Well, so much for relying on the kindness of strangers. Symantec studied the reactions of average people who found a lost phone in public. The results are rather less than what you'd call "upstanding."
Symantec's Smartphone Honey Stick Project dropped 50 smart phones in various public areas -- shopping centres, bus stations, elevators -- throughout New York, Washington DC, Los Angeles, San Francisco and Ottawa. The phones had tracking software installed to notify the company if personal information on the phone was accessed after it was found. This information included the owner's social networking account, email, password manager, corporate email, SD card, personal pictures, and contact list. The phone also tracked its location via GPS, presumably to see if the finder would just pocket the phone and run.
Side note: Isn't that what you do when you find a phone? Check the recent call log and contact list to try and call someone that knows the owner?
Here's what Symantec found,
- 96 per cent of lost smartphones were accessed by the finders of the devices.
- 89 per cent of devices were accessed for personal related apps and information.
- 83 per cent of devices were accessed for corporate related apps and information.
- 70 per cent of devices were accessed for both business and personal related apps and information.
- 50 per cent of smartphone finders contacted the owner and provided contact information.
Even though nearly everybody who found a phone snooped around in it only half bothered to contact the owner. And the numbers are even worse for lost and found corporate phones.
- A total of 83 per cent of the devices showed attempts to access corporate-related apps or data.
- Attempts to access a corporate email client occurred on 45 per cent of the devices, which could potentially represent an attempt to contact the owner of the device, but still expose sensitive information.
- A file titled "HR Salaries" was accessed on 53 per cent of the phones and another titled "HR Cases" was accessed on 40 per cent of the devices.
- Attempted access to a "Remote Admin" app was recorded on 49 per cent of the devices.