The Dark Side of Phone Apps

June 4, 2010

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

Poll

Shout box

DorthLous: Anybody tried Hiversaire? Thoughts?05/22/2013 - 5:48pm

E. Zachary Knight: New Humble Bundle Weekly Sale. Alan Wake: https://www.humblebundle.com/weekly No Linux or Mac support. :(05/22/2013 - 1:46pm

E. Zachary Knight: Microsoft talks about the lack of backward compatability. You're backwards. http://www.gamasutra.com/view/news/192801/If_youre_backwards_compatible_youre_really_backwards.php05/22/2013 - 1:39pm

E. Zachary Knight: That is absolutely nuts there. As bad an experience XBox Indie Games was, the problems weren't with the self published side of things. Forcing a publisher onto independent studios is not going to help.05/22/2013 - 10:43am

MaskedPixelante: http://www.eurogamer.net/articles/2013-05-22-microsoft-wont-let-indies-self-publish-on-xbox-one And the hits just keep on coming.05/22/2013 - 9:20am

E. Zachary Knight: AE: You beat me to it. That's what I get for taking the night off.05/22/2013 - 7:40am

E. Zachary Knight: To continue the confused and convoluted messaging system present in EA, They are making Wii U games: http://www.gamasutra.com/view/news/192753/EA_is_working_on_Wii_U_games_after_all.php05/22/2013 - 7:33am

Imautobot: I gotta admit, I seriously believed Microsoft was going to "Bring It" with this new console. But they failed, and I think that failure might be Epic.05/22/2013 - 7:27am

Andrew Eisen: Well, the Xbox One reveal certainly had an interesting affect on the big 3's stock prices. https://twitter.com/AndrewEisen/status/33705126448977100805/21/2013 - 10:45pm

PHX Corp: http://kotaku.com/so-the-xbox-one-reveal-screwed-up-a-lot-of-peoples-kin-509179256 So The Xbox One Reveal Screwed With Some People's Kinects05/21/2013 - 10:36pm

Zen: On a funny side note...both of my boys have already voted NOT to get the Xbox One as soon as they found out Minecraft won't transfer lol. Some people have priorities damnit! ;)05/21/2013 - 9:27pm

Andrew Eisen: Here's the full quote on EA making Wii U games according to Neogaf: http://www.neogaf.com/forum/showthread.php?t=56112105/21/2013 - 8:19pm

Andrew Eisen: Xbox One may not be always on but that doesn't mean you can use it without an internet connection. http://kotaku.com/xbox-one-does-require-internet-connection-cant-play-o-50916410905/21/2013 - 7:39pm

Andrew Eisen: Polygon says EA's CFO says it is developing games for Wii U but doesn't provide that quote. http://www.polygon.com/2013/5/21/4351844/ea-developing-wii-u-games05/21/2013 - 7:11pm

Andrew Eisen: Well, I was right. Both Sony and Microsoft's consoles will be out by the year's end and both will be significantly more powerful than the current gen.05/21/2013 - 5:06pm

james_fudge: thnx05/21/2013 - 4:47pm

Zen: Just to let ya know...you called it the "Xbox 260" in the backwards compatibility article lol.05/21/2013 - 4:26pm

Zen: @PHX Awesome, I will hit those up after class tonight. Going back to college finally! :) My kids have had a blast telling ME to do my homework now lol.05/21/2013 - 4:19pm

PHX Corp: @Zen I sent you a friend request on both PSN and XBL, just a heads up05/21/2013 - 4:16pm

Zen: I noticed it with the football players when EA showed off Madden as well.05/21/2013 - 4:11pm

All shouts

<< Return To Top

Forgot your password?
Username :
Password :