China steps up mobile phone security

Experts see roles for government, industry and individuals in staving off e-risks

For software hackers, personal computers are passe. Mobile phones are the new destination of viruses, worms and other malware. Cybersecurity experts are not amused.

In fact, the China Internet Network Information Center warned that the country needs to be constantly vigilant, given that the number of netizens rose 1.1 percent from 2016 to 751 million at June-end. Of them, 724 million, or 96.3 percent, are mobile phone users.

At a mobile safety summit forum in Beijing this year, Zhang Jian, deputy secretary-general of the Cybersecurity Association of China, said the massive user base and the booming mobile internet would mean smartphones will pose major cybersecurity issues.

Most users' smartphones double up as electronic wallets, thus becoming a leading target for hackers, who will seek payment transfer details, personal data and passwords, Zhang said.

China has already become a world leader in mobile payments. Transaction volumes of third-party mobile payments rose nearly fivefold last year to 58.8 trillion yuan ($8.9 trillion), according to consultancy iResearch.

Shi Xiansheng, deputy secretary-general of the Internet Society of China, said payment traps top cybersecurity threats－they affected 88.3 percent of mobile internet users last year.

Next were privacy violations (almost 76 percent). The third category included nuisance calls, unsolicited promotional or marketing calls and spam messages (almost 63 percent).

Some users of net-banking facility could lose money directly from their bank accounts if their mobile phones are compromised. Mining of information from smartphones and misuse of it is another threat.

A joint report released in July by Chinese internet giant Tencent Holdings Ltd and the Data Center of China Internet showed that nearly 97 percent of Android apps had access to users' privacy. Around one-fourth of Android apps even violate users' privacy.

And almost 70 percent third-party iOS apps have access to private information and personal features on iPhones.

Shi said download-happy people need to be wary of apps, particularly image-editing apps, as some of them may invade their e-privacy.

"Of course, people should also be wary of many other types of apps that seek more permissions than required, and go on to collect more information than what they really need," Shi said.

Cyberattacks usually target open operating platforms such as Android as smartphone manufacturers allow downloads and installation of third-party programs and apps.

A report published in May by the Internet Society of China and the National Computer Network Emergency Response Technical Team/Coordination Center of China noted that more than 2 million malicious mobile internet programs were detected last year. And 99.9 percent of them targeted Android devices.

Zhang from the Cybersecurity Association of China said, "Normal apps would be infected with viruses. And some apps themselves are developed as malware."

Gong Wei, chief security officer of Shanghai Lantern Network Technology, said compared with insecure Wi-Fi hotspots, bigger threats came from insecure knockoff apps.

"While hackers can easily obtain personal data over public Wi-Fi hotspots, they can rarely access payment or money transfer details in the encrypted format over public Wi-Fi," Gong said.

"However, hackers can easily access all those data, including personal information and payment data, via insecure apps."

On June 27, China announced an emergency response plan for cybersecurity incidents to prevent and reduce the damage inflicted by them, protect public interest and safeguard national security.

The new plan divides cybersecurity incidents into six categories. Of them, three are key: pernicious procedural incidents, cyberattacks and information security incidents.

The plan also defines four levels of security warning and response systems, according to different threat conditions from "general" to "extremely serious".

Zhang said as mobile operating system vulnerabilities do exist and the critical ones would result in serious cyberattacks via remote access to the device, both the government, enterprises and individual users should prepare better for potential security risks.

There is a need for a better mechanism to manage e-virus infections as well, he said.

Agreed Zhou Yiqing, chairwoman of handset maker Sunshine Group. Smartphone makers need to have a long-term plan to improve their devices to better defend users from potential risks, she said.

Shi said, "When surfing the internet via smartphones, users should be careful to not leave too much personal information on online platforms.

"Users should also not download apps from insecure channels and should look through the user agreement to decide whether or not to give the permissions sought. Otherwise, hackers will be able to access personal data easily."