The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

 
Forgot your password?
Username :
Password :

Poll

Will limiting Steam services to accounts that have spent at least $5 eliminate spammers?:

Shout box

You're not permitted to post shouts.
Matthew WilsonI think its a good article, and devs can take some lessons from life is strange.04/24/2015 - 10:24pm
Andrew EisenI tinyURL'd it. The world is safe!04/24/2015 - 10:23pm
Matthew Wilson@AE my bad there is nothing I can do about that.04/24/2015 - 10:21pm
Andrew EisenLooks like the spoiler is right there in the URL.04/24/2015 - 10:20pm
Matthew Wilsonhttp://tinyurl.com/ok9pf6b a interesting opinion piece on the life is strange episode 2, and a dark event that happens in it. full warning major spoilers.04/24/2015 - 10:11pm
Matthew Wilson@mech no just she, nor her co workers have not. she never said it is not real.04/24/2015 - 8:58pm
MechaCrashWas she saying "I haven't experienced it," or "I haven't experienced it therefore it does not exist"?04/24/2015 - 8:31pm
ZippyDSMleeoy the skyrim paid mod thing is going over well. My 2 lints, I would not mind if Skyrim had a full SDK and not a crappy lil editor....04/24/2015 - 6:46pm
Andrew EisenWell, that is indeed crappy and nonsensical.04/24/2015 - 3:45pm
Matthew Wilsonshe got attacked for saying that she personaly has not experienced the harassment some other female devs have, and she got acused of defending GG and ignoring harassment. she ended up getting dog piled because of it.04/24/2015 - 3:43pm
Andrew EisenFine but do you recall ANY details at all?04/24/2015 - 3:38pm
Matthew Wilsonit was several weeks ago now, and I will admit to not saving it.04/24/2015 - 3:36pm
Andrew EisenAttacked HOW and by WHOM for not writing off WHO as evil? Do you have a link or anything?04/24/2015 - 3:31pm
Matthew Wilsonthat is the whole point she was not attacked for saying anything. she was attacked for being willing to debate in the first place, and not just write them off as evil.04/24/2015 - 3:28pm
Andrew EisenI know there's not a lot of room in the Shout box but goodness you're being vague.04/24/2015 - 3:26pm
Andrew EisenGreat, but that STILL doesn't tell me what she said, why she was attacked (or what the attack was) or what "standard line" she's following. Details, man. Details!04/24/2015 - 3:25pm
Andrew EisenOr what the heck Nina White (someone else I've never heard of) is actually referring to.04/24/2015 - 3:24pm
Matthew Wilson@AE she is a game dev. she used to do stuff with hormanix and now works with https://outact.net/#!/?page_id=2 she will often engage and debate both side.04/24/2015 - 3:23pm
Andrew Eisen...following.04/24/2015 - 3:23pm
Andrew EisenYou mean focus on stopping the bad behavior of those who are doing it rather than condemning all the people that associate with them? Great. But I still don't know who Emma Clarkson is, what she said, why she was attacked or what "standard line" she's04/24/2015 - 3:23pm
 

Be Heard - Contact Your Politician