Why Smartphone Security Has to Come Front and Centre
For the last few days I've been using the new beta update to Microsoft's smartphone operating system, Windows Phone, on my HTC handset. I've written a full hands-on review of this 'Mango' update at our sister website Windows7News. It's a great update and finally brings full cloud services to smartphones with the integration of SkyDrive and Office 365 into the Office Hub.
Here you can update and edit Word, Excel and PowerPoint documents you have stored in the cloud and it's the one feature I've been looking forward to the most. I have for many years had spreadsheets that I want to use on the move and used this facility as far back at the late 90's with handheld computers like the Psion Series 3. Needless to say then I found that the omission of this feature from Windows Phone at launch, and the inability to be able to transfer and sync documents with PCs made the Office hub almost completely unusable for me, and a waste of time.
Now though I have full access to these spreadsheets. I've stored them on SkyDrive ever since I first installed Office 2010 on my PCs. The main reason for doing this was security, with the files not actually residing on my computers and hidden behind a password and encryption there, the theft of anything from my home wouldn't reveal personal and critical financial data to others. How could anyone resist the opportunity to make their financial data so secure!? There was also the added benefit of having access to these spreadsheets on any device and from anywhere in the world. This is something I have also found extremely useful when on trips and holidays.
What I really wanted though was to be able to carry these files around with me too, on my smartphone. After all, this is what a smartphone is for isn't it?
You would imagine then that now I have achieved spreadsheet nirvana I would be ecstatic and as happy as happy can be. You might be surprised then to hear that I'm feeling quite the contrary. In fact I'm now deeply concerned about the security of these files, and it all comes down the lack of adequate security features in the smartphone OS itself.
Now I won't speak about iOS or Android here, though all smartphone and tablet operating systems have got some faults in this area. I'll concentrate here on Windows Phone. With this operating system you have a simple choice between ease of use and secure and safe, but sadly it's very difficult to have both together.
What upsets me so much is that true spreadsheet nirvana for me would be an incredibly simple thing to achieve, if only Microsoft would put in one or two tiny little features to the main lock screen on the OS and one more feature to their Office Live platform.
At the moment the way things stand is like this. You have a choice of either a lock screen that you swipe up to unlock the phone, or a lock screen that swipes up to reveal a numeric keypad onto which you have to type a code. The latter of these two options is fully secure but the former will just allow anybody access to all your files and data.
You would imagine then that I would have my phone behind a password, to be safe and secure. I don't do this though as I use my smartphone an lot, an awful lot in fact and for a great many different things. The process of having to swipe the lock screen up and then type in a password is annoying, cumbersome and frankly too much to ask people to do.
This makes me think of Android phones I have used where unlocking the phone involves swiping your finger across the screen to make a pattern that you yourself can set. This is what I would call secure and with this I would be very happy. A very similar feature to this is being added to Windows 8, or so it appears, but so far (and we should remember that Mango is still in beta, though Microsoft have a history of only releasing 'near final' betas these days) there's no similar feature in Mango at all.
What Mango does bring to the table is the option to only ask for the password after X minutes of inactivity. The options only go up to 30 minutes however, which may seem fair enough. It is at least a huge improvement over what we had before. It's not configurable enough for many people though and will need to be looked at.
Then there's the problem that the phone will automatically show, on it's Office hub main page, links to every file and document I store in Microsoft's cloud services. There's no option to hide any or just show some. It's all or nothing with this OS!
The other problem resides with Microsoft's Office Live service. This service is still failing to support passwords on documents. This would make the problem go away for me (though it still wouldn't sort out everything else on my phone being easily accessible to a thief). This means that anyone clicking a link to a file on my phone will find that the file just opens for them, straight away and without worry.
It amazes me then that security on Smartphones is still not being given the importance by many companies that it truly deserves. We're all doing more and more with our smartphones these days and many people are literally carrying their entire lives around in their pockets, unsecured and open to theft and abuse by anyone that finds or steals the handset.
This situation has simply got to change, and change quickly. If Microsoft, Apple and Google are ever going to convince the world, especially business, that their smartphone platforms are 'the way forward' then they need to bring security front and centre. Unless and until this happens we're all in trouble.
As if Android users care about your problem/s with microsoft crapware.
Get a real smartphone.
I wouldn’t use Office 365 on Mobile or PC
Microsoft admits Patriot Act can access EU-based cloud data
At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the
first admission that cloud data — regardless of where it is in the world — is not
protected against the USA PATRIOT Act.
It was honestly music to my ears. After a year of researching the Patriot Act’s
breadth and ability to access data held within protected EU boundaries, Microsoft
finally and openly admitted it.
The question put forward:
“Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not
leave the European Economic Area under any circumstances — even under a request by
the Patriot Act?â€
Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply
with local laws (the United States, as well as any other location where one of its
subsidiary companies is based).
Though he said that “customers would be informed wherever possibleâ€, he could not
provide a guarantee that they would be informed — if a gagging order, injunction or
U.S. National Security Letter permits it.
He said: “Microsoft cannot provide those guarantees. Neither can any other company“.
While it has been suspected for some time, this is the first time Microsoft, or any
other company, has given this answer.
Any data which is housed, stored or processed by a company, which is a U.S. based
company or is wholly owned by a U.S. parent company, is vulnerable to interception
and inspection by U.S. authorities
http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
p.s It applies to data on SkyDrive too.