Smartphone

From IDESG Wiki
Jump to: navigation, search

Full Title or Meme

A Smartphone is a mobile device that can download Apps for contacting Web Sites as well as traditional mobile services like calling and messaging.

Context

The computing power of a Smart Phone today is beyond that of any computer of 25 years ago. The connectivity of a Smart Phone is beyond that of any computer of 25 years ago. Now anyone of modest means can carry one with them nearly anywhere they want to go. Clearly society will feel the impact of this leap of technology. And its impact for personal Identity can only be guessed at.

Problems

Solutions

Proposal for Assurance

Following the pattern created by NIST SP 800-63-3 it is proposed to create levels of assurance for Smartphones and software running on those phones with a Software Statement.

  1. Simplest level the app makes an assurance of its own identity, provenance and policies as well as the security configuration of the device it is running on.
  2. The assertion includes a description of the authentication requirements placed on the user and can accommodate, as installed on the smartphone, at least AAL2 level of assurance to to the relying party. The app will not run phones without support for key protection.
  3. The assertion is signed by an accredited testing body as meeting the highest level of assurance by a recognized accrediting body.

Security

  • All modern smartphone have the ability to limit access by the use of some authentication factor any any purpose except emergency access for calling or emergency contact information. The user has the option to direct some notices to the lock screen if they wish. Apple and some Android phones come with the lock screen enabled by default, but all allow it to be disabled.
  • On 2017-03-15 28% of smartphone users have no lock screen on their phones. 26% had a PIN code and 23% used a thumbprint scanner.
  • On 2020-04-24 Half of of Americans have decide not to use a product or service because of privacy concerns.

Recommendations

  1. Ensure that users understand the need for privacy and make it little extra effort to enable it.
  2. Ensure transparency of the use of data is maintained.
  3. Give users some functionality with little privacy, but make significant data available only if the user has enabled smart phone access.

References