The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Shout box

MechaTama31: Of course, I'm looking at these tweets in isolation, I don't know a thing about the guy.10/19/2014 - 7:06pm

MechaTama31: If anything, the sarcastic implication seems to be that the SJW crowd is bringing back the bullying of nerds. But it's the GGers who are out for his blood? I'm lost...10/19/2014 - 7:01pm

MechaTama31: I don't really get this Sam Biddle thing. The reaction to his tweets seems to be taking them at face value, but... they're tongue in cheek. Right?10/19/2014 - 7:00pm

Andrew Eisen: I have it. The problem, so far as I can tell, is neither of them allow me to overlay my webcam feed or text links to my Extra-Life fundraising page.10/19/2014 - 4:08pm

quiknkold: and yes, its free10/19/2014 - 4:05pm

quiknkold: should grab Hauppauge capture. has mic support and can upload directly to youtube10/19/2014 - 4:05pm

Andrew Eisen: The former.10/19/2014 - 4:00pm

quiknkold: was it StreamEez, or the StreamEez feature in Hauppauge Capture? cause I know Capture has alot more support from the devs.10/19/2014 - 3:54pm

Andrew Eisen: I actually tried StreamEez last week. Flat out didn't work.10/19/2014 - 3:53pm

quiknkold: I use the Hauppauge Capture software's StreamEez. Arcsoft showbiz for recording. I just streamed a few hours of Persona 4 Golden with zero problem using the program. Xsplit is finniky when it comes to Hauppauge10/19/2014 - 3:40pm

Andrew Eisen: Trying to capture console games and broadcast with Open Broadcaster System because I've had technical difficulties using XSplit 3 weeks in a row.10/19/2014 - 3:37pm

quiknkold: and what are you trying to capture?10/19/2014 - 3:31pm

quiknkold: same one I have. ok. what program are you using?10/19/2014 - 3:31pm

Andrew Eisen: Haupaugge HD PVR 210/19/2014 - 3:28pm

quiknkold: What Capture Card are you using, Andrew10/19/2014 - 3:26pm

quiknkold: I know Biddle isnt Kotaku. he's just a employee. Its up to Kotaku if they want to punish him for being a public representative of Kotaku...well...I wouldnt be against it.10/19/2014 - 3:26pm

Andrew Eisen: Lovely, my capture card is not (yet) compatible with the broadcaster I want to use. Let's hope my workaround works!10/19/2014 - 3:19pm

Andrew Eisen: If you find Biddle's statement off-putting, then you're certainly directing your distaste at the correct entity.10/19/2014 - 3:18pm

quiknkold: as somebody who once had his skull fractured behind a grocery store as a kid because I was a nerd. Sam Biddle can eff himself with barbwire10/19/2014 - 2:59pm

Matthew Wilson: I dont agree with it, but that doesnt mean its not true sadly.10/19/2014 - 2:36pm

All shouts

Forgot your password?
Username :
Password :