Speaking at last week’s Infosecurity Europe event in London, Veracode’s founder and CTO, Chris Wysopal (pictured), told attendees that apps are the biggest security threat to smartphone users.
Chris explained that there are two types of threat; apps that are intentionally malicious, and those that are inadvertently vulnerable.
A list of threats mentioned by Chris includes:
- Activity monitoring and data retrieval
- Unauthorized dialing, SMS, and payments
- Unauthorized network connectivity (data exfiltration or command & control)
- UI (unique identifier) impersonation
- System modification (rootkit, APN proxy configuration)
- Logic or time bomb
- Sensitive data leakage (inadvertent or side channel)
- Unsafe sensitive data storage
- Unsafe sensitive data transmission
- Hardcoded password/keys
Chris suggested that mobile app stores should consider using the above list to conduct a security review of submitted apps.
“Apple is famous for their walled garden and has an approval process”, Wysopal said. “But it’s not clear that they are looking at security issues. They seem to care about user experience and policies.”
Chris reckons Windows Phone 7 has the "strongest" security process for apps.
Android has had its fair share of problems recently. Just a few days after users were warned to avoid third party vendors and stick to the official Android Market, apps infected with malware turned up on – you guessed it – the official Android Market.
via: Info Security