The Dark Side of Phone Apps

June 4, 2010

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

Poll

Shout box

PHX Corp: http://kotaku.com/ea-sports-developer-calls-wii-u-crap-and-nintendo-wa-508481261 EA Sports Canada Moron calls Wii U 'Crap' and Nintendo 'Walking Dead'05/18/2013 - 11:42am

E. Zachary Knight: If the videos are of sufficient quality that people subscribe and watch regularly, then those let's players are providing a service that people want. That is the heart of capitalism. That is not something that should be shamed.05/17/2013 - 8:06am

E. Zachary Knight: I have no idea who either of those people are. However, I still don't see why making a business out of creating let's play videos is somehow evil or wrong.05/17/2013 - 8:04am

MaskedPixelante: It sure is if you're just doing it for the money. See Tobuscus and/or Pewdiepie for what happens when people get into it just for the money.05/17/2013 - 7:30am

E. Zachary Knight: Why is it wrong to make money doing LPs? Why should that be something that should be shamed?05/17/2013 - 6:20am

MaskedPixelante: https://twitter.com/PsychedelicSA/status/335183893214924801 Now here's an interesting, glass half full thought about the Nintendo LP thing. It outs the people who are just doing LPs to make money.05/17/2013 - 5:56am

E. Zachary Knight: I responded in writing to all this "let's play" stuff Nintendo Started. No need for my permission, I won't give it. It's not mine to give. http://divineknightgaming.com/?p=29205/16/2013 - 2:21pm

E. Zachary Knight: Lars Doucet of Levelup Labs has a Reddit going on game companies that allow monetization of Let's Play videos. http://www.reddit.com/r/Games/comments/1egayn/lets_build_a_list_of_game_studios_that_allow/05/16/2013 - 1:04pm

Sleaker: @Imautobot - yah I wouldn't use an emulator as a good first run test of how stable the console is, haha.05/16/2013 - 11:47am

E. Zachary Knight: The 50th person to jump off a bridge is just as dumb if not dumber than the 1st.05/16/2013 - 10:03am

MaskedPixelante: Yeah, let's all jump on Nintendo for doing this, even though they're hardly the first company to do this...05/16/2013 - 9:47am

E. Zachary Knight: Wow Nintendo, this is wrong. http://kotaku.com/nintendo-forcing-ads-on-some-youtube-lets-play-video-50709238305/16/2013 - 8:44am

Imautobot: @Sleaker, further gameplay has revealed that the controller button do stick under the faceplate. Also, The NES emulator (Emuya)keeps crashing on me, though I think a bad ROM is causing it.05/16/2013 - 7:10am

Papa Midnight: AE: I wonder if any other publishers will follow suit.05/15/2013 - 8:12pm

Andrew Eisen: EA is ditching Online Pass. http://venturebeat.com/2013/05/15/ea-kills-its-controversial-online-pass-program/05/15/2013 - 7:20pm

Avalongod: @Zach and quicnkold...I've read the bill and the intent of it is to fear-monger. It's not a balanced message. I don't recall the ESRB being mentioned at all. It's more "keeps your kids away from these movies/games or they'll become violent"05/15/2013 - 4:35pm

E. Zachary Knight: quiknkold, The big problem with that legislation is the amount of misinformation out there. Who is going to ensure that the information in the pamphlet is accurate?05/15/2013 - 3:25pm

quiknkold: REBeardogg : I'm on the fence about this. on one side, I want parents to be aware of the ESRB, and even Movie Ratings. On the other hand, I feel this will be used for nothing but Propaganda. The ESRB does a good job.05/15/2013 - 3:07pm

IanC: Frostbite is coming out on iOS devices. Yet the Wii U cant handle it? *coughbullshitcough*05/15/2013 - 2:31pm

BearDogg-X: http://www.politickernj.com/65515/lesniak-ruiz-bill-limit-children-s-exposure-media-violence-clears-senate - Bill requiring schools to publish pamphlets with anti-fake media "violence" propaganda clears NJ Senate05/15/2013 - 2:03pm

All shouts

<< Return To Top

Forgot your password?
Username :
Password :