I was having a discussion with someone about why I would never ever do anything financial on a mobile device. My reply got a bit long – long enough to be a blog post.
My concerns about mobile security – or the lack thereof – are based on a few things:
1) Android (and to a lesser extent, iOS) is so easily infected by bad apps, text messages, emails, Facebook, and inherent OS flaws that lie unpatched for years (such as faulty bluetooth drivers) etc. Cell phone updates depend on when the carrier can get around to it. Which could be months later or never.
2) Most people rarely check their device security, or they rely on a free security program that got magically and surreptitiously installed.
3) Most people have no idea if there is a sniffer program on their device that is stealing passwords or other data.
4) A device can be clean one moment, infected by an automagical update from Google Play the next, then automatically logged into a bank the next and the password is stolen.
5) Small, portable devices are easily lost or stolen and then used by a thief.
6) The wireless cell tower system was designed for the speed of transmitting voice conversations and text messages, not securely scanning every data packet for malware or verifying that every data packet is delivered as intended.
7) Wireless data transmissions are easily captured, then stored for intense offline analysis.
8) There are probably more reasons that are unknown to me – or anyone, for that matter.
Using a mobile device for financial transactions is a lot like playing Russian roulette – except in this case, most of the chambers are loaded.
Naivete is not good protection.