If you've ever wondered what would happen if you lost your phone in public, a study conducted by an Ottawa-based security researcher suggests there's one thing you can almost surely count on: a complete violation of your privacy.
Sorry, but it's extremely unlikely that someone will pick up your phone and return it without first combing through your apps, photos, email and anything else that may be accessible without a password.
And the odds of getting your phone back are basically a coin toss, according to the report by Scott Wright of Security Perspectives Inc., and the security software company Symantec.
Mr. Wright “accidentally” dropped 10 cellphones throughout his hometown and four major U.S. cities as part of his experiment. Each phone was left unlocked and the “owner's” contact information was easily accessible.
He fully expected he'd never see many of them again, and was counting on nosy people poking through the phones.
But he didn't expect the results would be so dramatic.
Of the 50 phones he left in Los Angeles, New York, Ottawa, San Francisco and Washington D.C. — in phone booths, elevators, outside restaurants, in transit stations, on newspaper boxes and in public washrooms — only 25 were picked up by someone who made an attempt to return the device.
But even those Good Samaritans couldn't help themselves.
Mr. Wright was watching remotely as 96 per cent of the “lost” smartphones were accessed and as the finders poked through apps labelled with names like online banking, webmail, corporate e-mail, remote admin and “private pix.” The apps would launch but gave an error message — which just encouraged people to repeatedly try and try again.
“I was a little surprised to see the numbers as high as they were,” says Mr. Wright, who conducted a similar experiment a few years back with USB sticks and found about 65 per cent of finders tried to access files on it.
If there was any good news in the experiment results for Canadians, it was that more phones were returned in Ottawa than anywhere else. Seven of the 10 phones dropped in the nation's capital were picked up by people who called to say they found them, compared to just three in New York.
In Ottawa, phones that finders made an attempt to return were left: on a window ledge outside a restaurant; in the elevator of an office building; in a transit station; in a condo parking lot elevator; outside a government building; in a university washroom; and in a food court.
But Mr. Wright was still disturbed by how much those phones were used before and after contact was made. In the case of the phone found at the transit station, the finder appeared to kill time during a long commute by repeatedly going through the phone's every nook and cranny.
The phone was dropped at about 4:05 p.m. on a Thursday afternoon in February and it took just over five minutes for someone to start probing it. Within minutes, the person was trying to access pictures, the social networking app, e-mail and other programs. Another 20 minutes later, the finder finally placed a call and left a message saying they'd found the phone. But they kept playing with it. Over the next several days, the phone's banking, corporate and photo apps were repeatedly clicked again and again.
Overall, 89 per cent of the 50 phones had personal apps accessed and 83 per cent had corporate apps and information clicked on. The photo app was tried most frequently, 72 per cent of the time, followed by social networking and personal e-mail apps (60 per cent), a saved passwords app (57 per cent), the remote admin app (49 per cent), the corporate e-mail app (45 per cent) and the online banking app (43 per cent).
Symantec's director of security technology and response Kevin Haley says he was surprised and disappointed by the numbers.
“Curiosity is a really powerful force and people will troll for your information if they discover your phone.”