Profile Facebook Twitter My Space Friendster Friendfeed You Tube
Kompas Tempo Detiknews
Google Yahoo MSN
Blue Sky Simple News Simple News R.1 Simple News R.2 Simple News R.3 Simple News R.4

Wednesday, February 23, 2011

How Secure Are Mobile Apps? Scary Things Come In Small Packages

by Tom Nelson and Mary O’Connor - PC Today January 2011
tips and trick mobile android
That smartphone you carry around every day has a dirty little secret. It has been acquiring reams of personal information about you, and it’s just waiting to divulge it to someone, somewhere, somehow. Does that sound scary enough? It gets worse. Your role in that scenario is a simple matter of using various apps while placing orders online, accessing bank and credit card info, and performing other routine tasks we all do, all the time. A poorly written app may, with no malicious intent, store information locally on your smartphone, making it a treasure trove of personal data to anyone who gains access to your phone.

The Threats
And that’s just the benign apps, the ones that simply don’t follow some basic precautions (such as not storing data locally) or failing to use a high level of encryption to protect data that must be stored locally. Some apps have security flaws that allow others to use them to gain access to your data. Finally, there are apps that are conceived as malware from the get-go.

Malware. You might think you can avoid the whole issue by sticking with well-known app stores, but apps available from platform- or carrier-specific app stores aren’t immune from malware. Even iPhones aren’t exempt from risk. Apple recently removed a simple application that turned the LED camera flash on, so it could be used as a flashlight. The app developer hid a 3G modem application within the app that allowed individuals to use the iPhone as a tethered modem for another device. Strictly speaking, this wasn’t malware, since the only thing the app did wrong was violate Apple’s terms of service. But it illustrates that even stores that strictly monitor apps can miss potential malware.

Security flaws. These come in all shapes and types, but in all cases, it’s a mistake or oversight by the developer of an application, or the OS it runs on, that puts you at risk. Last summer, Citigroup had to notify its customers that a mobile banking app it developed for the iPhone was inadvertently storing user data in hidden files, which meant it was possible for someone who had access to your phone to gain access to your banking credentials.

Other types of security flaws include apps that can be used to gain access to data or take over your smartphone. For example, some smartphone Web browsers can be used to download and install malware. Some smartphones have shipped pre-infected with malware that not only affects the smartphone but also any PCs it may connect to.

Spyware. Not all smartphone threats are hidden deep within an application; some are divulged right up front, in the terms of service you agree to. The bit about spyware might be in small print, in a long, scrolling contract you’ll never read, but it’s there, somewhere. In some cases, you agree to allow your smartphone to divulge your location, contact information, and information about apps you use, and even monitor texting.

App Stores
Where you get an app is as important as the app itself. App stores are all the rage, because they’re convenient, but they don’t all provide some type of checking on the apps they list.

Apple pioneered the idea of a vetted app store, where all apps are tested before they’re made available to the public. Apple also requires all iOS apps to be digitally signed, ensuring that an app can be traced back to the developer.

Android allows unsigned apps, but has additional security to protect against rogue apps. An Android app can access any service on a phone, but it must first ask your permission. Don’t say yes to every request from an Android app; make sure it makes sense for the app to have that information. Does an app that manages your desktop background need to have access to your location information? Probably not, which may be a sign that the app is up to no good.

Securing Your Smartphone
Company-provided smartphones generally have a layer of control managed by the company’s IT department that only allows specific applications to be installed. But even with a smartphone whose security is preconfigured, business users should follow the same best practices that consumers must follow to keep from being targets of mobile malware or identity theft:

Mobile Antivirus Apps
Your smartphone may be the target of fewer threats than your desktop or laptop computer, but the potential is ever-expanding. The mobile market appears to be shrinking to fewer major OSes; this concentration of devices increases the likelihood of malware.

Consider a mobile antivirus app if you tend to be a risky user. If you love to download apps just to try them out, routinely use your smartphone for banking or other financial activity, or store lots of personal data on your smartphone, then you’re a risky user. You’re also a risky user if you tend to turn security features off because they “get in the way” of using your smartphone.

Proceed With Caution
While the current threat of mobile malware remains low, the risk continues to expand as the number of mobile users grows. Malware creators are coming to the conclusion that mobile devices are replacing desktop and laptop computers as the repositories of major chunks of personal data, which means it’s more important than ever to be vigilant. ▲

Related Post:

Widget by [ Iptek-4u ]


Post a Comment

Copyright © 2010 - All right reserved