Symantec's Honey Stick Project (pdf) confirms what many of us already knew: almost no one can resist the temptation of poking around on someone else's smartphone.
The study placed 50 smartphones in various public areas throughout several major American and Canadian cities. The phones were fully charged and allowed random passersby unfettered access to the device with no passwords or security measures, an all too common practice for most smartphone owners. All human interactions with the handsets were monitored and logged remotely. The goal was to assess the "human threat" of unsuspecting people discovering someone's phone based on how they interacted with the device.
96 percent of "lost" smartphones were accessed by discoverers while about half of those people also peeked into email and other potentially sensitive areas. 89 percent of the devices had the owner's personal apps and/or data accessed. "Access" was defined as an app or file being opened on the phone.
Obviously though, even the most honest finders may have been looking for contact information via the address book and email apps in an attempt to identify the owner. However, with that in mind, finders also accessed a file named "Saved Passwords" 57 percent of the time.
Additionally, 53 percent of phone finders inexplicably opened a document titled "HR Salaries" while a disappointing 49 percent of people attempted to use an app named "Remote Admin". 60 percent of the devices showed that people had attempted to log on to social network services under the owner's user name. Meanwhile, 43 percent actually had the nerve to do the same for banking apps. When confronted with password prompts, the individuals would try to guess passwords.
Of the 50 "lost" phones, owners received offers to return the devices 25 times. The report claims that contact information was made easily accessible on the phone for this purpose.