bit processor instead of the 64-bit operating system installed in the newer models.
An estimated 24,000 different devices run on the Android OS
Android device owners, on the other hand, have a different set of problems to worry about. People who own an iPhone can install the latest mobile operating system from day one, but Google has made it slightly harder to upgrade to the latest version of Android.
There are an estimated 24,000 different devices that run a version of the Android operating system, a huge and unwieldy ecosystem that makes changing devices somewhat easier. Which basically means that there is more opportunity to just discard devices that, again, might have sensitive information on them.
Around 32.2 percent of mobile devices running Android currently have version 6.0 Marshmallow installed, according to the Android Developers Blog. By comparison, Android version 7.0/7.1 Nougat—released in August 2016—only has a distribution rate of 15.8 percent, while version 8.0 Oreo hasn't even hit 0.1 percent of devices two months after launch. When you take into account that Google released Lollipop three years ago and it is still installed on 28.8 percent of devices, then it becomes clear that device management and data destruction should be a priority within the workplace.
Shredding Prevents Smartphone Resurrection
The question is, what is the best way to ensure discarded mobile devices are not an open invitation for somebody to steal data?
A recent report by the U.S. Environmental Protection Agency, cited by The Dalton Daily Citizen, said that Americans get rid of millions of cell phones every year, many of which end up as just electronic waste in landfills across the country.
If that is indeed the case, then a device owner –whether that be a company or an individual—has to be make certain that any sensitive data is wiped from a smartphone when it becomes technically obsolete. That is easier said than done, especially when you take into account company-issued smartphones and the aforementioned popularity of BYOD programs.
In addition, people who no longer want their smartphone may be tempted to cash in the device, thanks to an ever-increasing number of third parties who are willing to "recycle" the smartphone for the greater good. Smartphone recycling has become extremely popular, even more so if you can get some return on your original mobile investment. Again, the onus is on the device owner to not only clear the smartphone of data but also make sure that the electronic recycling program chosen is reputable.
The simple truth is that the best way to make certain that a smartphone is not going to come back and haunt you is to put it through a solid state drive shredder. Unlike hard drives, which need to undergo a technique known as degaussing to erase data, a device with flash storage can be shredded to ensure data security. A Proton Data Security shredder also complies with a plethora of established security rules and guidelines for sanitizing electronic media devices.
Total physical destruction may seem to be overkill, especially when then is a demonstrated need for decommissioned devices in developing nations, but it does make certain that the bits of a flash storage drive that contain (potentially) sensitive company-centric data won't be resurrected. With that in mind, a media shredder is the perfect tool to provide companies with the peace of mind that data remains secure … until the next generation of smartphones make the previous ones obsolete, naturally.
