The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

 
Forgot your password?
Username :
Password :

Poll

Did Microsoft pay too much ($2.5 billion) for Minecraft developer Mojang?:

Shout box

You're not permitted to post shouts.
james_fudgeDon't hit me *cowers behind Andrew*09/20/2014 - 3:20pm
ConsterYou take that back right now, james, or else. *shakes fist menacingly*09/20/2014 - 3:00pm
james_fudgeOur community is awesome. We can have a debate without threatening to kill each other.09/20/2014 - 2:50pm
Andrew EisenNo one's crossed a line but I just want to remind you all to keep discussions civil.09/20/2014 - 1:54pm
Craig R.tldr: I'm a gamer, and imo those who support GamerGate should feel free to take a flying leap off a cliff.09/20/2014 - 1:27pm
Craig R.Not only that, I'm pretty sure that if actual studies were done, you'd still deny them, Sleaker. After all, it's not what you'd want to hear to support your rose-colored view of GamerGate.09/20/2014 - 1:18pm
Craig R.There IS an issue. Nor do we need a study to show that if you deny it then you're part of the problem.09/20/2014 - 1:17pm
Sleakersimply oust people that do harass others.09/20/2014 - 11:34am
Sleaker@Conster - I can say the same thing if you think there's been more than a handful. Until there's an actual study on rates no one can claim to know how widespread the incidence of harassment is. Thus the best we can do is 'there might be an issue' and...09/20/2014 - 11:33am
ConsterSleaker: if you think there's only been "a handful of" incidents, you have your head stuck *somewhere* - I'm assuming it's sand.09/20/2014 - 5:38am
prh99Most of it's agitprop clickbait anyway.09/20/2014 - 5:27am
prh99A good reason to stop reading reguardless of view pointhttp://www.theguardian.com/media/2013/apr/12/news-is-bad-rolf-dobelli.09/20/2014 - 5:22am
Andrew EisenWell this is unique! A musical critique of the Factual Feminist's "Are Video Games Sexist?" video. https://www.youtube.com/watch?v=-K4s7cV4Us409/20/2014 - 2:41am
Andrew EisenSome locked threads. Some let them be. So, no, I'm not seeing a problem here. No corruption. No collusion. No ethical problem with privately discussing ethics.09/20/2014 - 12:48am
Andrew EisenAnd still, in the end, Tito made up his own mind on how to handle his site. All 150 or so members went off to handle their own sites in their own ways. Some talked about it. Some didn't. Some changed disclosure policies. Some didn't.09/20/2014 - 12:40am
Andrew EisenThere were two comments other than Kochera and Tito's. One pointed out the Escapist Code of Conduct, another comment was in support of Tito.09/20/2014 - 12:40am
Andrew EisenKochera privately expressed his disagreement on how Tito decided to do something. No, I don't consider that crossing a line nor do I consider the exchange an example of the group pressuring him.09/20/2014 - 12:36am
Kronotechnical reasons. Anyways, I need to get to sleep as well.09/20/2014 - 12:29am
KronoAnd he wasn't the only one pushing Tito to censor the thread. If Tito had bowed to peer pressure, we likely wouldn't have gotten this http://goo.gl/vKiYtR which grew out of that thread. Said thread also lasted until a new one needed to be made for09/20/2014 - 12:28am
Krono@Andrew So it's an example of Kuchera crossing the line from reporter to advocate. And an example of the group pressuring for censorship.09/20/2014 - 12:21am
 

Be Heard - Contact Your Politician