The answer is complicated. Usually it becomes important when you get in interaction with the financial authorities for instance Banks, Credit Cards offices or healthcare services and government institutions social security, courts, police department and so on.
Formally the providers of Smartphones and Operating Systems (OS) as well the providers of applications and owner of a Smartphone itself usually are carrying responsibility for information security but a problem seems much more wider.
If there are found any compromising information on Smartphone in most cases the responsibility would be assigned to an owner of a Smartphone i.e. you rather then to the providers of a Smartphone device, OS or the applications.
There many times when security of the Smartphone devices can be compromised even without any owners awareness while most of a control over smartphone devices belong to OS and applications providers.
For example Android OS, iOS, messengers like Whatsap, Telegram, Viber, Skype etc.
To allow a normal work of the applications they may ask to give them an access to the contacts, files, media, phone calls, Geo-location(GPS) and many others services and data on your smartphone.
Many times the users of Smartphones even do not aware that their devices have a problem with information integrity or have data security breaches.Any of Smartphones users can be effected
One of the most known data security breach is NSO Pegasus software issue.
References:
- Israel press about NSO and Pegasus
Along a live period of OS software from main providers like Google, iOS etc. (period of live i.e. from the release of a software to the EOL) there are always number of the vulnerabilities and bugs that also may lead to security breaches and data integrity issues.
References:
- Vulnerabilities and bugs examples
- 1More Vulnerabilities and bugs examples
- 2More Vulnerabilities and bugs examples
- 2023 Vulnerabilities and bugs examples
- 2024 Vulnerabilities and bugs examples
There are many other bugs and vulnerabilities that can be easily found by quick search on the Internet. One thing is sure. Even if to apply all of the advised last updates it's never going to guarantee for sure the data integrity on your Smartphone.
The main providers of OS on Smartphones carry endless and uncountable number of the bugs and vulnerabilities that never get solved 100% by the updates that continue until a last day of OS software live period. Even if to follow all of the updates after few days or weeks or maximum months a vendor would tell your about a need to apply the new updates . Otherwise they cannot guarantee the data integrity of a Smartphone.Always the new updates solve the known bugs but after some time a provider discovers the new bugs and so on.There is another interesting point. Most of the known modern providers of the OS for Smartphones assign you as an user with a very limited rights on a Smartphone device.
Clear that the updates and upgrades that advised by OS vendors of the Smartphones is not enough for good and sustainable data integrity and security.
There is a way in IT industry to insure the data integrity of software and hardware setup that known as 'hardening'.The method used as addition to the updates and upgrades of OS and applications on a Smartphone .As a first step we need to setup Smartphone OS with ROOT user (ROOTING device) then a customer get administration ROOT access on his Smartphone. This is going to allow much better control of the customers over their Smartphone. In addition we do a hardening of the software and hardware setup.
