**4. Findings and analysis**

*Data Integrity and Quality*

suits their needs.

automatically by the device itself.

The second solution concerns on the data storage and communication within the organisation. The management should strongly encrypt organisation's confidential data that are contained within the built-in storage as well as the removable media storage and any device that will be reissued to other personnel must first be wiped to clean the data previously stored in it. Additionally, if any of the organisation's device is assumed to be lost or stolen by unknown instigators that by any chance cannot be trusted, the management should initiate remote wipe on the device to prevent confidential information from being harvested by malicious attackers [16, 23–25]. Another way to prevent the mobile device from being accessed illegally is by implementing a configuration that has wipe feature within its devices that will automatically factory-resets all the data within after it detected several failed authentication attempts. The organisation should also aim at having a secure data communication between organisation and mobile devices by encrypting it using Virtual Private Network (VPN) or other encryption tools that

The third solution is based on the device and user authentication. A user authentication step should be implemented before any personnel could access the organisation's data and resources, which could be in the form of password or other various authentication such as token-based or domain authentication. The organisation should also include certain parameters for password characters, password length and the maximum number of retries allowed before the device is locked out or wiped. In cases where a user has requested a password reset or was locked out of the mobile device, the administrator should be able to restore the user's access to it remotely. Any device that is suspected to be accessed in an unsecured location should be remotely locked under the supervision of the administrator and any device that is in an inactive state for a certain period of time should be locked

The final solution involves restrictions on various aspects of mobile applications. The management should restrict the list of app stores that can be accessed by personnel to download mobile applications or instead, the management could issue applications from a chosen application store. In addition, the installation of certain applications should also be restricted through the process of whitelisting and blacklisting. There should also be a restriction on what device location are permissible for the application to access such as storage access or camera access. The digital signatures found in applications should be verified to ensure that the applications installed are from a safe and trusted source and that the code wasn't altered

The evaluation method which has been utilised by countless researchers in obtaining research data known as the questionnaire method was implemented in this study. A random sampling method has also been chosen and implemented as a method of collecting the research data in this study. The nature of questionnaires asked will be focused on the topic of cyber threats, cyber security and its relationship with SMD. Through the employment of the random sampling method, a set of questionnaires have been distributed within the duration of approximately three months to the targeted group of respondents. Other platforms as well as social media had also been utilised to distribute the online survey such as WhatsApp and Instagram. The target respondents of this study are focusing particularly on the youths which include the generation-Z strictly. This particular group of respondents have been chosen as they represent the majority of mobile device users that are

**122**

in any way.

**3. Methodology**

The data analysis will be made according to each of the section that has been created within the survey questionnaire as follows:


### *Demographics.*

In this section, the questions asked the respondents about their gender, their age group, their current status as well as their present educational level.

Referring to **Figure 4**, out of 114 respondents that participated in the survey, 67.5% of them are female respondents and consequently 32.5% of them are male respondents, thus highlighting that a majority of the respondents are female. When looking at the age range of the respondents who have answered the survey questions, a large number of them are within the age range of 20–29 years old which contributes to a high 83.3% of total respondents. The rest of the respondents originated from two other age groups where 15.8% of the respondents are aged below 18 years old while the remaining percentage are within the age group of 30–39 years old.

**Figure 4.** *Respondents demographic.*

It has been observed in **Figure 5**, that amongst the respondents, 49.1% of them are students from Universiti Teknologi Brunei, 13.2% of them are students from Universiti Brunei Darussalam, 5.3% of them are from Politeknik Brunei and 11.4% of the respondents came from various other public or a private higher institutions such as Institute of Brunei Technical Education (IBTE), Laksamana College (LCB), Cosmopolitan College of Commerce & Technology and Micronet International College. Additionally, the survey also received responses from non-university students where it comprises of 7.9% from high school students, 7.9% from the working population as well as 5.3% from the unemployed population.

*General Section.*

In this section, the questions that were asked were focused on finding out the type of mobile device the youths are generally using, their general purpose of using a mobile device as well as the frequency of internet connectivity amongst the youths.

**Figure 6** shows the questions that were asked within the general section of the survey questionnaire. When respondents were asked about the type of smart mobile device they are currently using, there are 86 respondents that uses Android devices which contributes to 75.4% of the chart, 24 respondents that uses Apple devices which contributes to 21.1% of the chart and a small number of respondents which is 4 respondents uses both Android and Apple devices thus contributing to 3.5% of the chart. An assumption was made in this survey whereby every respondents that answers the survey has at least one mobile device, which is the reason why the question directly asks its respondents the type of mobile device used. It can be seen

**Figure 5.** *Education background.*

**125**

**Figure 7.**

*Internet connectivity types.*

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

that majority of the respondents favours the android devices compared to the apple

Also, when the respondents were asked about their general purpose of using a mobile phone, the respondents have chosen various purposes as the survey questionnaire allowed them to choose more than one purpose. The chart shows that 111 out of 114 respondents which agreed that one of the main purpose of using a mobile device is to keep in touch with family and friends. The chart also showed that 95 respondents uses a mobile device to share videos, picture or music, 89 respondents uses their mobile device to play games, 76 respondents uses their mobile device to make online transactions, 74 respondents uses their mobile device to perform online banking, 60 respondents utilises their mobile device to make professional and business contacts and 51 respondents uses their mobile device to create new friends. There were also some minority purposes chosen by the respondents where 7 respondents believes their purpose of using a mobile device is to go on social media platforms, 3 respondents uses their mobile device to watch entertainment, 2 respondents uses their mobile devices to take pictures and lastly, one respondent each believes that their purpose of using a mobile device is to either surf the internet, read news, listen to radio, download video, create digital notebooks or doing some phone modification. This means that most of the respondents feel that it is safe to use their mobile device to do important activities such as maintaining communication as well as making online/bank transactions. It also acts as an indicator that the respondents felt it is secure enough to send and share videos, music or pictures

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

devices which is proven by the results shown on the charts.

amongst themselves and their friends through their mobile devices.

information is through the use of internet.

*Password Security Section.*

they are using to surf the internet.

**Figure 7** shows that when the respondents are asked about how frequent they are connected to the internet, 100% of the respondents agreed that they are constantly connected to the internet and when asked about how they are connected to the internet in which they are given three choices, 95.4% of the respondents are connected through the Wi-Fi medium, 93.6% of the respondents are connected through their mobile data (cellular connection) and 25.7% of the respondents are connected through the use of hotspot. Another assumption was made while doing the survey which believes that almost all respondents are constantly connected to the internet and this assumption was proven through the survey results whereby 100% of the respondents stated that they are frequently connected to the internet. It is inevitable for the users of mobile device to be constantly connected to the internet because within this technological era, the only way to maintain communication and receive

In this section, the questions asked were focused on discovering respondent's behaviour and habit in regard to the security of their mobile device and the network

**Figure 6.** *Smart Mobile device usability.*

#### *Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

that majority of the respondents favours the android devices compared to the apple devices which is proven by the results shown on the charts.

Also, when the respondents were asked about their general purpose of using a mobile phone, the respondents have chosen various purposes as the survey questionnaire allowed them to choose more than one purpose. The chart shows that 111 out of 114 respondents which agreed that one of the main purpose of using a mobile device is to keep in touch with family and friends. The chart also showed that 95 respondents uses a mobile device to share videos, picture or music, 89 respondents uses their mobile device to play games, 76 respondents uses their mobile device to make online transactions, 74 respondents uses their mobile device to perform online banking, 60 respondents utilises their mobile device to make professional and business contacts and 51 respondents uses their mobile device to create new friends.

There were also some minority purposes chosen by the respondents where 7 respondents believes their purpose of using a mobile device is to go on social media platforms, 3 respondents uses their mobile device to watch entertainment, 2 respondents uses their mobile devices to take pictures and lastly, one respondent each believes that their purpose of using a mobile device is to either surf the internet, read news, listen to radio, download video, create digital notebooks or doing some phone modification. This means that most of the respondents feel that it is safe to use their mobile device to do important activities such as maintaining communication as well as making online/bank transactions. It also acts as an indicator that the respondents felt it is secure enough to send and share videos, music or pictures amongst themselves and their friends through their mobile devices.

**Figure 7** shows that when the respondents are asked about how frequent they are connected to the internet, 100% of the respondents agreed that they are constantly connected to the internet and when asked about how they are connected to the internet in which they are given three choices, 95.4% of the respondents are connected through the Wi-Fi medium, 93.6% of the respondents are connected through their mobile data (cellular connection) and 25.7% of the respondents are connected through the use of hotspot. Another assumption was made while doing the survey which believes that almost all respondents are constantly connected to the internet and this assumption was proven through the survey results whereby 100% of the respondents stated that they are frequently connected to the internet. It is inevitable for the users of mobile device to be constantly connected to the internet because within this technological era, the only way to maintain communication and receive information is through the use of internet.

*Password Security Section.*

In this section, the questions asked were focused on discovering respondent's behaviour and habit in regard to the security of their mobile device and the network they are using to surf the internet.

**Figure 7.** *Internet connectivity types.*

*Data Integrity and Quality*

*General Section.*

the youths.

It has been observed in **Figure 5**, that amongst the respondents, 49.1% of them are students from Universiti Teknologi Brunei, 13.2% of them are students from Universiti Brunei Darussalam, 5.3% of them are from Politeknik Brunei and 11.4% of the respondents came from various other public or a private higher institutions such as Institute of Brunei Technical Education (IBTE), Laksamana College (LCB), Cosmopolitan College of Commerce & Technology and Micronet International College. Additionally, the survey also received responses from non-university students where it comprises of 7.9% from high school students, 7.9% from the working

In this section, the questions that were asked were focused on finding out the type of mobile device the youths are generally using, their general purpose of using a mobile device as well as the frequency of internet connectivity amongst

**Figure 6** shows the questions that were asked within the general section of the survey questionnaire. When respondents were asked about the type of smart mobile device they are currently using, there are 86 respondents that uses Android devices which contributes to 75.4% of the chart, 24 respondents that uses Apple devices which contributes to 21.1% of the chart and a small number of respondents which is 4 respondents uses both Android and Apple devices thus contributing to 3.5% of the chart. An assumption was made in this survey whereby every respondents that answers the survey has at least one mobile device, which is the reason why the question directly asks its respondents the type of mobile device used. It can be seen

population as well as 5.3% from the unemployed population.

**124**

**Figure 6.**

*Smart Mobile device usability.*

**Figure 5.**

*Education background.*

In **Figure 8**, when the respondents were asked about how frequent their network password are changed, 43.0% of the chart which accounts to 49 respondents rarely changes their network password, 26.3% of the chart which accounts for 30 respondents changes their password sometimes, 23.7% of the chart which accounts for 27 respondents never changed their password, 4.4% of the chart which accounts for 5 respondents frequently changes their password and finally, only 2.6% of the chart which accounts for 3 respondents always changes their password.

It is important to change the network password regularly as it is one of the simple measures to avoid people from silently stealing the user's network data unconsciously. Few of the dangers of not changing the network password regularly is that the users might be exposed to network attacks such as sniffing or eavesdropping and there might also be illicit entities or hackers that had previously obtained the password to enter the network, hacked into the user's network and using the network to perform unlawful actions.

In **Figure 9**, when the respondents were asked about what type of security measure they have implemented to their mobile device, the responses received were divided into few categories. About 40.4% of the respondents uses fingerprint protection only, 24.6% of the respondents uses password protection only, 11.4% of the respondents employs solely pattern protection, 2.6% of the respondents uses face protection measure and 5.3% does not employ any kind of protection measure. There were also respondents that utilises multiple protection measures for their mobile device where 12.3% of the respondents uses a combination of two protection measures and 3.5% of the respondents uses a combination of three protection measures.

It can be seen that many users tend choose fingerprint lock compared to other security measures such as password or pattern. It is considered as the best option because fingerprint is a unique identifier of each individual person and since it is

**Figure 8.** *Changing the passport.*

**127**

**Figure 10.**

*Apps installation from unknown sources.*

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

hard to obtain someone else's fingerprint, it makes it difficult for attackers to gain access to the mobile device. Password and pattern are also good measures of security lock for mobile devices, but it has a disadvantage. As all smart mobile devices have touch screen input, any act of accessing the mobile device by using the pattern or password lock will inevitably leave smudges or residues of the screen which could be used by attacker to retrace the pattern and access the device. But then again it will take the attacker some time to figure out the pattern correctly, hence it is still better for a mobile device to be protected by a security measure rather than having

The final question asked within this sub-section was aimed at discovering how frequent does the respondents change their mobile screen lock or protection measure and it was seen that 43.0% of the respondents which contributes to 49 respondents rarely changes their mobile screen lock, 34.2% of the respondents which is equivalent to 39 respondents never changed their mobile screen lock, 17.5% of the respondents which contributes to 20 respondents alter their mobile screen lock sometimes and 5.3% of the respondents which is equivalent to 6 respondents

It can also be see that many respondents have never change their mobile screen lock or rarely do so. The act of changing the mobile screen lock regularly is particularly important to users that implement password and pattern lock measures. It will reduce the user's risk of being breached physically or virtually and if the worst case comes whereby an attacker that aims to breach the device had figured out some of the correct password or pattern, the process of regularly changing the lock screen

In this section, the respondents were asked on questions that were inter-related in nature that aims at revealing respondent's behaviour as well as awareness towards

In **Figure 10**, when the respondents were asked about whether the respondents have installed any mobile applications from unknown sources, 71.9% of the respondents agreed that they have installed applications from unknown sources while the remaining 28.1% of the respondents have never installed applications to their mobile device from unknown sources. When users downloads applications from unknown sources, it means that users are downloading third party applications from third party app stores rather than the official stores such as Google or Apple store. Third party applications are known for being risky because these applications has been created by other creators or programmers and not made by the manufacturer of the mobile device or the operating system of the mobile device. Basically these applications cannot be guaranteed safe and secure for use or free from malware by the mobile device's manufacturer as they came from unknown sources.

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

none at all in order to reduce the risk of being breached.

will ensure that these attackers will fail in their attempt.

frequently changes their mobile screen lock.

*Application security section.*

the security of applications.

**Figure 9.** *Security measuring.*

#### *Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

hard to obtain someone else's fingerprint, it makes it difficult for attackers to gain access to the mobile device. Password and pattern are also good measures of security lock for mobile devices, but it has a disadvantage. As all smart mobile devices have touch screen input, any act of accessing the mobile device by using the pattern or password lock will inevitably leave smudges or residues of the screen which could be used by attacker to retrace the pattern and access the device. But then again it will take the attacker some time to figure out the pattern correctly, hence it is still better for a mobile device to be protected by a security measure rather than having none at all in order to reduce the risk of being breached.

The final question asked within this sub-section was aimed at discovering how frequent does the respondents change their mobile screen lock or protection measure and it was seen that 43.0% of the respondents which contributes to 49 respondents rarely changes their mobile screen lock, 34.2% of the respondents which is equivalent to 39 respondents never changed their mobile screen lock, 17.5% of the respondents which contributes to 20 respondents alter their mobile screen lock sometimes and 5.3% of the respondents which is equivalent to 6 respondents frequently changes their mobile screen lock.

It can also be see that many respondents have never change their mobile screen lock or rarely do so. The act of changing the mobile screen lock regularly is particularly important to users that implement password and pattern lock measures. It will reduce the user's risk of being breached physically or virtually and if the worst case comes whereby an attacker that aims to breach the device had figured out some of the correct password or pattern, the process of regularly changing the lock screen will ensure that these attackers will fail in their attempt.

### *Application security section.*

*Data Integrity and Quality*

network to perform unlawful actions.

measures.

**Figure 8.**

*Changing the passport.*

In **Figure 8**, when the respondents were asked about how frequent their network password are changed, 43.0% of the chart which accounts to 49 respondents rarely changes their network password, 26.3% of the chart which accounts for 30 respondents changes their password sometimes, 23.7% of the chart which accounts for 27 respondents never changed their password, 4.4% of the chart which accounts for 5 respondents frequently changes their password and finally, only 2.6% of the chart

It is important to change the network password regularly as it is one of the simple measures to avoid people from silently stealing the user's network data unconsciously. Few of the dangers of not changing the network password regularly is that the users might be exposed to network attacks such as sniffing or eavesdropping and there might also be illicit entities or hackers that had previously obtained the password to enter the network, hacked into the user's network and using the

In **Figure 9**, when the respondents were asked about what type of security measure they have implemented to their mobile device, the responses received were divided into few categories. About 40.4% of the respondents uses fingerprint protection only, 24.6% of the respondents uses password protection only, 11.4% of the respondents employs solely pattern protection, 2.6% of the respondents uses face protection measure and 5.3% does not employ any kind of protection measure. There were also respondents that utilises multiple protection measures for their mobile device where 12.3% of the respondents uses a combination of two protection measures and 3.5% of the respondents uses a combination of three protection

It can be seen that many users tend choose fingerprint lock compared to other security measures such as password or pattern. It is considered as the best option because fingerprint is a unique identifier of each individual person and since it is

which accounts for 3 respondents always changes their password.

**126**

**Figure 9.** *Security measuring.*

In this section, the respondents were asked on questions that were inter-related in nature that aims at revealing respondent's behaviour as well as awareness towards the security of applications.

In **Figure 10**, when the respondents were asked about whether the respondents have installed any mobile applications from unknown sources, 71.9% of the respondents agreed that they have installed applications from unknown sources while the remaining 28.1% of the respondents have never installed applications to their mobile device from unknown sources. When users downloads applications from unknown sources, it means that users are downloading third party applications from third party app stores rather than the official stores such as Google or Apple store. Third party applications are known for being risky because these applications has been created by other creators or programmers and not made by the manufacturer of the mobile device or the operating system of the mobile device. Basically these applications cannot be guaranteed safe and secure for use or free from malware by the mobile device's manufacturer as they came from unknown sources.

**Figure 10.** *Apps installation from unknown sources.*

**Figure 11** shows two charts which reflect the in-depth questions that were aimed towards the security aspect of applications, where one of the questions asked whether they have read the End User-Licence Agreement (EULA) and privacy policy before installing any applications. The chart shows that 56.1% of the respondents have never read it, 36.8% of the respondents have read the policy sometimes and the remaining 7.0% of the respondents always reads the policy prior to installing any applications to their mobile device. When users are being prompted to install any application, there will usually be a window which request the users to deny or agree to the agreement stated in the application's privacy and policy which includes the EULA policy. It is very important for users to read these policies because some these policies will state the purpose and the time period for using the user's personal data and information as well as how users are supposed to use their manufacturer's applications without breaking any of the policies.

The respondents were also asked on whether they have read the application's phone access permissions before installing any application and it was revealed that 46.5% of the respondents always reads it before installing any applications, 36.0% of the respondents reads it sometimes while 17.5% of the respondents never reads it. Prior to installing any application to a mobile device, the application will request the user's permission to access certain folders or areas within the mobile device such as the camera, storage, location and more. Before accepting such permissions, users must first read the "phone access permission" carefully so that can evaluate for themselves whether it is safe to do so instead of just accepting any permissions because there might be instances where some applications requested certain permission that it does not necessarily needs. The act of just accepting any permissions that prompt up could lead in the user handing over their information willingly and unknowingly to shady application developers or fraudulent data miner, which could further result in the exposure and breach of the user's personal information.

*Email and Account Security.*

In this section, the questions asked were aimed at measuring and assessing respondent's tendency as well as awareness towards the security aspect of email and accounts.

In **Figure 12**, when the respondents were asked a question on whether they would initially check the authenticity of the sender before opening the attachment received. The second chart shows that 67 respondents which would always check the authenticity of the sender before opening the attachment, 41 respondents would sometimes check for the authenticity while the remaining 6 respondents had never checked the authenticity of the sender. This is a good indicator that shows users are taking precautionary measures to protect themselves from harmful attacks that are being orchestrated through the medium of emails and even text messages. These

**129**

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

attackers could be sending emails or attachments that may seem to be from a legit sender such as official corporations initially but it is a scam that aims to trick the users to open, download or click the sent attachment or link. When users successfully downloaded it, the virus will start to spread to other emails or contact list thus as a result endangering other users as well. Hence, this behaviour of checking the sender serves a good measure to protect user's mobile device and the sensitive

Additionally, when respondents were asked whether the respondents sign out from their email or personal accounts after using them, the graph showed that only 18 out of 114 respondents always logs out from their accounts after use wile 46 respondents does log out from their accounts sometimes and 50 respondents had never signed out from their accounts after using them. Most users that accessed their personal accounts through their mobile device tend to tend to stay logged in rather than logging out after using them. This might pose risk and dangers to user's personal data and information because if someone unknown such as an intruder gained access to a user's mobile device such as in the case of mobile device theft, these intruders could easily access the user's personal accounts as they are already logged in and it makes it possible for the intruder to steal the user's identity this way. Hence, the behaviour of logging out from personal accounts after using them is a best practice to ensure that the user's sensitive and personal data are constantly

In this section, the questions that were asked to respondents were focused on the security aspect of respondent's personal data in their mobile device and their action in securing it. The result shows that 66.7% of the respondents stores their confidential or sensitive data within their mobile device while 33.3% of the respondents does not store any within their mobile device. Many users considers their mobile as an item that is very near and personal to their owners and it is also regarded very crucial as it usually kept the user's sensitive or confidential information which is proven from the results stated above. Due to the mobility of mobile devices, users tend to keep their confidential or sensitive information within their mobile devices since it allows users to access is much faster compared to other means. It is necessarily not wrong for users to keep their precious data within their mobile devices, but it is recommended for users to set up the most optimum level of security measures to their mobile devices in case it is under a threat of being compromised or breached by malicious entities. Then, when the respondents were asked next on whether they have installed any security software such as anti-virus within their mobile device, only 39.4% of the respondents installs a security software within their mobile device while the remaining 60.6% of the respondents do not equip or install any

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

information contained in it from being harmed.

protected from any possibilities of malicious actions.

security software to protect their mobile device.

*Personal security.*

**Figure 12.** *Sender authenticity.*

**Figure 11.** *Security aspects of apps.*

#### *Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

**Figure 12.** *Sender authenticity.*

*Data Integrity and Quality*

applications without breaking any of the policies.

*Email and Account Security.*

accounts.

**Figure 11** shows two charts which reflect the in-depth questions that were aimed towards the security aspect of applications, where one of the questions asked whether they have read the End User-Licence Agreement (EULA) and privacy policy before installing any applications. The chart shows that 56.1% of the respondents have never read it, 36.8% of the respondents have read the policy sometimes and the remaining 7.0% of the respondents always reads the policy prior to installing any applications to their mobile device. When users are being prompted to install any application, there will usually be a window which request the users to deny or agree to the agreement stated in the application's privacy and policy which includes the EULA policy. It is very important for users to read these policies because some these policies will state the purpose and the time period for using the user's personal data and information as well as how users are supposed to use their manufacturer's

The respondents were also asked on whether they have read the application's phone access permissions before installing any application and it was revealed that 46.5% of the respondents always reads it before installing any applications, 36.0% of the respondents reads it sometimes while 17.5% of the respondents never reads it. Prior to installing any application to a mobile device, the application will request the user's permission to access certain folders or areas within the mobile device such as the camera, storage, location and more. Before accepting such permissions, users must first read the "phone access permission" carefully so that can evaluate for themselves whether it is safe to do so instead of just accepting any permissions because there might be instances where some applications requested certain permission that it does not necessarily needs. The act of just accepting any permissions that prompt up could lead in the user handing over their information willingly and unknowingly to shady application developers or fraudulent data miner, which could

further result in the exposure and breach of the user's personal information.

In this section, the questions asked were aimed at measuring and assessing respondent's tendency as well as awareness towards the security aspect of email and

In **Figure 12**, when the respondents were asked a question on whether they would initially check the authenticity of the sender before opening the attachment received. The second chart shows that 67 respondents which would always check the authenticity of the sender before opening the attachment, 41 respondents would sometimes check for the authenticity while the remaining 6 respondents had never checked the authenticity of the sender. This is a good indicator that shows users are taking precautionary measures to protect themselves from harmful attacks that are being orchestrated through the medium of emails and even text messages. These

**128**

**Figure 11.**

*Security aspects of apps.*

attackers could be sending emails or attachments that may seem to be from a legit sender such as official corporations initially but it is a scam that aims to trick the users to open, download or click the sent attachment or link. When users successfully downloaded it, the virus will start to spread to other emails or contact list thus as a result endangering other users as well. Hence, this behaviour of checking the sender serves a good measure to protect user's mobile device and the sensitive information contained in it from being harmed.

Additionally, when respondents were asked whether the respondents sign out from their email or personal accounts after using them, the graph showed that only 18 out of 114 respondents always logs out from their accounts after use wile 46 respondents does log out from their accounts sometimes and 50 respondents had never signed out from their accounts after using them. Most users that accessed their personal accounts through their mobile device tend to tend to stay logged in rather than logging out after using them. This might pose risk and dangers to user's personal data and information because if someone unknown such as an intruder gained access to a user's mobile device such as in the case of mobile device theft, these intruders could easily access the user's personal accounts as they are already logged in and it makes it possible for the intruder to steal the user's identity this way. Hence, the behaviour of logging out from personal accounts after using them is a best practice to ensure that the user's sensitive and personal data are constantly protected from any possibilities of malicious actions.

## *Personal security.*

In this section, the questions that were asked to respondents were focused on the security aspect of respondent's personal data in their mobile device and their action in securing it. The result shows that 66.7% of the respondents stores their confidential or sensitive data within their mobile device while 33.3% of the respondents does not store any within their mobile device. Many users considers their mobile as an item that is very near and personal to their owners and it is also regarded very crucial as it usually kept the user's sensitive or confidential information which is proven from the results stated above. Due to the mobility of mobile devices, users tend to keep their confidential or sensitive information within their mobile devices since it allows users to access is much faster compared to other means. It is necessarily not wrong for users to keep their precious data within their mobile devices, but it is recommended for users to set up the most optimum level of security measures to their mobile devices in case it is under a threat of being compromised or breached by malicious entities. Then, when the respondents were asked next on whether they have installed any security software such as anti-virus within their mobile device, only 39.4% of the respondents installs a security software within their mobile device while the remaining 60.6% of the respondents do not equip or install any security software to protect their mobile device.

From the results, it is observed that many users believes that installing security software or applications such as anti-virus is not crucial or important for their mobile device. Thus, when these respondents were asked on their main reason for not installing any security software, various answers have been received where one of responses mention that their mobile device already had a built-in antivirus, hence the absence of need to install another anti-virus. There are few similar responses that were made by different respondents where some of it mentions that some respondents did not know the existence of an anti-virus for a mobile device and some had problems choosing an anti-virus that is trustworthy to be installed. Some of the respondents also stated that it is not necessary to install an anti-virus because they believed that they have not installed any malicious programmes or applications to their mobile device. A few of the respondents are hesitant to install a security software due to the need to pay for it while some are blatantly has no desire to install one at all as they deem anti-virus as unnecessary.

Various kind of behaviours in these responses reflects that many users are having a lack of awareness and knowledge on the importance and benefits of having an anti-virus within their mobile device which is worrying in general. For instance, users are hesitant to install an anti-virus software because they assumed that the built-in anti-virus is sufficient and it makes users think their mobile device is safe enough. But it still does not justify the reason for not installing any security software because there is no operating system that is completely secure and invulnerable from cyber risk and danger. Malicious programs, applications, viruses or malwares could still infiltrate mobile devices through every possible way which is why it is recommended for users to set layers of protection for their mobile device instead of being negligent and over-reliant on the built-in protection within their mobile device.

Then, a question was also asked to the respondents that have installed anti-virus on their mobile device on whether they regularly update their mobile security software. The responses that were received was surprising because out of 44 respondents, 18 respondents relied heavily on the auto-update feature of their mobile device to update their anti-virus, 16 respondents regularly updates their anti-virus and the remaining 10 respondents rarely updates their anti-virus. This indicates that there are over reliance amongst users towards the automatic update function in their mobile device's operating system or the anti-virus itself. Users that rarely updates their anti-virus or only relying on automatic update are usually the type of users that assume that it is "good enough" to have an anti-virus that prevents harmful activities being done to their mobile device.

#### *Knowledge and attitude towards mobile security.*

Within this last section of the survey questionnaire, the questions asked are aimed at measuring the respondent's level of knowledge towards mobile security as well as their attitude on the subject of security within mobile devices.

In **Figure 13**, when the respondents were asked on whether they have experience any privacy or security breach on their respective mobile devices, 97 respondents which contributes to 85.1% of the chart had never experienced anything similar before while 17 respondents which is equivalent to 14.9% of the chart have experienced a privacy or security breach on their mobile device beforehand. It can be assumed that these 17 respondents or users might have become victim to privacy or security incidents due user's lack of security measures implementation to their data and mobile device. Thus, due to a prior experience in a privacy or security breach, these users might have increased their knowledge on this matter and started tightening their security measures in their effort to prevent the incident from happening again. On the other hand, it also shows that most of the respondents have never experienced such incidents which might be due to sufficient implementation

**131**

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

of some security measures to protect their mobile device and their personal data. But it is gravely reminded for users not become negligent and starts lowering down their security efforts because attacker will always look for those small opportunities

Then, when the respondents were asked on whether they are aware of the latest security as well as privacy issues that is occurring to mobile devices, 65.8% of the respondents are apparently not aware of any mobile security issues while 34.2% of the respondents are aware of the security issues that are trending nowadays and happening to mobile devices. This means that most of the mobile device users are not educating themselves with the latest security incidents and happenings associated with mobile devices. It is a fact that many cyber crime related cases such as privacy and security issues are not being publicised and the society rarely hears anything about these issues but it does not mean that users should not take any initiative in educating themselves especially within this era of digitalization. It is important to be updated with such matters because the information gained by reading, researching and knowing how the security issues happen could turn out to be useful to users. Users which had beforehand known of such incidents could equip themselves with the useful information and when users are encountering a similar incident, users knows the know-how to handle

Additionally, the respondents were asked on whether they would be willing to use an application that have previously suffered a privacy or security issue. The chart in **Figure 14**, shows that 46.5% of the respondents might be willing to use such applications, 49.1% of the respondents were not willing to use such applications and the remaining 4.4% of the respondents are willing to use applications that have previously suffered a privacy or security issue. When the respondents were further asked as to why they are not willing to use them, various respondents provided similar answers. Some respondents believed that an application that has been breached or hacked is not secure enough for users to use, some have lost their trust to use a breached app and many respondents believed such application is not secure at all and prioritise over their desire to protect their data and privacy.

A similar in-depth question was also asked to respondents as to why they might give it another chance to use applications that previously had security or privacy issues, there are a number of responses received from various respondents that were similar in nature. Many respondents stated their desire to use the app once the issue had been fixed, resolved or patched while some respondents believed they will do so depending on several factors which are the availability of the app, the necessity of the app, the rating of the app and the severity of the security issue that occurred before. Several respondents also highlighted that they will only use the app if they know or were informed of the true cause of the issue, for instance a security breach that occurred might not have been caused by the developer itself but by the users of

such matters and not be tricked by the scheme created by attackers.

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

to perform malicious activities.

*Smart Mobile devices security breaches.*

**Figure 13.**

#### *Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

**Figure 13.** *Smart Mobile devices security breaches.*

*Data Integrity and Quality*

mobile device.

From the results, it is observed that many users believes that installing security software or applications such as anti-virus is not crucial or important for their mobile device. Thus, when these respondents were asked on their main reason for not installing any security software, various answers have been received where one of responses mention that their mobile device already had a built-in antivirus, hence the absence of need to install another anti-virus. There are few similar responses that were made by different respondents where some of it mentions that some respondents did not know the existence of an anti-virus for a mobile device and some had problems choosing an anti-virus that is trustworthy to be installed. Some of the respondents also stated that it is not necessary to install an anti-virus because they believed that they have not installed any malicious programmes or applications to their mobile device. A few of the respondents are hesitant to install a security software due to the need to pay for it while some are blatantly has no desire

Various kind of behaviours in these responses reflects that many users are having a lack of awareness and knowledge on the importance and benefits of having an anti-virus within their mobile device which is worrying in general. For instance, users are hesitant to install an anti-virus software because they assumed that the built-in anti-virus is sufficient and it makes users think their mobile device is safe enough. But it still does not justify the reason for not installing any security software because there is no operating system that is completely secure and invulnerable from cyber risk and danger. Malicious programs, applications, viruses or malwares could still infiltrate mobile devices through every possible way which is why it is recommended for users to set layers of protection for their mobile device instead of being negligent and over-reliant on the built-in protection within their

Then, a question was also asked to the respondents that have installed anti-virus

on their mobile device on whether they regularly update their mobile security software. The responses that were received was surprising because out of 44 respondents, 18 respondents relied heavily on the auto-update feature of their mobile device to update their anti-virus, 16 respondents regularly updates their anti-virus and the remaining 10 respondents rarely updates their anti-virus. This indicates that there are over reliance amongst users towards the automatic update function in their mobile device's operating system or the anti-virus itself. Users that rarely updates their anti-virus or only relying on automatic update are usually the type of users that assume that it is "good enough" to have an anti-virus that prevents

Within this last section of the survey questionnaire, the questions asked are aimed at measuring the respondent's level of knowledge towards mobile security as

In **Figure 13**, when the respondents were asked on whether they have experience any privacy or security breach on their respective mobile devices, 97 respondents which contributes to 85.1% of the chart had never experienced anything similar before while 17 respondents which is equivalent to 14.9% of the chart have experienced a privacy or security breach on their mobile device beforehand. It can be assumed that these 17 respondents or users might have become victim to privacy or security incidents due user's lack of security measures implementation to their data and mobile device. Thus, due to a prior experience in a privacy or security breach, these users might have increased their knowledge on this matter and started tightening their security measures in their effort to prevent the incident from happening again. On the other hand, it also shows that most of the respondents have never experienced such incidents which might be due to sufficient implementation

well as their attitude on the subject of security within mobile devices.

to install one at all as they deem anti-virus as unnecessary.

harmful activities being done to their mobile device. *Knowledge and attitude towards mobile security.*

**130**

of some security measures to protect their mobile device and their personal data. But it is gravely reminded for users not become negligent and starts lowering down their security efforts because attacker will always look for those small opportunities to perform malicious activities.

Then, when the respondents were asked on whether they are aware of the latest security as well as privacy issues that is occurring to mobile devices, 65.8% of the respondents are apparently not aware of any mobile security issues while 34.2% of the respondents are aware of the security issues that are trending nowadays and happening to mobile devices. This means that most of the mobile device users are not educating themselves with the latest security incidents and happenings associated with mobile devices. It is a fact that many cyber crime related cases such as privacy and security issues are not being publicised and the society rarely hears anything about these issues but it does not mean that users should not take any initiative in educating themselves especially within this era of digitalization. It is important to be updated with such matters because the information gained by reading, researching and knowing how the security issues happen could turn out to be useful to users. Users which had beforehand known of such incidents could equip themselves with the useful information and when users are encountering a similar incident, users knows the know-how to handle such matters and not be tricked by the scheme created by attackers.

Additionally, the respondents were asked on whether they would be willing to use an application that have previously suffered a privacy or security issue. The chart in **Figure 14**, shows that 46.5% of the respondents might be willing to use such applications, 49.1% of the respondents were not willing to use such applications and the remaining 4.4% of the respondents are willing to use applications that have previously suffered a privacy or security issue. When the respondents were further asked as to why they are not willing to use them, various respondents provided similar answers. Some respondents believed that an application that has been breached or hacked is not secure enough for users to use, some have lost their trust to use a breached app and many respondents believed such application is not secure at all and prioritise over their desire to protect their data and privacy.

A similar in-depth question was also asked to respondents as to why they might give it another chance to use applications that previously had security or privacy issues, there are a number of responses received from various respondents that were similar in nature. Many respondents stated their desire to use the app once the issue had been fixed, resolved or patched while some respondents believed they will do so depending on several factors which are the availability of the app, the necessity of the app, the rating of the app and the severity of the security issue that occurred before. Several respondents also highlighted that they will only use the app if they know or were informed of the true cause of the issue, for instance a security breach that occurred might not have been caused by the developer itself but by the users of

**Figure 14.** *Apps issues towards security.*

the application itself. If it was in such instances, then these respondents are willing to use the application once more.

Lastly, when the respondents were asked on whether they think cyber security is important for mobile devices, 99.1% of the respondents agrees on the importance of cyber security for mobile devices while 0.9% of the respondents disagrees and believes that cyber security is unimportant for mobile devices. Almost all respondents believed that cyber security is important to mobile devices because the respondents believed that cyber security will protect their personal or sensitive data, their privacy as well as confidentiality that were available within their mobile device from being manipulated, misused or taken advantage of. The respondents also believed that the presence of cyber security is the most effective way to fight against cyber threat issues and reduce the number of cyber crime cases throughout the world.
