Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx

Gemalto Building Trust in Mobile Apps: The Consumer
Perspective 1© Gemalto, October 2016
GEMALTO: BUILDING TRUST IN MOBILE APPS
THE CONSUMER PERSPECTIVE
Contributors
Rémi de Fouchier, Vice President, Marketing Communications,
Gemalto
Didier Benkoël-Adechy, Marketing Communication Manager,
Gemalto
Guillaume Pierquin, Product Marketing Manager, Mobile
Banking, Gemalto
Pascal Di-Girolamo, Product Marketing Manager, Digital
Payment, Gemalto
About Gemalto:
Gemalto is a global leader in digital security, bringing trust to
an
increasingly connected world. We deliver easy to use
technologies
and services to businesses and governments, authenticating
identities and protecting data so they stay safe and enable

services
in personal devices, connected objects, the cloud and in
between.
Our solutions are at the heart of modern life, from payment to
enterprise security and the internet of things. We authenticate
people, transactions and objects, encrypt data and create value
for
software – enabling our clients to deliver secure digital services
for
billions of individuals and things.
Foreword 3
Executive Summary 4
PART 1: MOBILE SECURITY SURVEY 5
Fig 1: Most popular apps 5
Fig 2: App attributes 6
Fig 3: Smartphone vulnerabilities 7
Fig 4: App protection 8
Fig 5: Facebook and banking 9
Fig 6: Security perception 9
Fig 7: What makes an app secure 10

Fig 8: Two approaches to app security 11
Fig 9: If security was guaranteed... 12
Fig 10: Would you perform more transactions... 12
PART 2: RECOMMENDATIONS TO BUILD TRUST ... 13
Designing self-protecting apps 14
Strong authentication 14
Layered security 16
Risk Management 16
CONTENTS
FOREWORD
Today we are witnessing a convergence of industries in
the mobile world as well as the undeniable influence
of mobile on every aspect of our lives. The rise of
handsets, smartphones, tablets, and now wearables
has driven new means of communicating. It has also
influenced how we buy products, bank, interact with
brands, and even created an entire industry in the
app economy. Whenever we appreciate an advert

on television, our natural instinct is to reach for our
smartphone or tablet in response. If we want to get
in touch with a friend, it is our mobiles we turn to.
Governments, too, are capitalizing on the mobile
revolution, illustrated by the emergence of mobile ID
initiatives, such as mobile driving licenses in the USA.
Our mobile devices have quickly become the primary
way we engage with the world.
There is however a threat in this new mobile-centric
world, and it comes in the constantly evolving shape of
cyber-attackers. Hackers know a successful data breach
could net them financial details, social network logins,
mobile network account details and perhaps enough to
commit identity fraud. This threat is especially pertinent
now as app development is rising quickly; 90% of
companies will increase mobile app investment by the
end of this year1. And it’s not just large businesses - in
the US, 47 percent of small businesses will either have
or be planning their own app by the end of 20172. More
apps mean more opportunities for cyber-attackers.
There’s also been an increase in app usage, further
increasing the number of opportunities for attack.
Consumers are spending more time with their devices
than ever before. End users will spend over three hours
a day on their smartphones this year3, and 87 percent of
this time will be spent using apps.
Attackers are increasingly aware of this; they are well-
organized and skilled at spreading malware, exploiting
non-official app stores, infecting emails, distributing
fraudulent SMS messages and infiltrating browsers to
achieve their aims. App providers need to adopt a vigilant
attitude towards these threats and help consumers
feel safe with genuine solutions that protect against

vulnerabilities.
In line with this, enterprises need to take strong action to
protect their brands on mobile as malware deployed by
‘lookalike’ apps is a growing problem. If apps and services
are copied, trust can be quickly eroded if consumers are
scammed into using non-official versions.
It is a problem we need to address by finding a security
solution that works for everyone in a convenient way, and
that does not intrude on the user-experience. In order
to do that, it is crucial we understand what consumers
need and expect from their mobile devices and their
perceptions of mobile security.
With this in mind, we commissioned a study of over 1,300
adult smartphone users across six markets: Brazil, UK,
South Africa, Singapore, the Netherlands and the U.S.,
asking people about their mobile behavior and security
expectations. We wanted to discover how consumer
expectations would have an impact on those providing
applications and infrastructure for mobile applications
and services; be they banks, government, MNOs and
any other large enterprises which develop apps for end
users.
In this report, we use these insights to offer a series
of recommendations to help build greater trust in the
mobile ecosystem and deliver a secure and convenient
experience for users.
1: 90% Of Companies Will Increase Mobile App Investment In
2016,
ARC
2: Mobile Apps and Small Business in 2016: A Survey, Clutch

3: Growth to slow to single-digit pace starting in 2016,
eMarketer
End users will spend over
three hours a day on their
smartphones this year3.
EXECUTIVE
SUMMARY
The results of the survey, conducted in different countries
and continents, revealed several key insights into the
expectations of end users with regard to app usage and
mobile security. Overall, the insights revealed similar
trends in attitude that transcend regional/cultural
differences. In the summary below, we’ve listed some of
the most significant findings.
• When it comes to the attributes of paid apps, end
users value reliability and security most (80%).
Convenience and speed also ranks highly (second
with 48% of respondents valuing it among the top
two most important attributes)
• End users are split in their expectations of where the
burden of responsibility should lie for app security
– most of them believe that app providers are best
placed to protect smartphone apps
• 60% expect security on their smartphones to be easy
and frictionless, with the use of PIN, fingerprint,

password, or pattern authentication once and then
have total access to all apps on their phone
• 70% would want to use digital identity documents
on their smartphone, such as passport or national
ID card, if they knew all apps on their phones were
100% protected
• 66% of end users say they would perform more
transactions if they knew mobile security was on
board with their devices
With these findings taken into consideration, we’ve
made a range of recommendations for the mobile app
ecosystem to increase security and build trust with end
users. These include:
• The use of (Software Development Kits) SDKs, so
that apps can become self-reliant and deal with the
dynamic nature of malwares. The use of SDKs gives
apps the much-needed ability to defend themselves
while in the field, detect unsecure environment and
react accordingly. SDKs also better protect users as
they enable strong authentication
• User experience needs to become as centric to the
design process of mobile apps as possible. This
includes embracing the “psychology of security”
together with biometry, which plays a key role in a
user’s experience and ensures strong authentication
• In conjunction with SDKs, flexible risk management
systems should be adopted, which can respond to
new situations and implement adaptable security
policies while the apps are used in the field

• The mobile app ecosystem needs to adopt a layered
approach to protection to ensure security levels can
adapt in line with what is at stake. For instance, this
approach can be used to counteract the growing
levels of sophistication from hackers
Research methodology:
An independent consumer survey of 1,300 adult
smartphone users in Brazil, the Netherlands,
South Africa, Singapore, the UK and the U.S. was
carried out by Smart Survey on behalf of Gemalto
in July 2016.
PART 1: MOBILE
SECURITY
SURVEY
Games and banking are the next most popular categories,
followed by shopping and payments apps in fourth and
fifth.
Fig 1: Most popular apps
The survey was designed to gain insight into the minds of
consumers; how they approach security, and what they
expect from the apps they use. The results indicate the
direction companies may consider when they come to
building apps of their own.
Unsurprisingly, social apps such as Facebook and
WhatsApp top the list in all countries in terms of

popularity. Looking closely at the results, it’s been
intriguing to see how the UK, one of the most saturated
smartphone markets, has the lowest percentage of social
app users (83 percent), while Brazil has the highest (97
percent). It is clear Brazilian consumers attach great
importance to using their smartphone – coming first in
app usage for all categories.
Unsurprisingly, social apps such
as Facebook and WhatsApp top
the list in all countries in terms
of popularity.
What type of apps do you use?
27.8 %
33.5 %
36.6 % 36.9 %
41.0 %
43.9 %
69.1 %
73.5 %
91.2 %
0.0%
10.0%
20.0%
30.0%

40.0%
50.0%
60.0%
70.0%
80.0%
90.0%
100.0%
Companion
apps to other
devices (e.g.
smart watch)
Loyalty
apps
(retail,
hotel,
airline)
Professional
apps such as
LinkedIn
Fitness
and health
Mobile

payments
E-commerce
apps (e.g.
Amazon)
Online
banking
Games Social apps
such as
Facebook &
WhatsApp
This snapshot into how the modern global consumer
uses their smartphone highlights the important role
security needs to play. Banking and payment apps are
used more than ever before now by smartphones; these
apps are prime targets for hackers. Consequently, to
protect their consumers, industries developing apps
must take this into consideration and integrate security
into them.
It is encouraging that the vast majority of end users
(80 percent) value reliability and security above other
attributes. Clearly the message is getting through in
some ways; consumers understand they cannot afford a
mobile experience without security.
Convenience and speed are also very important, valued

by just under half (48 percent) of respondents. This shows
Fig 2: App attributes
that while security is vital, people expect a frictionless
experience. Industries and those in government
designing apps for their own users should take note of
this and ensure their software is lean, runs quickly, but
is also fundamentally secure.
Customer care narrowly pips rewards as the third most
important attribute. And this is only because of regional
differences. 42 percent of Brazilians see great customer
care as a critical attribute (in addition to reliability and
security), by far the highest of any country, and yet only
eight percent of all respondents value rewards. If Brazil
is omitted then rewards rises to third in importance,
suggesting that for the majority of mobile users, this is
more valued than access to app support.
Banking and payment apps are
used more than ever before now
by smartphones; these apps are
prime targets for hackers.
It is encouraging that the
vast majority of end users (80
percent) value reliability and
security above other attributes.
What are the most important attributes of a paid app?
0.0%
10.0%

20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
90.0%
Reliability &
security
Convenience
and speed
Great
customer
care
Rewards
79 .8 %
47 .6 %
26 .0 % 24 .2 %

14 .2 %
8. 2%
Interactivity with
your app provider
(notifications...)
Additional value
added services*
*Additional value added services (services updates, personal
data updates etc.)
Fig 3: Smartphone vulnerabilities
The top four smartphone concerns paint an intriguing
picture – we can see fear of losing data, fraud, phishing
and viruses are in the minds of many. At a first glance, it
seems consumers are taking threats seriously. When we
look more closely, we see that there is still an education
gap.
Only 4.3 percent of consumers are most concerned about
the possibility of malware getting onto their mobile if they
connect to an open Wi-Fi network. And though there are
numerous attacks that can occur on unsecure networks,
the public still do not appear to be overly concerned.
Fear of ransomware attacks locking access to a phone
was even lower at only 1.2 percent of respondents.
Thanks to awareness-raising campaigns, the public are

well-aware of phishing and fraud attacks. It is the more
sophisticated attacks that now need to be addressed.
Mobile industry bodies need to show end-users how
attacks like the man-in-the-middle attack work and the
steps consumers should take to protect themselves. The
first step is recognizing them as a legitimate threat.
What do you fear the most
regarding your smart phone
or apps?
31.5%
16.5%
10.4%
10.4%
6.5%
6.2%
5.8%
5.3%
4.3%
1.9%1.2%
Losing all my data if my smartphone
is lost or stolen for instance
Fraud when I make online purchases
(ex through Amazon, Pay Pal etc...)

Phishing (a message from my bank asking for
my login and passwords, linking to a fake site
where my login and passwords are stolen)
My online bank account being hacked
I worry that an app I download obtains
personal information from permissions
I gave it
When I run out of battery
I worry about a virus infecting my phone
and all my apps
Someone hacking my personal
information such as my pictures
and emails
Getting malwares when connecting to a
free access Wi-Fi, outside my home/work
I worry about many apps running on my
phone, what if an app collect personal
data from another app?
Ransomware attacks locking access to
my phone, making it inaccessible until I
pay a ransom

Fig 4: App protection
Who ultimately is best placed to safeguard a user’s
security has been a debate for years. Many within the
industry would suggest it is the app stores’ responsibility
to police the software available, or the smartphone
maker who controls the OS. However, when it comes
to the general public, the results are pretty evenly
split. Interestingly, many place the greatest onus on
the app provider (such as bank, corporate enterprise,
or government) itself – suggesting that if their app’s
security was compromised, the brand who made it would
take the greatest reputation hit.
While it is true that ultimately security lies with the
app provider, once a party wants to create malicious
software or has discovered a vulnerability in an app, it is
up to others to ensure the threat is discovered, and any
damage mitigated. As is clear, each stakeholder bears
responsibility for any serious security breach; the stores
must remove offending apps, smartphone makers must
patch any exploits in their OS, app providers need to
update their software, and MNOs need to be on-hand to
push out patches over the air quickly.
There are also some eye-catching regional contrasts,
albeit familiar as Brazil was the outlier again. Those in
the UK think the mobile operator is best placed to protect
the end-user from third-party apps, while in Brazil it is
the job of the app store. Those in South Africa, Singapore,
the Netherlands and the United States all think the app
provider must ensure their apps are secure.
Many place the greatest onus
on the app provider (such as
bank, corporate enterprise, or

government) itself – suggesting
that if their app’s security was
compromised, the brand who
made it would take the greatest
reputation hit.
Who do you think is best
positioned to protect the
apps in your smartphone?
18.8%
22.7%
37.1%
21.4%
-
My network operator
My smartphone maker
The app provider/brand who
created the app such as my bank,
my government, my company
The Apple Store or Google Play-Store
or Microsoft Windows app store

Fig 5: Facebook and banking Fig 6: Security perception
The results suggest that our respondents
recognized there is too much risk involved with
pairing social media credentials with something
as important as your bank account.
In the UK and U.S., where the app ecosystem is very
mature, we note that respondents have the most faith
in app providers. A quarter have enough confidence in
the security expertise of their providers that they do not
need a visual cue that they are secure. This means that
app providers may want to vary their apps to meet the
needs of end-users in individual markets.
It seems when it comes to security, the saying “out of
sight, out of mind” does not apply. People want to know
they are protected, even if they have an app installed. It
illustrates the psychology of security as, unsurprisingly,
four out of five users feel more confident if a security
app is visually displayed on the smartphone screen.
This suggests that as long as users recognize a form of
security or feel they are in a safe digital environment,
they feel more secure, which will encourage application
uptake and usage. This is an important lesson for
industries and governments to learn, to establish how
they can incorporate this feeling of security into their
applications.
Would you log on to your
bank account using
Facebook login and
passwords, or Facebook
two-factor authentication?
13.1%

8.7%
74.6%
3.6%
Facebook login and passwords
Facebook two-factor authentication
Neither, I would not use Facebook
to log in to my bank account
I would be happy to use either
Which of the following do
you agree with most?
I don’t want to see anything visible -
I just trust my app provider (my
bank, my government, my company
etc.) that their apps are protected
I feel more confident if the security
app is visually displayed on my mobile
phone screen, with a sign or a symbol
which allows me to see if there are
updates on my phone
80.5%
19.5%

Fig 7: What makes an app secure
* The app provider requires a user to authenticate themselves
with a secret phrase if the use of the phone is
unusual (unusual location, unusual transactions…) via SMS,
email, or a phone call
When asked about general mobile security approaches
(covering both authentication and security techniques),
consumers are broadly aware of how they can be
protected. It’s encouraging to see how consumers
positively value such a range of security solutions.
The show of enthusiasm for fingerprint biometric
authentication is also worth consideration, if only as a
stepping stone to future development in the area. Apple
revolutionized security when it debuted TouchID in
2013, an innovation that is now a feature of almost all
smartphones.
It could be argued that app providers and the wider
mobile industry need to do more to convince users of the
need for vigilance when it comes to mobile. Only 53% of
people think a PIN or password protects them, only just
over a third value two-factor authentication, and only 42
percent feel encryption would help is surprising. Perhaps
people falsely assume that their phones are safe from
malware and intrusion, a false sense of security that
could stem from the historical safety of feature phones.
Furthermore, it’s worth noting how the results show that
users would consider multiple methods of protecting
their apps; not a single method, but different methods

working alongside each other.
It could be argued that app
providers and the wider mobile
industry need to do more to
convince users of the need
for vigilance when it comes to
mobile.
50.6%
56.5%
29.0%
42.4%
53.3%
34.5%
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
Anti-virus

software
Being able to
remotely wipe my
smartphone from
a PC, anytime,
anywhere
Being able
to encrypt
my personal
data
Using a PIN
code or a
Password
Which of the following do you think helps protect
your mobile apps?
A fingerprint
reader
Authentication
through app
provider*
Fig 8: Two approaches to app security

The response to this question reiterates the importance
of building frictionless security solutions which do not
impact upon the user experience. Overall, a strong
majority of respondents (60 percent) prefer one-time
authentication. It’s clear authentication methods will
continue to play a role in the quality of mobile experience.
Consequently, app providers face an important challenge
if they want to change the user journey. They will have to
find a way to provide secure authentication in a way that
isn’t disruptive or perceived to be inconvenient. Otherwise
people will just sign in, and click the ‘remember me’ tick-
box to avoid the hassle, or avoid the digital route entirely
in favor of a costlier customer experience touchpoint,
like a face-to-face visit or call to the call center.
60.2%
39.8%
I feel better protected if each app
asks for its own password or PIN
each time I use it
Security on a smartphone must be
easy and frictionless. I want to use a
PIN, fingerprint, password, or pattern
ONCE and then have total access to
all my apps
Which of these two
statements best describes
what you would like to
experience when using your
mobile apps?

Fig 10: Would you perform more
transactions if security was
guaranteed?
Fig 9: If security is guaranteed, what
would you like your smartphone to
do?
It is fascinating to see what happens when you can
guarantee security. People open their minds, and are
much more willing to embrace new technologies. These
results suggest once security obstacles are overcome,
mobile consumers are more enthusiastic about using
digital identity documents, such as a passport or ID
cards on their smartphones.
This was particularly high in Brazil (84 percent) and
South Africa (76 percent), and should be welcomed
by their governments. Technology when deployed
correctly, can bring significant benefits to a country, and
it is clear that these countries are more than ready for
eGoverment services. This could have a significant effect
in enfranchising those that cannot partake in many
If all the apps in your phone
are 100% protected, what
new app(s) would you like to
have in your smart phone?
69.8%

38.1%
36.1%
6.7%
Digital Identity documents such as my
passport, or national ID card
Access to my house/apartment
Other (please specify)
I would perform more transactions if I
knew that mobile security was on board
I would pay a premium to get the level
of security I want on my mobile phone
I do not agree with either of the above
sentences
Signing my official documents such
as tax declaration
66.1%
30.6%
22.0%
Do you agree with either of
the two sentences?
services due to poor physical infrastructure. Health,
voting, education, and identity services are just a few

areas that could all be revolutionized by embracing the
power of mobile.
The Internet of Things also gets a boost, with a notable
appetite for access to a house/apartment via a mobile
app. Just over four in ten in Singapore (44 percent)
and the U.S. (43 percent) are ready for this technology
– something that should be embraced by smart home
vendors and solutions providers. Still with the smart
home being pushed by major technology players, the
future looks bright given most consumer IoT products
are still in their first iterations.
In addition, it’s also worth noting how Brazil by far is
the nation most willing to embrace access to houses/
apartments through their smart phones - over half
(55.5%) would use this form of access if security were
guaranteed.
It is also clear that consumers would be more willing
to perform transactions via their phone if security was
guaranteed, and that almost a third of consumers are
willing to pay a premium to get the level of security they
want as seen below:
PART 2:
RECOMMENDATIONS
TO BUILD TRUST
IN THE MOBILE
ECOSYSTEM
In the first part of this report, we learnt that consumers

want and expect a secure app ecosystem, with their
experience to be frictionless.
• For those organizations who have developed or
are planning to release an app, there are a series
of steps they can take to build trust with their end-
users. Apps must be securely designed to coexist in
an environment where there are many others from
third-parties they do not control: they need to be
able to react and defend themselves, while on the
field
• Layers of protection should be implemented, with
the psychology of security in mind, to make the
user feel secure. This can range from visible icons
to show everything is operating as intended, to login
procedures like biometric authentication such as
fingerprint, facial recognition, iris scanning
• App providers must gauge their audience and the
purpose of their app. In some instances, connecting
a user account with a social network may be
acceptable, but many in others—such as banking or
government providers should tread more cautiously
as consumers are more wary about sharing
credentials across services
• User convenience needs to be part of the design,
from enrolment through to everyday app usage.
It is also imperative that the same experience
applies regardless of the mobile device handset and
operating system
• Consider how biometric authentication could
increase user convenience, driving trust and adoption
of new services. Biometric authentication is being

embraced by consumers (as we learned in first part
of this report). Alongside fingerprint readers, facial
recognition and iris scanners are starting to roll-
out as well. A good example of this can be seen in
the announcement of MasterCard Selfie Pay or the
iris scanning capability of some Samsung phones.
Providers should continue to explore how they
incorporate these features that are resonating with
consumers. Providers can then use the subsequent
user uptake as a positive proof point
The survey shows users want to rely on strong
authentication for mBanking and demonstrated that
if security is guaranteed, users are accepting of new
solutions such as eGovernment services. As mentioned
previously, these solutions have significant potential
to streamline the way we access important tasks such
as applying and managing identity documents, health,
education, tax and even voting. Strong authentication
allows industry players and governments to provide
these higher value services for their customers or
citizens.
In the next section, we will give an overview of the security
solutions available which can be designed to meet end-
users’ expectations. Essentially, it comes down to the use
of Software Development Kits (SDKs) which can be used
to add additional and customizable security, in addition
to what exists in the market such as built-in security
features protecting the OS of handsets and commercial
browsers, as well as anti-virus software.

Designing self-protecting apps
App providers need to implement end-to-end security
architecture which can deal with new dynamic malware.
Some solutions such as purpose-built software
development kits (SDKs) can address the problem
through security mechanisms that allow apps to:
• Defend themselves through coding techniques and
cryptography
• Detect threats through secure environment detection
• React in the presence of threats: stop the execution,
send an alert to a risk management server
Strong authentication
SDKs allow developers to design strong user
authentication methods.
Biometric technology, which as we learned in part one
of this report is particularly popular among end-users,
is an innovation that’s well suited to mobile. People trust
that their fingerprints and faces are unique enough to
act as their authentication key. Furthermore, if app
providers want to explore other options for strong
authentication, they could consider one-time passwords,
or Out-of-Band (OOB) via Push, a method where a push
notification is sent to the user’s phone, requesting
approval for any app login request. Secure PIN pads
also warrant consideration as they are integrated in the
app instead of using the default PIN pad of handsets,
protecting sensitive authentication credentials such as
PINs and passwords. In addition, SDKs also enable the
design of digital signatures, which serve as another good
example of a strong authentication method for securing

critical transactions. However, regardless of the strong
authentication implementation, it must be reiterated
that keeping a fluid user experience is paramount when
considering these authentication options.
Regardless of the strong
authentication implementation,
it must be reiterated that
keeping a fluid user experience
is paramount when considering
authentication options.
The table below gives a summary of the different
techniques of protection that SDKs can provide
EXAMPLES OF
THREATS IN THE DEVICE
MOBILE SECURITY SOLUTIONS
Sensitive data disclosure such as passwords, user
personal data disclosure (contact names, SMS, emails)
• Encryption and strong authentication for securing
access to personal data
Unlocking of game licences, which can cause millions of
$ of losses.
• Code obfuscation

• This coding technique can help protect intellectual
property and licensing
App programming code analysis: the logic of the codes
can be revealed and exploited.
• Code obfuscation
• Anti-debugging
• White box cryptography
• These techniques also help protect against reverse
engineering
User interface: PIN/Password capture through key
loggers (malwares) which can enable hackers to
fraudulently log onto a user’s online banking account, or
fraudulently log on to remote enterprise resources and
steal sensitive data.
• Alternate virtual keyboard, as part of the app design
instead of using built-in keyboards
• Biometry such as fingerprint authentication
• Both solutions provide strong user authentication
Mobile device and passwords stolen and used by an
unauthorized party, which could access user’s online
banking account or a user’s online government accounts
and steal enterprise resources.
• Risk Management System which can detect unusual
user behavior and apply security policies accordingly
• Mobile Device Management (MDM) featuring remote

data wipe: in this case the user can remotely erase the
phone memory and keep their personal data private
OS emulation replacing a genuine OS / phone memory
cloning in order to fraudulently access online resources
(bank, enterprise, government…)
• Risk Management System which can detect if the
mobile device is not genuine and prevent unauthorized
access to online resources, according to its security
policies
The operating system of the device is corrupted, with
lower access rights. This can happen when users change
the security settings of their mobile devices, without
realizing the potential risks. If they download malware,
it can potentially control all the apps, since it will have
“super user” rights
• Jailbreak/root detection for these coding techniques
allows apps to detect an unusual or unsafe
environment on the device and can stop it working or
send an alert to the risk management server.
• These techniques help protect an app’s integrity
Transaction values modified: such as the amount of
money that users want to transfer through mBanking for
instance
• Anti-debugging
• Anti-hook
• Anti-tampering

• These coding techniques help protect the integrity of
transactions
Layered security
To combat growing levels of sophistication from hackers,
it is important to adopt a layered approach to security. It
is not enough to rely on a single method of protection;
there needs to be additional security layers dependent
on what is at stake, whether that is first-time enrolment,
or general use.
At the technical level, several layers of security can
be combined in order to increase the overall level of
security. Cyber-attackers are skilled at identifying points
of weakness in the mobile ecosystem, so it is crucial to
make it very difficult for them to attack each part of the
app experience, using layers of security. SDKs enable
this layered approach, hence why the use of them is a
key recommendation of ours when it comes to protecting
against cyber-attackers.
Risk Management
As you can see from the illustration of layered security,
risk management is a key part of this approach. Cyber
threats are not static, but constantly evolving and
increasingly unpredictable, meaning security systems
can fast become obsolete. The dynamic nature of the
threat requires a flexible risk management system,
which can respond to new situations and implement
adaptive security policies whilst the apps are used
on the field. These systems can detect unusual user

transaction patterns, evaluate the risks of a transaction
and remotely stop the transaction or ask the users for
further authentication, to minimize the risk. Crucially,
this analysis is executed in real-time so as to counteract
threats immediately, before it’s too late.
To combat growing levels of
sophistication from hackers, it
is important to adopt a layered
approach to security.
Cyber threats are not static,
but constantly evolving and
increasingly unpredictable.
Depending on what is at stake,
multiple security layers can be added,
increasing the level of security
Security layers
ENCRYPTION
PROTECTION OF APP
INTEGRITY
PROTECTION AGAINST
REVERSE ENGINEERING
STRONG USER AUTHENTICATION
SECURE ENVIRONMENT
DETECTION
NOTIFICATIONS TO RISK
MANAGEMENT SERVER

C
U
M
U
LA
TI
VE
S
EC
U
R
IT
Y
SDK for
mobile apps
Mobile software security, a layered approach
Conclusion
A secure mobile ecosystem is a wide topic, encompassing the
backend, network and device. However, in this
report we focus on mobile app security; apps are being used
increasingly by key players in the industry and

governments – as this happens, more and more threats in this
space continue to arise.
At every step of the user journey, protection is crucial. Strong
authentication and identity protection are necessary
to ensure mobile software receives adequate protection.
Moreover, it is crucial to include user convenience and the
‘psychology of security’ as part of the security design,
in order to trigger service adoption. In particular, the use of
biometry such as fingerprint readers, facial or iris
recognition is becoming more popular.
It’s also worth noting how the research has demonstrated there
is widespread awareness of cybersecurity issues.
Consumers clearly value robust protection to the point that
many would pay a premium for guaranteed security.
In a world where cyber threats are constantly evolving and
consumers have access to an unprecedented number
of valuable services through their smartphones, it is important
each player is prepared. Cybersecurity cannot
be treated as an afterthought; effective risk management and
evaluation systems need to be in place to protect
end-users, otherwise trust in mobile apps will be severely
undermined and the full potential of mobile will not be
achieved. We know the opportunity is out there; we know users
would embrace digital identity for example if they
knew their mobiles were 100% secure (see page 15). Electronic
Identification and Signature (eIDAS) Regulation
is already law within the EU today; it’s now just a question of
gaining momentum.
As our lives increasingly exist on mobile, it is imperative we
can trust the devices and services we use every day.
This is why Gemalto’s mobile security solutions are purpose-

built to support multiple security frameworks, both
at the software and hardware level, to deliver best-in-class
digital security and facilitate service deployment in a
fragmented mobile market.
Gemalto works across numerous industries, with banks,
governments, mobile network operators, OEMs,
transport operators, and automotive manufacturers… By
working together, we can develop a secure ecosystem
that mitigates the ever evolving cyber security threat landscape.
Gemalto Survey analysis report 1© Gemalto, January 2016
CONNECTED LIVING: HOW
TECHNOLOGY COULD IMPACT
DAILY LIVES BY 2025
SURVEY ANALYSIS REPORT
CONNECTED LIVING 2025
About Gemalto:
Gemalto is a global leader in digital security, bringing trust to
an
increasingly connected world. We deliver easy to use
technologies
and services to businesses and governments, authenticating

identities and protecting data so they stay safe and enable
services
in personal devices, connected objects, the cloud and in
between.
Contributors:
Rémi de Fouchier, Vice President, Marketing Communications
for Gemalto Mobile
Xavier Larduinat, Senior Technologist for Gemalto
Our solutions are at the heart of modern life, from payment to
enterprise security and the internet of things. We authenticate
people, transactions and objects, encrypt data and create value
for
software – enabling our clients to deliver secure digital services
for
billions of individuals and things.
Foreword 3
Introduction 4
General trends for the future of mobile 5
International trends 6
Smart Cities 7
The rise of the driverless car 7

Public transport 8
Hyper-Connected Society 10
Health 10
Personal Assistants 11
Contactless Payments 12
The Future Workplace 15
Beyond the survey 20
Insights from Xavier Larduinat, Senior Technologist
at Gemalto 20
Challenges in business practices 23
Conclusion 26
CONTENTS
Foreword

by Rémi de Fouchier, Vice President, Marketing
Communications for Gemalto Mobile
No other device today dominates our lives as much as
the mobile phone. We would be both figuratively and
literally lost without them. We use them to wake-up,
to play music on our way to work, to look up facts, plan
our social lives, to work, connect with friends, find love,
and discover new interests, places and opportunities.
This is all commonplace now, in stark contrast to the
years before 2000. I’m currently 45 years old and have
therefore spent most of my life without a mobile phone;
instead, I grew up using paper maps, paper agendas
for meetings and appointments, physical notebooks for
phone numbers and a Sony Walkman – incredibly heavy
by today’s standards - to provide me with music on the
move. With my paper past behind me, it’s been stunning
to see the rise of mobile all around us and how it’s now
woven into almost everything we do.
Every company is now deploying a mobile strategy, and
few people would dare to go without their smartphone for
a week. So we wondered, if we’re so tied to our mobiles
now, what do people think will happen ten years’ down
the line? We polled 1,200 young adults from around the
world about their expectations will be for the world of
mobile in the future, and what they think (and hope!) the
services and features of mobile technology in 2025 will
look like.
The results paint a picture of a world populated by smart
cities, where people live in a hyper-connected society,
using their mobiles for more than many thought possible
only a few years ago. There are a great many dreamers
too, with huge expectations for the way the world will
change in the years to come.

Not only are these insights fascinating because they give
a glimpse of what consumers expect in the future, but
also because they give insight into how mobile operators,
cities, homes and workspaces could evolve as we move
into an ever more connected future. We therefore decided
to close the report by considering the implications for
the mobile industry today.
Methodology:
Just over 1,200 consumers aged 18-30 were surveyed by
Smart Survey in an online poll in December 2015, on behalf
of Gemalto. Respondents were evenly split (approximately)
between Brazil, China, France, Germany, the United Kingdom
and the United States. The survey was developed by the
Gemalto mobile team, with the support of applied futurist,
blogger and media personality Tom Cheesewright.
1 Source: Mobile phone internet user penetration worldwide
from 2014 to 2019 - http://www.statista.com/
Introduction
It’s been nine years since Apple kick-started the
smartphone revolution. In that time we’ve embraced
apps, and gained access to thousands of services
that, prior to the dawn of the smartphone age, would

have required all manner of gadgets and real-world
resources. Our relationship with other technology, from
MP3 players, to digital cameras, and the humble printed
map has been transformed by the smartphone, and as
the technology develops, more and more is becoming
possible, from healthcare to atmospheric monitoring.
This transformation has resulted in a huge demand for
mobile data. Over time, as mobile technology improved
and consumers became accustomed to using their
phones to go online, mobile internet usage caught
up with fixed connections. In 2014, mobiles overtook
desktops, and since then have only continued to rise.
One important element in the rise in mobile data
consumption is the introduction of smartphone apps.
Since the launch of the iPhone App Store in 2008 (followed
by many similar stores), apps have evolved to turn our
phones into devices as powerful as most PCs. With the
world now at our fingertips, it’s no wonder consumption
has grown so quickly. And as apps continue to increase
in diversity and compatibility, it’s only a matter of time
until mobile phone internet penetration goes over 60%
worldwide. In fact, the figure is expected to grow to 61.2
percent in 20181
In parallel to the evolution of mobile technology,
technical advances have rapidly altered what is possible
over the Internet. We have secure, fast networks able to
stream HD video, and the industry is constantly pushing
the boundaries of what’s possible.
Table 1: Source: Akamai State of the Internet Report
www.stateoftheinternet.com
Average

broadband speed
Q3
2007
Q3
2015
%
growth
France 3195 8154 255%
UK 3268 12974 397%
Brazil 698 3646 522%
China 673 3687 548%
USA 3672 12572 342%
Germany 3208 11528 359%
In the last 8 years alone, average Internet speeds in the
six markets surveyed alone have risen more than 400%.
What the next 10 years can bring, we can only imagine,
especially if the promises of 5G – which should be coming
onto the market by then – come to fruition.
In the last 8 years alone,
average Internet speeds in the
six markets surveyed alone
have risen more than 400%
Those we surveyed therefore describe a world in which
the leap from only ten years ago to that of 2025 seems
insurmountable. The rate of change seems improbable,
but as with many future gazing projects, we may actually
find that our projections are too conservative.

General trends
for the future of
mobile
In our survey, respondents were incredibly positive about
what the future of mobile holds. On the connectivity and
content front, 87 percent believe access to any content
they want will be seamless, and 61 percent believe that
Wi-Fi offloading will be commonplace.
The recent breakout trend of mobile payments is also
expected to be widely embraced, with half of respondents
thinking it will be simple to make any type of payment,
be it real-world or digital, through a card loaded on your
smartphone or carrier billing. Indeed a big theme in the
report is the frictionless nature of mobile. People expect
that all the kinks into today’s world will have been ironed
out to deliver an experience that just works, no matter
what you want to do. This frictionless expectation is
also reflected in how future users envisage core device
functionality, such as how we unlock our phones. It’s
apparent that a blend of convenient, but highly secure
solutions will be in demand.
We also asked how people thought we might unlock our
future phones. Respondents rate fingerprints as still
being the most popular choice in 2025, with two thirds
favouring this method. Given how much we stare at our
phones (and not just for selfies!), it probably shouldn’t
come as much of a surprise that facial recognition (44
percent) and retinal scanning (43 percent) beat out
the more traditional PIN/password (40 percent). More
interestingly, nearly a third think that our phones will

come equipped with a DNA scanner to ensure only you
can unlock your phone.
Fig 1: How do you expect to unlock your device in 2025?
66.8%
44.3%
43.4%
32.5%
39.5%
40.4%
Finger print reader
Facial biometrics
Retinal scan
DNA scan
Voice biometrics
0% 10% 20% 30%
PIN/password
40% 50% 60% 70% 80%
61%
expect always on mobile

data and seamless wi-fi
offloading wherever they are
Only 19% of French respondents
expect simple electronic payments
from their mobile provider.
0
10
20
30
40
50
60
70
80
90
100
High-speed
Internet

Always-on
mobile data
Automatic
service
upgrades
Simple
electronic
payments
Digital
personal
assistant
Personal
data
brokering
Personal
safety
Brazil
China
France
UK
Germany
USA

International trends
French and German youth are least optimistic about all these
services; with some tremendous gulfs in the
responses; for example, only 19% of French respondents expect
simple electronic payments from their mobile
provider (vs 69% of Brazilian respondents and an average
across the sample of 50%); similarly for digital personal
assistants (19% for France vs. 40% average). In contrast, Brazil
and China are at the opposite end of the spectrum,
perhaps illustrating the developing countries tendency and
expectation of ‘leapfrogging’ technologies in rapid
development spikes. The Chinese and Brazilians are also those
most in hope that DNA scanning will become a
reality (47% and 36% of respondents respectively, vs. an
average of 32%).
Fig 2: What services would you expect from your mobile
operator in 2025?
Much has been made of how the Internet of Things will
forever changes our lives. From the industrial IoT using
sensors to breathe life into manufacturing and make
industrial equipment in oil & gas, mining, and transport
safer and more efficient, to the more accessible
consumer focused IoT that simplifies our daily routines,
there seems to be almost limitless potential.
Few areas have seen more hype than Smart Cities. From
sewer systems linked to transport grids, so that a burst
pipe that floods a street will see the city automatically
reroute traffic to avoid any congestion, through to

environmental monitoring for flood protection. A city
Smart Cities
that syncs multiple infrastructure layers is certainly an
attractive idea, and our respondents certainly buy into
the idea that the getting about will be much simpler.
Our survey touched on a few key areas.
The rise of the driverless car
While Google, Tesla and a few others are running
autonomous car trials as you read this, almost two thirds
(63 percent) think that by 2025 cars will be driverless. But
their appetite for innovation didn’t end there. 60 percent
think car keys are a thing of the past, with access to your
car granted by a simple touch – thanks to DNA sensors.
Of course the interior of the cars that roam the smart
cities will also be updated. 62 of people thought that 3D
maps will be displayed in front of you as you drive so you
never get lost.
And there are some very optimistic youth amongst our
sample, with 27 percent thinking that flat beds will be
an option, allowing you to catch a few winks while the
driverless-car whisks you around town. More than a third
(36 percent) thought that cars would become places you
could catch up on your workload.
Fig 3: What features would you expect from the connected car
of 2025?
62.6%
59.1%

46.3%
61.9%
35.9%
26.5%
Driverless capability
IoT-enabled music system
3D Navigation system
Personal authentication (DNA analysis technology)
0% 10%
Flat beds
20% 30% 40% 50%
A dedicated workspace
60% 70%
Public transport
If there is one thing this survey can tell the decision
makers are public transport authorities, it’s this; people
expect high-speed connectivity even when travelling
underground. Nearly 70 percent of respondents think
that by 2025, we will all be able to watch our favourite

shows while zooming through the tunnels. It also looks
like printed tickets are a thing of the past, with 56 percent
thinking NFC will be the de facto ticketing option.
Also interesting is the idea that the transport systems
in tomorrow’s smart cities will be intelligent. 44 percent
agree that public transport networks will be able to
gauge demand and increase or decrease the frequency
of service. This could hugely benefit not only the
environment, reducing nearly empty trains and buses,
but also allow one-off events like concerts or sports
events in a particular part of the city to be better served.
Waiting for a bus or train will also be more interesting
in the future. 53 percent believe that screens will
dynamically display personalised offers, allowing
passengers to fill the time on their journey by checking
out the latest concerts happening that day, or booking a
table at a new restaurant.
People expect high-speed
connectivity even when
travelling underground
Fig 4: What do you expect from a connected transport system?
55.7%
69.3%
52.8%
44.3%
NFC-enabled readers at entrances

Always-on on-board connectivity
0% 10% 20% 30% 40% 50%
Dynamically targetted smart marketing
60% 70% 80%
Targeted service ability
On the connected car front, again, the European countries in our
sample saw much more conservative expectations
on almost every front, and the Brazilian and Chinese youth
without exception were significantly above the average
response rate in each area surveyed. In particular, it’s worth
noting that 52% and 48% of Brazilian and Chinese
respondents respectively expect the connected car to act as a
workspace in the future (vs an average of 36%)
and an astonishing 42% of Chinese expect to be able to have a
nap in flat beds in their cars. In general, the US
respondents were also more optimistic than their European peers
on almost every front.
42% of Chinese expect
to be able to have a nap
in flat beds in their cars
Fig 5: What features would you expect from the connected car
of 2025?
It’s a similar story on the urban transport side, although this

time the British respondents also have high
expectations, perhaps buoyed by the already evident innovation
in London’s transport infrastructure which
supports NFC card and smartphone payments already.
Fig 6: What do you expect from a connected transport system?
0
10
20
30
40
50
60
70
80
90
100
Workspace Flat beds
Brazil
China

France
UK
Germany
USA
3D navigation
sysyem
IoT-enabled
music system
Personal
authentication
Driverless
capability
0
10
20
30
40
50
60
70

80
90
100
Brazil
China
France
UK
Germany
Targeted
service ability
Smart marketing
ability
On-board connectivityNFC-enabled reader
at entrance
USA
Hyper-Connected
Society
With the launch of wearables over the past few years, we
have embraced the concept of the quantified self. For a
relatively low cost people can now keep up to date with

all sorts of health data such as their heart rate, blood
pressure, daily steps-taken, and their sleep patterns.
Soon you will be able to track your blood sugar levels to
get an even more detailed view of your health.
Health
The prospect of telehealth resonated well in the survey.
63 percent of people think heart-rate monitors will evolve
to the point of being able to show you a 3D display of your
heart, with daily reports telling you how you are doing.
A fun use of the IoT comes in the form of a connected
toothbrush that will show a detailed 3D display of your
teeth on your smart glasses. The image will highlight
the areas where plaque has built up, dramatically
reducing cases of gum disease, and the toothbrush will
also connect to your dentist to schedule an appointment
if a problem is sensed while brushing. Also, no more
missing that check-up as your toothbrush just made the
appointment you’ve been putting off for months.
One area that surprised us was the respondents’ positive
attitude to connected implants. Six in ten thought
we would have a one that would monitor our blood
pressure in real-time, helping to diagnose problems
long before they become serious. A further 51 percent
thought another implant would do the same for body
fat, synching readings to our smartphones which in turn
would recommend a healthier diet to follow.
46 percent thought that we would have a pulse and
oxygenation monitor built into your smart watch
that combines with a peak flow meter you blow into
occasionally checks your lung performance. Finally, one
third thought that smart toilets would be able to analyse

our waste to pick up any symptoms of disease.
Fig 7: What health data would you expect technology to help
collate, assess and
support you and your healthcare adviser?
49.8%
59.3%
62.5%
50.8%
39.7%
32.3%
45.6%
Dental
Blood pressure
Heart rate
Body fat
Flexibility
Digestive
0% 10% 20% 30%
Respiratory

40% 50% 60% 70%
Personal Assistants
Technology in 2025 will also help us plan our daily
lives better. We are slowly getting used to speaking to
our phones, whether that is Apple’s Siri, Microsoft’s
Cortana or the Google App. But in ten years’ time, our
relationship with these personal assistants will be far
more developed. 62 percent think that these virtual PAs
will make sure we never miss a meeting as they will
analyse emails autonomously and produce a detailed
daily schedule, taking into account all our personal,
social and work commitments.
These personal assistants will also become invaluable
recommendation engines, with 56 percent thinking they
will help us discover new things. 43 percent think they
will negate the need to search for new entertainment,
instantly serving up what we want.
These assistants will also be much more useful than
today, with over half agreeing that they will manage all
of our IoT devices and services. So while you can set your
heating to come on when you leave the office now, in the
future as soon as you leave your desk for the day, your
personal assistant could start getting the house ready
for your return without you lifting a finger.
43 percent also believe these helpers will know so much
about us, that they buy the things we like on our behalf
autonomously. Perhaps it will be drones delivering these

items to our homes, and even returning them if we don’t
need or like them. And just over four in ten (42 percent)
think they will also take the hassle out of managing
our social lives, with our free time mapped out with the
latest our smart cities have to offer. Equally 41 percent
think the future Siris and Cortanas will be able to offer
sound business advice on company plans.
Fig 8: What services would you expect from a virtual Personal
Assistant like
Apple’s Siri?
61.2%
41.2%
55.7%
52.4%
41.9%
42.6%
42.9%
5.3%
Organising agendas and meetings
Offering business advice
Discovering new things
Managing your IoT devices and services

Run your social life
Content filter
Shopping
0%
Other?
10% 20% 30% 40% 50% 60% 70%
Contactless Payments
The payments industry is undergoing a radical period of
change with the twin pillars of mobile and contactless
payments revolutionising how we pay for goods and
services. When we asked people about the future of
payments, the most striking finding was that almost a
third (32 percent) think that there will be no coins used
in 2025, with bank notes also increasingly rare. Such has
been the pace of adoption of contactless and mobile that
this is one prediction that just might come true.
Fraud prevention also figured prominently in the results.
70 percent of all respondents think that dynamic cards
with details that frequently change will greatly reduce
cybercrime. And with the ease of use of these new
payment technologies, people envisage an era of zero-
restriction with their payments. 42 percent think we will
be able to buy anything at price with just one mobile
tap. Of course the experience will be seamless too, with
almost two thirds (63 percent) agreeing that payments

will take place instantaneously.
Fig 9: What services do you expect from contactless payment
technology in 2025?
61.7%
63.3%
69.3%
41.5%
31.6%
Top-up alerts
Instantaneous payments
Dynamic security
No limits
0% 10% 20% 30% 40%
No more coins
50% 60% 70% 80%
The most striking finding
was that almost a third (32
percent) think that there will
be no coins used in 2025

Again, Brazilian and Chinese consumers seem more optimistic
than their European counterparts about the
future of healthcare across the board. However the American
respondents polled highly when it comes to blood
pressure monitoring (67%), heart rate tracking (71%) and body-
fat analysis (59%). Given the USA’s privatised
healthcare system and the expense of treatment, perhaps it’s
unsurprising to hope mobile technology can provide
some assistance. China was also the country with by far the
largest hopes for smart toilets, with almost six in 10
expecting them to become a reality versus an average of a third
of all other respondents.
American respondents polled
highly when it comes to blood
pressure monitoring, heart
rate tracking and body-fat
analysis
Fig 10: What health data would you expect technology to help
collate, assess and
support you and your healthcare adviser?
60
50
40
30
20

10
0
100
90
80
70
Dental Blood
pressure
Heart rate Body fat Flexibility Digestive Respiratory
Brazil
China
France
UK
Germany
USA
When it comes to help from personal assistants, over three
quarters of Americans expect never to miss a meeting
versus 51% in France, 54% in Germany and 58% in the UK.

Brazilians are most optimistic about using them to
discover new things, with 70% expecting instant answers to any
question (versus less than half of French and
German consumers). The Chinese meanwhile are most expectant
of virtual assistants to run their IoT devices
(expected by 67%), their social lives (58%) and do their
shopping for them (62%).
Fig 11: What services would you expect from a virtual Personal
Assistant like
Apple’s Siri?
In payments, almost half of Chinese respondents (48%) don’t
expect to be using any coins in 2025. This compares
with a third (35%) of Americans, the next highest group in the
survey. Optimism about cybercrime is greater
across the board, with over three quarters of Americans (79%),
Chinese (84%) and Brazilians (81%) expecting
dynamic cards to significantly improve security. Europeans are
less optimistic here, but over half of respondents
still expect a big improvement.
Fig 12: What services do you expect from contactless payment
technology in 2025?
90
100
80
70
60

50
40
30
20
10
0
Brazil
China
France
Germany
UK
USA
Or
ga
ni
sin
g
ag
en
da

s
an
d
m
ee
tin
gs
Of
fe
rin
g
bu
sin
es
s a
dv
ice
Di
sc
ov
er
in
g
ne

w
th
in
gs
M
an
ag
in
g
yo
ur
Io
T
de
vic
es
a
nd
se
rv
ice
s
Ru

n
yo
ur
so
cia
l l
ife
Co
nt
en
t f
ilt
er
Sh
op
pi
ng
Ot
he
r?
0
10
20

30
40
50
60
70
80
90
100
Brazil
No more coinsNo limitsSecuritySpeed of
transaction
Top-up
China
France
UK
Germany
USA

programmes lately, as almost half (49 percent) think iris
recognition will be used and a further 49 percent think
facial recognition will let us in. It’s interesting to see
something more simple like voice biometrics scoring
lower at 42 percent, even though that’s how we often
identity people when they buzz our bells.
The Future
Workplace
Simply getting into your workplace is going to be a much
more interactive experience if the results of our survey
are anything to go by. It would appear that the fob or key
pass is dead in 2025. 63 percent think we will access our
workplace with a scan of our fingerprints. It would appear
that our respondents have been watching a lot of sci-fi
Fig 13: What will your workplace entrance pass look like in
2025?
48.5%
63.3%
42.4%
49.1%
Iris recognition
Finger print reader
Voice biometrics
0% 10% 20% 30% 40% 50% 60%

Facial recognition
70%
The workplace itself could well be very different to the
pods and cubicles we work at today. The most popular
device to help us work in 2025 is a pair of smart glasses.
While only prototypes now, 59 percent thought they would
be commonplace in ten years, as augmented reality
enables us to visualise files, simulations and images,
enhancing our problem-solving capabilities.
It seems that the desktop PC has finally had its day in
2025, with only 35 percent of people thinking there will
still be a place for it. The popularity of the smartphone
continues to soar, with 58 percent favouring that over
both the tablet (52 percent) and the laptop (51 percent).
There are still some that think technology will radically
advance. 25 percent think our computers will pull
thoughts straight from our minds rather than waiting for
us to type them in. While somewhat fanciful, it shows the
faith that people place in those making the devices we
use every day.
And finally, 2025 may be a bad year to slack off. 43
percent think wearable trackers will give bosses
new insight into their employees’ behaviour
and productivity, allowing them to assign more
personalized, appropriate tasks.

25 percent think our computers
will pull thoughts straight
from our minds rather than
waiting for us to type them in
Fig 14: What technology do you expect to be using in the
workplace in 2025?
Fig 15: What do you expect people’s mind-sets around data
security to be in 2025?
59.0%
43.2%
58.4%
51.9%
50.6%
34.5%
24.6%
Smart glasses
Wearable trackers
Smartphones
Tablets
Laptops
Desktop computers

0% 10% 20% 30% 40% 50% 60% 70%
Direct brain interface
2015 was an incredible year for hacks, especially at the
corporate level. While consumers are certainly more
aware of the threats posed by cybercrime, much still
needs to be done to educate people of the risks. Two
thirds of respondents think that in 2025 we will be vigilant
to threats, while 40 percent reckon we will be paranoid.
Only 28 percent think we will be complacent, suggesting
that we are waking up to the dangers of hacking, no
longer thinking it is someone else’s problem.
65.6%
39.6%
28.0%
Vigilant
Paranoid
0% 10% 20%
Complacent
30% 40% 50% 60% 70%

Upon arrival at their office, Europeans most expect finger print
readers to grant them access (expected by 60%
of Brits and Germans, and 55% of French respondents).
Meanwhile, Brazilians and Chinese are by far the most
optimistic of iris recognition (expected by 64% and 62% of
respondents respectively, compared with 44% of
Americans, the next highest response).
Fig 16: What will your workplace entrance pass look like in
2025?
Fig 17: What technology do you expect to be using in the
workplace in 2025?
The Chinese and Brazilian respondents again prove to be by far
the most visionary about the mind-reading
potential of computers, with more than four in 10 expecting
direct brain interfaces. They also are the countries
who most expect smart glasses to be commonplace in the office
of 2025. Americans however are most optimistic
that we’ll be using smartphones, tablets and laptops (expected
by 71%, 70% and 62% respectively).
More than half of respondents in all countries expect a vigilant
attitude to data security in 2025, with Chinese
and Brazilians proving to be the most cautious with more than
three quarters expecting a widespread culture of
security. Meanwhile more people in the UK expect a paranoid
mind-set than in any other region.
Fig 18: What do you expect people’s mind-sets around data

security to be in 2025?
90
100
80
70
60
50
40
30
20
10
0
Vigilant Paranoid Complacent
Brazil
China
France
UK
Germany
USA

Beyond the
survey
Insights from Xavier Larduinat, Senior
Technologist at Gemalto
The results of the survey show people expect many
things for their connected life in less than ten years. But
what is the reality from the industry side?
The mobile industry has a long track record of innovation
breakthroughs, above and beyond the wildest aspirations
ever expressed by users. Device makers need it,
because that’s their best way to sustain a value model
whereby today, a high-end smartphone can sell for twice
the price of a PC. In the last ten years, giant steps like
touchscreens, accelerometers, gyroscopes, fingerprint
readers and many more were taken, opening a wide
range of brand new usages no one would have even
hoped for back in the early 2000s.
There is no reason to believe the next ten tears till 2025
will not experience further major disruptions like these.
In fact, several candidates for these future “wow” factors
are already at the incubation phase. It’s hard to forecast
the winning ones, but it’s a safe bet to assume that two
of three within the following list (or others missing here)
will be game changers.
From pretty straightforward ideas to more far-fetched
candidates, here is a sample of future smartphone users’
amazing new experiences:

Direct-ethanol fuel cells are smartphone batteries capable of
providing the 3000mAh
power needed for periods ranging from weeks to months.
Consumers will love the idea
of charging their phone every couple of weeks rather than every
night. A sure bet by
2020.
The 3.5mm phone jack is the last design frontier to prevent
fully waterproof smartphones.
This is an easy win the industry will pick up as early as 2016,
thanks to Bluetooth low
energy headsets. In time, scuba divers will love to bring their
smartphones on diving
trips and shoot incredible 4K videos.
Shockproof devices: that goes hand in hand with waterproofing.
Handsets makers can
are already doing this today. They will do it on a wider level as
soon as they can be sure
you will only have to change your phone every 18 months.
Touchscreens now double up as 3D sensors, and will soon add
biometric readers right-
on-the-screen. Security engineers will be able to add an X,Y
random screen location to a
fingerprint query, offering a 3FA solution.
HD audio will trigger a brand new range of body-bound devices
to listen to sounds.
Human bones are far more efficient than human ears for low
frequencies, deep sound
reconstruction. Bone conduction is a “mature” technology
which could even enable a
T-Shirt to be your next audio device. We should see amazing

concept products in that
field by 2020.
Holographic 3D displays will allow you to watch your
smartphone video on a 55 inch
virtual display, or to visualize an object prior to 3D printing.
DLP technology is already
available. Small phone, big 3D volumes and large displays -
it’s a revolution as big as
contactless enabling any form factor for future smartphones.
Facial expression, tone of voice, heuristic gestures, touch or
even skin moisture… If you
are not sure about your mood, morale, or more simply which
type of content you need
right now, your smartphone will tell you.
Flexible displays: whenever handset makers decide to break the
phablet 5.5-6inch
frontier, flexible/folding displays could emerge.
Real time audio translation is the future of phone calls, where
what you say in English
on one end is heard in Japanese on the other side. The universal
translator we’ve seen
in many science fiction stories isn’t far away from becoming a
reality.
Contextual sensors capable of anticipating your actions, leading
to zero-UI use cases.
A Generation Positive

About Progress
A view from Tom Cheesewright, Applied Futurist
The smart phone has been the first device to
really blur the lines between our selves and our
technology. So much of our personality, memories
and skills now exist in the cloud, connected to
us via our devices, that it is increasingly hard to
determine where one ends and the other begins.
Photographs merge in to memories. Knowledge
becomes search. Skills of organisation and
navigation are inseparable from diaries and GPS.
What this research shows to me is that young
adults have a pragmatic optimism about the
continuation of this trend. A considered acceptance
of technologies that further blur the line between
technology and humanity. Glasses that enhance
us. Buildings that know us. Vehicles that serve us.
Most telling is the selection of ‘vigilance’ as a
state of mind about security. Not paranoia. Not
complacency. But engagement, cognizant of the
risks.
This is a generation walking into a technology-
driven future with their eyes wide open.
“This is a generation walking
into a technology-driven future
with their eyes wide open.”

What Haven’t Young
People Thought Of Yet
A view from Dan Kaplan, Growth Marketer and Columnist for
Tech Crunch
It’s hard to read much technology journalism and commentary
without coming
across jeremiads worried about all the bad things the pervasive
internet will do to
our bodies, minds, and souls. To see that such a large cross-
section of young people
is so enthusiastic about the potential of emerging tech is
interesting. It makes much
of the hand-wringing about the downsides of new technology
look like angry cane
waving and shouts to “get off my lawn, you damn kids!”
That being said, there are some blind spots in their enthusiasm:
► A.I. automation in this report centers on intelligent personal
assistants. While I’m
as excited as the next optimistic futurist about powerful, useful
bots, how will large
scale automation change the landscape of work? While I’m not
as concerned about
robots coming to take our jobs as some observers, I do wonder
about this risk. Maybe
young people are less worried and more confident in their
ability to adapt than their
parents and grandparents, but I’m surprised there wasn’t more
thought here.
► The implications of pervasive monitoring also do not seem to
register with young
people. Devices and technological infrastructure that can tell me
all about my body,

my productivity, and my day-to-day activity can also empower
less-benevolent
authorities or even less benevolent criminals. The institutional,
regulatory, and
political environments under which these new technologies
emerge will play a major
role in the good and bad ways they get used.
► Though not a key feature of this report, virtual reality opens
all kinds of doors for
distributed work, education, entertainment, and socializing, etc.
Maybe VR will not
catch on or will completely give way to Augmented Reality
(think “smart glasses”) by
2025, but I doubt it. While AR is/will be an even bigger, more
widespread breakthrough,
the power of immersive simulations is only likely to accelerate
in kind.
And my final thought on the report is that, I love the
brain/machine interface
concept. My guess is that human and digital intelligence will
eventually end up
more deeply intertwined as time goes on, but it’ll probably take
more than 10 years
to get to widespread adoption of neural implants.
Challenges
in business
practices
Mobile operators will not be the only players making the
connected world of 2025 a reality. Governments, urban

planners, city-states, technology firms, automotive
manufacturers and beyond will all be playing a big role
in delivering some of the elements that make up the
vision the world’s youth share. At least, that is as far as
we can guess what’s coming based on what people want
today. After all, as Henry Ford is famously attributed with
saying, “…if I’d asked my customers what they wanted,
they would have said ‘a faster horse’.”
Operators today are facing challenges on multiple
fronts. These include decreasing revenue per user,
the gradual erosion of SMS revenues as phones have
become ‘smarter’, apps and OTT services devaluing
lots of operator innovation investments, the cost of
infrastructure upgrades and spectrum, the complexity
of managing sector regulation and beyond. The Internet
of Things really opens up opportunities to develop new
fruitful business models. In 2015, almost 5bn Things were
already connected (Source: Gartner). And for 2025, even
if it’s hard to predict at the moment, the most optimistic
people say 50bn Things will be connected, from which a
majority will rely on MNOs’ connectivity services. So to
establish new revenue streams, operators will have to
overcome exciting challenges:
Moving towards dynamic management
of the infrastructure
Ubiquitous, high speed connectivity is high on the wishlist
of consumers everywhere, be that in their homes, on the
subway or beyond. There are boundless opportunities
for mobile operators to explore partnerships with local
communities, with transport networks, brands and
beyond.
To monetize the increasing demand for connectivity
within the massive rise of IoT, network infrastructures

will have to flex between different needs. Dynamic
management of the network infrastructure would be a
potential new business model for MNOs. They’ll have
the opportunity to provide a new aggregation service
with a notion of handing over to a different connectivity
framework, depending on the connectivity available and
the broadband needs of each device.
There are boundless opportunities
for mobile operators to explore
partnerships with local
communities, with transport
networks, brands and beyond
The emergence of 5G is the chance for MNOs to regain
control of the network, with the possibility to provide
fragmented and virtual connectivity services. MNOs
will also have the opportunity to adapt their services
according to the data consumptions needed – creating
a sort of ‘network on demand’. For some emerging IoT
use cases, low bandwidth broadband at low cost could
be provided. For example, connecting an automatic
inventory alert service for a fridge will require less data
consumption than a connected car.
61%
expect always on mobile
data and seamless wi-fi
offloading wherever they are

Positioning as IoT connectivity
aggregator
The IoT is opening up the development of thousands
of new services using broadband connectivity; MNOs
can play the service transitional role. As connectivity
providers, and having full control of their network
infrastructures, MNOs are in a powerful position to
manage the rights for entering the connected world to
new IoT players.
It is also a responsibility to play a “hub” role for the
connected world. They are the link between the consumer
and their connected activities, and could become the
main interface. In this position, operators will have to
make the connected world accessible to every service
provider. To always provide a seamless connected service
to their customers, every service will have to be easy to
access from any device through any network, without
any friction for the end-user. Standardization will be the
key here. For example, as smartphones will probably be
the main means for payment, any financial institution
will need its service available on any device, without any
constraint.
MNOs are in a powerful
position to manage the rights
for entering the connected
world to new IoT players
As a consequence of the extraordinary rise of new
connected devices, operators will have to be able
to provide flexible connectivity services remotely,
everywhere and anytime, for any device to embed an
instant connection feature. For this, it will be necessary
to work closely with device manufacturers.

Taking some risks to enable the IoT
The IoT market is set to grow in excess of 15bn connected
devices in 2020, generating a vast opportunity across
consumer devices, industry, Smart Cities, cars and
connected homes. Making the IoT effective in this context
requires significant work on the technology, standards,
security and beyond. A wide range of new connected
devices or use cases will develop very fast. Operators
will need to follow the pace of new trends, and will have
to try... and fail.
It will be necessary to set up 20, 50 or 100 pilots or beta
test programmes in line with new disruptive connected
technologies that could potentially arrive on the market,
and task the business with assessing the ones that could
be successful – then develop and market those more
aggressively. This requires a bit of (controlled) gambling,
but could be worth it.
Providing next level of Customer
Experience
The market is converging to more simplified User
Interface models, to reduce the number of actions we
make on devices. In the future, our connected devices
will be so smart that they will anticipate our actions,
based on previous behaviour, for a simpler and more
convenient experience. For example, approaching a
cashier would automatically activate our mWallet, or
our car heater would automatically start when the car
detects we’re a few minutes away from going for a drive.
This critical mission will involve providing the most
reliable connectivity experience to make consumers

feel they can easily embrace the new world of mobility.
Operators must ensure this quality of experience. And
customer services will have to adapt accordingly, with
real time problem solving, for the connected dream not
to become a nightmare. Anticipation could be a way
to provide the best service, by listening to customers
through an engagement strategy and data analysis.
Anticipation could be a way to
provide the best service, by
listening to customers through
an engagement strategy and
data analysis
Developing a marketing service offering
Intelligent marketing is high on the expectation list for
the world’s youth; and indeed by 2025 they will have no
patience for the spam and unsolicited marketing we see
today. We are already seeing this transition happening for
many operators today, supporting everything from SMS
marketing through to proximity or NFC driven contextual
advertising. The continual evolution of smartphone
(and mobile smart device) technology will provide many
more opportunities down this path in the decade ahead,
and the wealth of insight operators have puts them in
pole position to capitalize on this with advertisers and
marketers.
Mobile operators hold a wealth of
data about their customers, which
will enable them to become

authorized data brokers
Mobile operators hold a wealth of data about their
customers, which will enable them to become authorized
data brokers. This puts them in a good position to
facilitate exchanges of information of mutual benefit to
their customers and themselves; for example, putting
together people who travel a lot with the best travel
insurance policies that meet their needs, or directing
their customers to download apps that might help them
with tasks they are carrying out laboriously on their
phones otherwise. This will need to be handled with
care, and with respect for customer data protection. But
knowing the customer profile through their connected
life habits will be beneficial for them avoiding marketing
message pollution.
Defending the data and enabling the
security of end-users
It’s clearly going to be an even more digital world by the
time we pop the champagne corks on January 1st, 2025.
Consumer expectation in the study is that their providers
– including their mobile operators – take a bigger role in
securing them and protecting their data. Operators today
could start to carve this out as a point of differentiation as
we prepare for the connected future. They need to make
sure their services are always secure, and build a trusted
foundation for the IoT by securing data everywhere.
Most new connected devices and services will not use
a regular SIM card where data and credentials are kept
securely. New types of secure elements, embedded
within the device for most of them, will probably emerge.
And for data in motion, MNO’s will consider setting up
secure authentication and encryption solutions to secure
communications between devices and the cloud.

Conclusion
There’s no doubt that the predictions of our consumer sample
will be wryly amusing to us as we look back on
them in 2025. However, the principles for operator innovation
will ring true, and there’s no doubt that we’ll be
looking back on a very different world. Whilst we don’t have
Doc Brown’s Delorean, you don’t need a flux capacitor
to know that change will come, and that the mobile space will
be a point of convergence for a dozen industries as
the Internet of Things continues to pervade our lives. That said;
the insights of our sample highlight some very
interesting trends, which whilst they tend to correspond in
general, have some interesting regional nuances, be
that for the conservative expectations of Europeans or the
enthusiasm of the Brazilians and Chinese.
Here’s to the next 10 years.
ForewordIntroduction General trends for the future of
mobileInternational trendsPublic transportThe rise of the
driverless carSmart CitiesInternational trendsHyper-Connected
SocietyHealthPersonal AssistantsContactless
PaymentsInternational trendsThe Future WorkplaceInternational
trends Beyond the survey Insights from Xavier Larduinat,
Senior Technologist at GemaltoChallenges in business
practicesConclusion
A new consumer survey
reveals smartphone
usage issues

54%
of respondents say their battery
drains faster than expected,
several times a month.
They would like to understand.
Smartphone users are expected to reach
5.9bn by 2020. ¹
And most new users don’t understand,
and don’t want to understand their device.
But they do want it to be user-friendly,
and when it isn’t, they get frustrated !
«How can
I make my battery
last longer?»
«What am I doing
wrong?»
Poor battery life
47% of respondents experiencedata loading issues
35% experienceconnection failures
28% experiencedropped calls
These experiences are frustrating
and disappointing for end users when
they have to start a task again,
or feel they’re getting poor service
from their operator.

They don’t know if problems are caused
by their handset or the network,
but they do want to know how to solve them.
«Where are these
problems
coming from?»
«How can
I fix them?»
Connection issues
47% of respondentssay their phones
are slow
Consumers tend to think that deleting useful apps
and personal photos and videos is the best way
to boost their phone’s speed.
They want performance from their phones.
«Where are these
problems
coming from?»
«How can
I fix them?»
Slow navigation
Available for
«How can
I make my battery

last longer?»
«What am I doing
wrong?»
Data plan max-out
25%
of respondents
max out their
contracted data limit
at least once a year
Consumers don’t understand how
their data is used. Some limit their
online activities as a result.
The 4 main pain points for smartphone users
Consumers want help optimizing their smartphones,
but they want it to be quick and easy.
And mobile operators are best placed to provide that.
Provided to MNOs as a white label
solution, Quality of Experience App.
enables end users to optimize
their smartphone usage from
a single application.
Quality of Experience app is part of
our comprehensive LinqUs QoE offer,
enabling operators to monitor network
quality and device performance,
based on real subscriber experiences.

For more information, go to:
http://www.gemalto.com/mobile/networks/customer-
experience/qoe
9:32
SELF-CARE MODULES TO :
NOTIFICATIONS
OF CONFIGURATION ISSUES
FEEDBACK TO OPERATOR’S
CUSTOMER CARE
Identify and solve connection issues
Monitor device performance and resolve issues
Manage data and apps to avoid bill shock
Check live network coverage
Quality of Experience App.
¹ Source: GSMA’s Mobile Economy 2015 report.
² Survey conducted by Gemalto Ideas Hub, on an online
community of 200 consumers based in the UK and the USA
©
G
em
al
to
2
01
5.

A
ll
ri
gh
ts
r
es
er
ve
d.
G
em
al
to
, t
he
G
em
al
to
lo
go
, a
re

tr
ad
em
ar
ks
a
nd
s
er
vi
ce
m
ar
ks
o
f G
em
al
to
a
nd
a
re
r

eg
is
te
re
d
in
c
er
ta
in
c
ou
nt
ri
es
. P
B
(E
N
)-
02
.0
5.
16

-M
ar
sa
tw
or
k
BlackBerry OS iOS Android
Measuring User Confidence in
Smartphone Security and Privacy
Erika Chin∗ , Adrienne Porter Felt∗ , Vyas Sekar†, David
Wagner∗
∗ University of California, Berkeley †Intel Labs
{emc,apf,daw}@cs.berkeley.edu, [email protected]
ABSTRACT
In order to direct and build an effective, secure mobile ecosys-
tem, we must first understand user attitudes toward security and
privacy for smartphones and how they may differ from attitudes
to-
ward more traditional computing systems. What are users’
comfort
levels in performing different tasks? How do users select appli-
cations? What are their overall perceptions of the platform?
This
understanding will help inform the design of more secure smart-
phones that will enable users to safely and confidently benefit
from

the potential and convenience offered by mobile platforms.
To gain insight into user perceptions of smartphone security and
installation habits, we conduct a user study involving 60 smart-
phone users. First, we interview users about their willingness to
perform certain tasks on their smartphones to test the hypothesis
that people currently avoid using their phones due to privacy
and
security concerns. Second, we analyze why and how they select
applications, which provides information about how users
decide
to trust applications. Based on our findings, we present
recommen-
dations and opportunities for services that will help users safely
and
confidently use mobile applications and platforms.
Categories and Subject Descriptors
H.1.2 [Information Systems]: User/Machine Systems; J.4
[Social
and Behavioral Sciences]; K.6.5 [Management of Computing
and Information Systems]: Security and Protection
General Terms
Security, Human Factors
Keywords
Mobile phone usage, Laptop usage, Application installation,
Smart-
phones
1. INTRODUCTION
Smartphones have dramatically changed the computing
landscape.
They complement and, in some cases, supplant traditional com-

puting devices such as laptops and desktops [8]. We have seen a
tremendous growth in the number and diversity of smartphone
ap-
plications in marketplaces such as the Apple App Store,
Android
Market, and Amazon AppStore.
Copyright is held by the author/owner. Permission to make
digital or hard
copies of all or part of this work for personal or classroom use
is granted
without fee.
Symposium on Usable Privacy and Security (SOUPS) 2012, July
11-13,
2012, Washington, DC, USA.
Despite the popularity of smartphones, there are reasons to be-
lieve that privacy and security concerns might be inhibiting
users
from realizing the full potential of their mobile devices.
Although
half of U.S. adults own smartphones [5], mobile online
shopping
is only 3% of overall shopping revenues [7], suggesting that
users
are hesitant to perform these tasks on their smartphones. A re-
cent commercial study also found that 60% of smartphone users
are concerned that using mobile payments could put their
financial
and personal security at risk [4].
Our goal is to help smartphone users confidently and securely
harness the power of mobile platforms. In order to improve the
se-
curity of mobile systems, we must understand the challenges
and

concerns that users currently have with performing sensitive
oper-
ations on their smartphones and identify opportunities to
improve
the security of the device. We interviewed 60 smartphone users
about their willingness to perform certain actions on their
phones.
We found that participants are significantly less willing to make
shopping purchases, provide their Social Security Numbers,
access
health data, or check their bank accounts on their smartphones
than
on their laptops. Our data also sheds some light on why users
might
be more reluctant to perform these tasks on their phones (see
Sec-
tion 4). We expect these results may be helpful in identifying
op-
portunities to improve the security of these devices.
Applications play a critical role in users’ experiences with their
smartphones. To help protect users while selecting applications,
it
is important to understand each step in the mobile application
in-
stallation process: how users discover applications, the factors
they
consider before installation (e.g., price, brand name), and where
they download applications from. We survey the 60 study
partici-
pants about how and why they install mobile applications.
This paper presents the results of structured interviews and sur-
veys of 60 participants. The participants span four popular plat-
forms: Windows and Mac for laptops, and Android and iPhone
for smartphones. We compare and contrast laptop and

smartphone
behaviors and perceptions, using laptops as a reference point for
understanding smartphone-specific concerns. The structured
inter-
views were a tool to (1) test our hypothesis that people are less
will-
ing to perform sensitive operations on their smartphones, and
(2)
collect qualitative data about users’ mobile security concerns.
We
also survey participants about the applications that they
installed on
their smartphones to guide the design of new security
indicators.
Contributions: This paper makes the following contributions:
• We find that users are (1) more concerned about privacy on
their smartphones than their laptops and (2) more apprehensive
about performing privacy-sensitive and financial tasks on their
smartphones than their laptops.
• We report the threats that participants worry about on their
smartphones: physical theft and data loss, malicious applica-
1
tions, and wireless network attackers. We also find that partic-
ipants’ fears of wireless network attackers stem from miscon-
ceptions about how wireless network communication works.
• We make several recommendations that could increase
security
and/or user confidence in their smartphones: (1) improved data

backup, lock, and remove wipe services; (2) new security indi-
cators in smartphone application markets to increase user trust
in their selection of applications; and (3) user education and
improved user interfaces to address common misconceptions
about wireless network communication.
2. BACKGROUND AND RELATED WORK
2.1 Application and Security Models
Windows: The Windows platform has encouraged a relatively
ad hoc application ecosystem, with third-party application soft-
ware being commonly acquired from diverse sources (e.g.,
online,
physical retailers) without any centralized application market
place.
Given this decentralized nature, there is little by way of
curation of
the applications, and users have to install anti-virus software
(again
from third-party sources) to protect themselves against
malware,
which is a well-documented problem for Windows.
Mac: In contrast, the Mac platform is generally perceived to be
more immune to malware, as there have been relatively fewer
doc-
umented cases of malware attacks. Macs also have anti-virus
op-
tions, but they are less widely adopted [17]. Similar to
Windows,
the traditional application ecosystem has also been largely
decen-
tralized. Motivated by the success of the mobile App Store,
Apple
launched the Mac App Store as a centralized market for desktop

applications. It appears to be reasonably successful [1].
Android: There are several “marketplaces” for Android users to
download applications, with the Android Market being the most
popular. The Android Market is not curated, although recent re-
ports suggest that it is scanned for malware by Google [2].
(Google
also removes software that is found to violate their TOS.) There
are several demonstrated malware attacks on the Android
platform.
Anti-virus applications are available for Android, although their
ef-
fectiveness has been publicly questioned [33, 29].
iOS: The App Store is a centralized, curated marketplace for
down-
loading iPhone applications. While the exact details of the
curation
process is unknown,1 there is evidence to suggest that Apple
does
check for security violations. Although there have been few
sam-
ples of iPhone malware, there is plenty of grayware and
jailbreak-
ing applications [23]. Users are prompted when applications
want
to access location or other information via pop-up notifications.
2.2 Related Work
Application Selection: Past research suggests that privacy and
se-
curity play roles in users’ installation decisions. Wash
interviewed
people about computer security threats, and several
interviewees

indicated that they were cautious when installing new software
be-
cause of malware concerns [39]. In an experiment performed by
Good et al., people preferred applications with better privacy
poli-
cies unless the privacy came at the cost of application function-
ality [25]. We further explore users’ concerns about application
trustworthiness (and how they prioritize those concerns) by
asking
people to recall the factors that led them to install applications.
We
1Most visible media reports of applications being denied have
to
do with the content served rather than specific security reasons.
also ask people about how they discover applications, which
may
provide insight into how trust in software is established.
Matthews
et al. found that word-of-mouth and browsing the App Store are
important discovery methods for iOS applications [30]; we
further
expand the scope of this study to Android as well.
Researchers have investigated whether placing privacy
indicators
in search results influences users’ online shopping decisions.
They
found that privacy indicators can cause users to pay a premium
to
purchase items from online vendors with better privacy scores
[24,
38]. However, the timing and placement of the indicators affects
whether users heed them [21]. We hypothesize that privacy and
security indicators could play a similar role in application
selection,

so we investigate users’ installation workflows to identify
potential
places for security and privacy indicators.
Smartphones vs. Computers: We explore whether users have
different security and privacy concerns for their smartphones
and
computers. Past studies have found that people often begin tasks
on
smartphones but complete them on computers [12, 28, 30].
Many
platform switches can be attributed to screen size, network
perfor-
mance, or typing difficulties. However, we suspect that privacy
and
security concerns may also play a role. Matthews et al. observed
that some users shop for items on their phones but defer
payment
until they are at a computer [30]. We investigate whether
security
concerns about smartphones may be responsible for users’
prefer-
ences for computers in certain situations.
Smartphone Privacy and Security: Smartphones are ideally
suited
for location-aware services. Consequently, prior research has
fo-
cused on users’ attitudes towards location privacy. A large body
of work addresses how users share location information with
social
contacts [14, 26, 18, 11, 40, 13] and companies [20, 19].
However,
smartphones can also be used to handle other types of confiden-
tial data, and there are threats beyond social contacts and
advertis-

ing companies (e.g., muggers and man-in-the-middle network
at-
tackers). Ben-Asher et al. surveyed smartphone users and found
that people consider other information on their phones sensitive
(e.g., photos and contacts) and worry about physical attacks on
their
phones [15]. As such, the scope of our inquiry goes beyond
loca-
tion and social contacts. We ask people about their willingness
to
access several types of information on their phones, and our
survey
design allowed study participants to describe their own threats.
Smartphone Application Usage: Prior work has studied how
smartphones are used. Falaki et al. examined Android and Win-
dows Phone application usage from the perspective of reducing
energy consumption [22]. They found that smartphone users pri-
marily spend their time interacting with a small subset of their
in-
stalled applications; relative application popularity can be
modeled
as an exponential distribution. Others have similarly studied the
time that people spend using certain applications [28, 30]. Our
in-
quiry focuses on application discovery and installation rather
than
usage, as our end goal is to help users avoid installing malicious
or
otherwise-undesirable applications.
3. METHODOLOGY
We performed structured interviews and surveys of 60 users to
obtain both a quantitative and qualitative understanding of how
people use their smartphones. As a point of comparison, we also

Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx

Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx

Recommended

Recommended

More Related Content

Similar to Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx

Similar to Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx (20)

More from hanneloremccaffery

More from hanneloremccaffery (20)

Recently uploaded

Recently uploaded (20)

Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx