App stores: a security time bomb?

App stores: a security time bomb?At ease, troopers and mobotniks! Unless you're a celebrity or an ex-MP like Paul Marsden, and the Daily Mail is interested in you (his phone hacking ordeal is documented on the BBC), you probably have no reason to call the bomb squad to take care of your sneaky phone. Not yet...

Granted, Mr Marsden's privacy breach is not app store related, but nonetheless, a casual approach to telecommunication is involved. And it is probably no coincidence that, while his story breaks all over the news, smartphone apps stores are being scrutinised in public.

The Examiner casts a critical eye on app safety, and though the overall verdict is a rounded "don't panic, but be cautious", the Android Market gets singled out as the baddest apple out there - and not the first time, either. Meanwhile, IT Pro notches it up a bit with an almost Rumsfeldian "App stores: A security time bomb?"

So, why the panic, and why do the bad experts pick on poor little Android? To answer that requires a chart, and, oh, here, we have one:

App stores: a security time bomb?Meet TaintDroid. It's the droid in your 'Droid, and it's meant to keep bad apps out of your Android phone. Apparently. And so thinks Google, but a research team from Pennsylvania State, Duke and Intel Labs too a look at 30 randomly chosen Android app store programs, and they found that 20 of them were rather on the casual side with how they looked after user data. Apparently, both Apple's App Store and Microsoft's software shop have slightly more safety conscious measures in place, though neither can be called 100% safe.

The full report, as an 850KB PDF,can be downloaded at appanalysis.org, but if that graphic above looks daunting, you probably want to skip that link. It's a tough read, though we were surprised to learn that even a phone's accelerometer can be engaged in nefarious activity. How nefarious? Time bomb style, says IT Pro. Their amber alert is flashing, and here's why:

"Users could encounter a variety of threats on app stores. Some are bundled in with other apps, such as wallpapers. This throws up another challenge for vendors as they try to split malicious apps from the legitimate ones. Spyware-type applications have been spotted as well, where SMS messages were sent to unintended recipients.

"More traditional, PC-like attacks are another danger. Symantec researchers recently spotted a piece of malicious kit that stole data and reported back to a command and control centre. The app was monitoring SMS messages and was capable of receiving instructions from the command and control centre as well. Other dirty apps have forced the user to call premium rate numbers, so the crooks get some of their target's funds."

Ironically, though, IT Pro then goes on to take it all back, sort of, fearmongering headline and all:

"Greg Day, director of security strategy for McAfee in Europe, the Middle East and Africa (EMEA), said the security firm had not seen any more than 1,000 mobile threats in total, whereas there are 60,000 PC threats emerging a day."

In other words: Yes, there are naughty players out there, and as technology moves forward, so do they. But it's by no means a crimewave, yet. And no, we're not trying to make light of the issue.

However, a sense of realism is called for when analysing the issue: you can use all the software tools and encryption you can fit onto your phone's flash card... but that won't help much if one of your 2 or 20 or 2,000 friends has loads of your private info in his unprotected phone's addressbook.

In the 80s James Belushi starred in a movie titled Filofax. Person loses filofax. Another person finds filofax. Identies are stolen. We laughed. I said 80s, right? The point is: no one called the filofax a privacy timebomb.

It's up to you, really. Nothing in life is free, they say. But a lot of phone apps are.

Read the pre-install warnings, and if in doubt spend some time researching the app in question. Is there bad feedback out there? Do you really need the app? Find out.

Read more about: Android

Add a comment
2 comments

philjupitus  Jan. 26, 2011 at 17:15

thumbs up, if this article doesn't make sense to you either

Julias  Jan. 26, 2011 at 23:58

philjupitus I don't know what you were reading exactly but that to me is well written thought and thought out article.I would rather be reading things like that than seeing the cheapest mobile phone deals! :/

Email:

You don't need an account to comment. Just enter your email address. We'll keep it private.

Comment: