Is Smartphone Security Good Enough?

Michigan State Police are alleged to be using forensic phone cloning devices in minor offense investigations.

Would you object if a police officer stopped you for speeding, then took your phone and cloned all its data--including photos, videos, e-mails, and recent GPS locations?

If you get pulled over by the Michigan State Police, this might be a reality, courtesy of handheld phone cloners that are designed for forensics use but which the American Civil Liberties Union (ACLU) claims are being used by patrol officers.

The ACLU has asked to see logs for any devices used this way, and the Michigan State Police responded by demanding half a million dollars to pay for retrieving the information. The ACLU has replied with a public letter (PDF link) mentioning constitutional rights and litigation, and that's where the matter rests at the moment.

It's alleged that the police force is using CelleBrite UFED devices out in the field. The handheld tool can quickly clone the data stored on more than 3000 different phone models, even if that data is protected by a PIN. It can even access deleted data no longer accessible by the owner of the phone.

It should be noted that, in a comment on the Popular Mechanics reporting of the issue, somebody claiming to be a former Michigan State Police officer says the ACLU has got it wrong, and that the police gave only five of the units, used in the forensic labs only after an arrest has taken place.

Whatever the case, the advice is simple: If you're stopped by the police and they ask if they can search your phone, simply refuse. The ACLU implies that state police in Michigan are cloning phones not by forcing people to hand them over, but simply by asking. Remember that they might phrase the request obscurely--such as, "Do you mind if we take a quick look at your phone?"-- so be on your guard. However, the whether cell phones are protected by the Fourth Amendment against searches is still being hashed out in the courts.

Bigger questions are raised closer to home: Are cell phone manufacturers enacting enough technical barriers to protect the data on handsets from snoops, whether that's law enforcement or anybody else?

A lot of work has gone into protecting transmissions, but it's wrongly assumed that if a person or agency has physical access to the phone, then they can be trusted. This simply isn't the case.

Modern smartphones contain extremely personal records of our lives. If Near Field Communications (NFC) take-off then phones may literally become our wallets when we use them to pay for purchases.

It's not just about handsets. Are app creators doing enough to protect confidential data they generate? For example, geolocation apps are all the rage right now, but are they protecting the GPS data we willingly record?

I decided to do a few tests. I attached my iPhone to a fresh Windows install and, after installing iTunes and iPhone Explorer, a piece of software that makes accessible the iPhone's file system, I tried to see what I could find.

It was a shocking experience. I use the Navfree satellite navigation app, for example, and was able to easily uncover my "home" address--street name as well as latitude and longitude coordinates--as well as recently visited destinations. All of that was contained within simple text files on the iPhone. With similar ease, I was able to uncover my recent Yahoo Messenger conversations.

Remember: I was able to do all this by doing little more than plugging my iPhone into a computer via USB and installing easily available, entirely legal software. I could do the same with your iPhone, provided I have access to it for a moment or two.

In my cursory explorations I wasn't able to view e-mails, and this is probably because the iPhone incorporates Data Protection, which encrypts e-mails and any attachments. Indeed, the iPhone has encryption built into the hardware along with an application programmer interface (API) allowing programmer access to this feature, allowing theoretically easy access for apps. However, it appears few make use of it.

My iPhone isn't jailbroken but I understand that even more data is freely accessible on such phones. I doubt many people consider this when choosing to jailbreak.

To be fair, iPhones set with a passcode are inaccessible to iTunes (and therefore iPhone Explorer) unless some first enters the passcode on the device. But how many people use this feature, which can make activating the phone for use each time a slightly annoying experience?

Google Android phones are no better. Android 3.0 will bring with it some powerful encryption features, and there's talk of a new open-source project called Guardian that will add fundamental encryption to Android and could be integrated into Android devices by handset manufacturers. But right now Android phones and tablets have almost no data protection.

RIM BlackBerry phones offer a much higher standard of protection, perhaps because they're aimed at enterprise users, and there's the rub. Data encryption on phones tends to be seen as an enterprise-level feature, where it's employed to protect employer data--and often in response to legislation.

However, every level of user can reasonably demand the same level of data protection.

Modern ARM processors used in most phones have encryption routines built into them, making data protection operations very simple to integrate without requiring huge amounts of battery power. So there's really is very little reason not to encrypt data.

Systems need to change, and handset manufacturers need to start taking the issue of data security far more seriously. Ultimately, it should be impossible for anybody--including law enforcement officers--to access our data without our express permission.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags softwaredata protectionapplicationsPhonesconsumer electronicsCell PhonesAmerican Civil Liberties Union

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Keir Thomas

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?