New York City launches a smartphone threat-detection app

NYC Secure will tell New Yorkers if their phones encounter unsafe networks. The city insists it's not tracking users.

Starting next week, New York City residents will start seeing advertisements and public service announcements urging them to download a new city-branded mobile app intended to help them avoid cybersecurity risks on their mobile devices.

The app, called NYC Secure, is part of a similarly named initiative the city launched in March after it announced that it would start treating cybersecurity as a public-safety issue on the level of physical security and fire prevention.

Users of the app, which is available for iOS and Android devices, will get alerts if it detects that their devices are running potentially risky software, navigating to unsafe websites or connecting to Wi-Fi networks that are not secure. The city government describes the app, which was developed by Dallas software firm Zimperium, as a solution available to people who don’t have access to enterprise-level security tools.

“It’s the right thing to do,” said Geoff Brown, the city’s chief information security officer, who oversees the NYC Secure program. “What we are doing is providing cybersecurity for New Yorkers and offering New Yorkers a better way through digital life away from threats.”


Brown said the app will divide risks it detects into device threats and network threats. A device threat might involve another app with poor encryption or a website that does not run on the encrypted HTTPS protocol. A network threat might produce an alert when a user attempts to connect to an unfamiliar network that’s not password-protected.

The app only produces information, though. Brown stressed that NYC Secure is not the city’s way of taking control of residents’ phones.

“This doesn’t take action on the device,” he said. “It’ll alert and give you some recommendations on what to do about it. On a device threat it could recommend deleting an app or recommend restoring from a clean backup. The network threat may recommend HTTPs sites or using a [virtual private network].”

Brown also said that neither the city or Zimperium will use the app to collect any users’ personal identifying information including location, phone number, device serial number or any content stored on a device. The developer will be able to see a device identification number randomly generated by the app, what operating system is being used and the version of the app.

Still, Brown won’t know if the app takes hold with New York nearly 9 million residents — and their devices — until the city plasters subway walls and digital billboards with with ads for NYC Secure. It’ll also be the first public-facing component in New York’s campaign to make cybersecurity a mainstream public safety concern. (An upgrade adding a DNS-based security service to the city’s free public wifi network is also in the works.)


“We hope this will help the New Yorker be more aware,” Brown said. “It’s trying to give guidance. Maybe ambitiously start a more robust public discourse.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts