Security software company Symantec dropped 10 phones each in Calgary, Halifax, Montreal, Ottawa, Toronto and Vancouver and waited to see if they would be returned.
Each phone was preloaded with icons for phoney apps designed to tempt the finders into tapping on them. Tracking software recorded what they couldn't resist peeking at.
Stefano Tiranardi, an information protection specialist with Symantec Canada, says he's disappointed by the results of the experiment.
"I was surprised at the higher-than-expected numbers," Tiranardi says.
"Really, individuals who misplace a phone or have it stolen have absolutely no hope their private information will remain private."
Of the 60 phones in the test, 55 per cent of them were picked up by someone who attempted to return the device.
Twenty-seven phones were grabbed and never returned — and they weren't even flashy high-end smartphones. Symantec used older Google Android phones for the experiment.
Among the questions that Symantec wanted to answer with the study was how persistent people would be in poking around a found phone.
The answer was very.
One phone dropped at a Calgary bus stop was found by an honourable person eager to return it. But while waiting to establish contact with the rightful owner, that person did some extensive snooping.
The phone was picked up just 25 minutes after being dropped and right away an app labelled Contacts and another with the name Social Networking were tapped. Nine minutes later, a HR Salaries app was opened.
Soon after, an email was sent to an address labelled as "Me" in the Contacts app with an offer to return the phone.
And the peeping continued.
About half an hour later, a Passwords app was accessed. Then, after another hour had passed, Social Networking and Online Banking apps were tapped.
A few days elapsed without the phone being used. When it was plugged in to recharge, several more apps were accessed and the following day, there was more digging into the contents of the phone.
That storyline wasn't unusual.
Ninety-three per cent of the phones were accessed in some way by the people who found them.
Social networking and corporate-related apps were tapped on about two-thirds of the phones, while passwords, photos and emails apps were launched on half of the devices. An online banking app was accessed on one in three phones.
While it appeared to researchers that seven per cent of the phones were not accessed in any way, that might not be the case.
Tiranardi says the tracking of taps was based on the phone's mobile data connection and it's likely that one of two scenarios played out.
It's possible the phones were taken to a lost and found and were turned off or remained untouched until their batteries died.
Or the SIM cards from the phones could have been yanked immediately after they were found, which would have cut off the signal back to the researchers.
"Somebody who picked it up could have figured, 'I'm selling this on eBay ... I'm going to go home, factory reset and try to wipe it and get rid of the phone,'" Tiranardi says.
Also on HuffPost