The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
ZippyDSMleeShout box sttasahhppppp!!05/22/2015 - 10:47am
Andrew EisenOh, here it is. I thought it was gone. Yeah, I'm experiencing the same issue. Sent a note to tech.05/22/2015 - 10:43am
E. Zachary KnightAnyone else have the shout box pushed down to the bottom of the site?05/22/2015 - 10:38am
MattsworknameAndrew and EZK help me pull back a bit , still working on it05/22/2015 - 7:06am
ConsterI think IP is the only person here who doesn't think IP needs to dial it back several levels.05/22/2015 - 6:14am
Mattsworknamehttp://www.foxnews.com/politics/2015/05/22/fec-backs-off-flirtation-with-regulating-internet/05/22/2015 - 1:34am
MattsworknameWell, on another subject, Saw this, and while I know it's fox news, thuoght I should share it05/22/2015 - 1:34am
MechaCrashYeah, even I think IP needs to dial it back.05/22/2015 - 12:35am
Mattsworknamesays05/21/2015 - 11:17pm
MattsworknameRE doc, everyone has a tendancy to let emotion get ahead of them, especially in an annoymous forum like the web. We have have those moments. Ip however has nothing but those moments. it's why I stopped responding to him, regardless of what he thinks or05/21/2015 - 11:17pm
DocMelonheadNo offense, but I see your behaviors in the comment sections uncalled for.05/21/2015 - 8:51pm
DocMelonheadHell, I could use both Goth_Skunk and IronPatriot as an example of such behavior between the two.05/21/2015 - 8:43pm
Andrew EisenMock? Ridicule? No, we're talking about serious threats and abuse, not people being cheeky or mean. Big difference.05/21/2015 - 8:42pm
DocMelonheadIn fact I see both mocks and ridicule between both the GamerGate Supporters and GamerGate Critics.05/21/2015 - 8:41pm
DocMelonheadAs for the Harassment, well, this is the internet; people will mock and ridicule whoever they want, whenever they want, at all times.05/21/2015 - 8:40pm
Mattsworknamegoth I think all media news outlets have that disclaimer05/21/2015 - 8:39pm
Andrew EisenThat's an... interesting way to interpret that.05/21/2015 - 8:36pm
Goth_SkunkAnd re BBC vs Rockstar: Ahh. I missed that. Woops!05/21/2015 - 8:33pm
Goth_SkunkAE: The entire disclaimer is a valid reason why I don't take it seriously. Particularly the part where they say "the information contained herein may not be necessarily accurate or current." Because fact-checking, like math, is haaaaaaaaard!05/21/2015 - 8:32pm
MattsworknameI take all media reporting with huge skepticism. the Mary sue Included. that said, there not as bad Jezebel.05/21/2015 - 8:27pm
 

Be Heard - Contact Your Politician