The smartphone in our pockets has become our dirty secret. The next time you grab a friend's smartphone to stare at a picture or to watch the video on YouTube they simply had to share, you might want to think again. Or, even better, take a look at your own mobile device and wonder: when did I last clean it? On January 17, ZDNet took to Twitter to ask a simple question: How often do you disinfect your phone? The results surprised us and certainly revealed a disturbing truth: the majority of us are filthy creatures. In total, 18.5% of you said your smartphone was subject to a weekly clean, whereas 14% said their mobile device was subject to a monthly spruce-up. A whopping 60% of you admitted you never cleaned your mobile device. 7.4% inferred you would clean it after you've been sick. Our readers aren't alone, either, in grim habits: a 2019 report (.PDF) of 1,200 US residents and their hygiene practices found that 88% of adults use their phones in the bathroom. If you're a parent, you are even more likely to do so with the figure climbing to 93%; perhaps in a bid to snatch a few minutes of peace to check social media feeds and emails. (All in all, there are probably only two types of smartphone users: those who admit to using their device in the bathroom, and those who lie about it.) Your smartphone goes everywhere with you. The lounge, the bathroom, the kitchen, the bedroom, the pub. You touch the screen after you've washed up with the germ-infested kitchen sponge that really should have been thrown away days ago. You refill the dog bowl, perhaps receive an affectionate lick in gratitude and then accept a call, thereby pressing the screen to your face. You unlock your phone in the pub garden to check a notification after you've used the restroom. (You've washed your hands but how many reprobates have you seen while you're in there bypass the sink entirely to grab the door handle on their way out?) It's no wonder that smartphones are now comparable to toilet seats when it comes to the germs and viruses that claim them as home. Other recent studies confirm high colony-forming units (CFU) per square inch levels on our mobile devices. If you're like me and travel often with a smartphone glued to your hip, you really might want to take a wipe with you. Outstripping everything else on the list, a study into airport self-check-in kiosks showed they contain a massive 253,857 CFU per square inch, thanks to our grubby hands. We can't get rid of our smartphones, despite the breeding grounds of germs they have become, and it's important we don't sterilize our lives to the point we hamper our own immune systems. But it might be about time we think about cleaning our devices a little more often, especially in the winter season when cold and flu bugs are rampant and when touch can be enough to transfer contagious illnesses to our nearest and dearest. The now global challenge posed by the coronavirus is an additional wake-up call. Learn the proper way to clean your phone by visiting OUR FORUM.

Don't use a mobile authenticator app on an old smartphone, because the app is only as secure as the operating system in which it's running, two security researchers said at the RSA Conference here earlier this week. Aaron Turner and Georgia Weidman emphasized that using authenticator apps, such as Authy or Google Authenticator, in two-factor authentication was better than using SMS-based 2FA. But, they said, an authenticator app is useless for security if the underlying mobile OS is out-of-date or the mobile device is otherwise insecure. "You don't want the risk associated with 32-bit iOS," said Turner, adding that you should use only iPhones that can run iOS 13. "In Android, use only the Pixel class of devices. Go to Android One if you can't get Pixel devices. I've had good experiences with Motorola and Nokia Android One devices." And he warned the audience to stay away from one well-known Android brand. "[German phone hacker] Karsten Nohl showed that Samsung was faking device updates last year," Turner said. "Stop buying their stuff." To be fair, Samsung was far from the worst offender among phone makers in the study Turner cited, and the study authors later said "they got it wrong" regarding Samsung's issues, without going into further detail. (Slides for Turner and Weidman's presentation are available on the RSA website.) The problem is that if an attacker or a piece of mobile malware can get into the kernel of iOS or Android, then it can do anything it wants, including presenting fake authenticator-app screens. "One of my clients had an iPhone 4 and was using Microsoft Authenticator," Turner said, indicating another authenticator app. "All an attacker would need to do is to get an iPhone 4 exploit. My client was traveling in a high-risk country, his phone was cloned and then after he left the country, all sorts of interesting things happened to his accounts." And don't think iOS devices are safer than Android ones -- they're not. There are just as many known exploits for either one, and Weidman extracted the encryption keys from an older iPhone in a matter of seconds onstage. The iPhone's Secure Enclave offers "some additional security, but the authenticator apps aren't using those elements," said Weidman. "iOS is still good, but Android's [security-enhanced] SELinux is the bane of my existence as someone who's building exploits." "We charge three times as much for an Android pentest than we charge for an iOS one," Turner said, referring to an exercise in which hackers are paid by a company to try to penetrate the company's security. "Fully patched Android is more difficult to go after."Looking for more details on this, visit OUR FORUM.