Get the Better newsletter.
 / Updated 
By Herb Weisbaum

The major software products like Turbo Tax, H&R Block and TaxAct let you prepare the “short forms” (1040A and 1040EZ) as well as the 1040 “long form” on your mobile device. They all have apps that let you take a photo of your W-2 to automatically populate your return with that information.

You already shop and do banking on your smartphone, but should you do your taxes this way?

NBC News BETTER spoke to a number of nationally recognized privacy/digital security experts and they all agreed that using a mobile device for this task creates a number of vulnerabilities. One of the biggest risks: People who take photos with their personal phones and do not delete those photos after uploading them.

“This leaves a copy of your data-rich W-2s, including Social Security numbers, in your phone’s photo storage, and/or possibly on your cloud storage,” said Cris Thomas, Global Strategy Lead for IBM X-Force Red. “Now, your data is in more places that have a higher risk of being compromised than just your tax provider’s systems.”

Robert Sicliano, security analyst with Hotspot Shield, worries about lost or stolen mobile devices that do not have password protection.

“When someone finds or steals your mobile phone they have access to everything on it and in this case, your tax return,” he said.

There’s also the risk of having this sensitive information compromised by mobile malware – and that threat is growing. The number of new mobile malware variants increased by 54 percent in 2017, according to a new report from Symantec. Do you have malware and antivirus software on your device — especially, if it’s an android phone?

“You could have a key logger [on your phone] watching you log in to all your accounts including your tax preparation platform,” said Eva Velasquez, President/CEO of the Identity Theft Resource Center. I generally advise against using your mobile device to file your taxes, unless you are willing to take on the responsibility that goes along with it.”

When someone finds or steals your mobile phone they have access to everything on it and in this case, your tax return.

We contacted TurboTax, H&R Block, TaxSlayer and TaxAct to get their response to these security concerns. TurboTax and H&R Block responded, saying security and protecting their client’s information is a top priority.

TurboTax noted that its app does not store any data on a customer’s phone or device. In addition, “when customers create or access their TurboTax account, additional security features help ensure the security of their account, including password protection, multi-factor authentication and Touch ID account authentication,” the statement said.

H&R Block said the photos taken with its mobile app are not saved to the device or the cloud and are removed from the client’s device after upload (approximately 10-15 seconds).

“In addition to the steps taken by H&R Block, we encourage clients to protect and secure any physical device on which they are preparing taxes with firewalls, anti-virus software and anti-spyware software,” the statement said.

If you decide to do your return on a mobile device and file it using a Wi-Fi connection, stick with a trusted network, such as your home system. Never use public Wi-Fi unless you deploy a virtual private network (VPN) to encrypt the data.


Want more tips like these? NBC News BETTER is obsessed with finding easier, healthier and smarter ways to live. Sign up for our newsletter and follow us on Facebook, Twitter and Instagram.