The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

 
Forgot your password?
Username :
Password :

Poll

EA has shuttered Maxis (The Sims, SimCity). Should it keep the Maxis name alive?:

Shout box

You're not permitted to post shouts.
E. Zachary KnightGoth, they could have fooled me.03/05/2015 - 11:16pm
Goth_SkunkI don't understand. GamerGate supports an open, diverse gaming community for all as well. Google's statement is contradictory.03/05/2015 - 10:59pm
TechnogeekAnd as far as the Card thing went, I basically balanced it out personal guilt-wise by donating an amount equal to the Shadow Complex purchase price to the ACLU.03/05/2015 - 9:44pm
TechnogeekWelp, look like the Gerberghazi crowd is going to have to use Bing now. https://twitter.com/googlecloud/status/57365320825126093003/05/2015 - 9:42pm
Goth_SkunkAhh! I misinterpreted your statement about being left with almost every game in existence. I interpreted it as 'If you boycott games he's been involved with, you're boycotting almost all of them.'03/05/2015 - 9:31pm
Andrew EisenGoth - Card has been involved with only a small handful of games so if one were to boycott games for his involvement, they wouldn't be missing out on many games.03/05/2015 - 9:29pm
Goth_Skunk@Craig: Only if you're not interested in seeing it end.03/05/2015 - 9:27pm
Craig R.Instead of calling people the "anti gamergate faction", you could just call them "sane"03/05/2015 - 9:23pm
Goth_SkunkWhat do you mean 'almost every game in existence'? Card is a writer, not a game developer.03/05/2015 - 9:18pm
Andrew EisenBut I too wonder how many people who cry boycott actually follow through. I vaguely remember a few years ago a bunch of people boycotting one of the CoD games and were all found playing it on Steam.03/05/2015 - 7:53pm
Andrew EisenAn interesting quandary but not equivalent as boycotting games that Card was involved with leaves you with... well, almost every game in existence.03/05/2015 - 7:51pm
MechaTama31I agree that it's silly to avoid buying a game because one person involved with it said some things you disagree with. But I wonder how many of the people calling it silly this time have boycotted games for, say, Orson Scott Card's involvement?03/05/2015 - 7:40pm
PHX Corphttp://www.myfoxphilly.com/story/28274296/officer-injured Officer In Critical Condition Following Shooting Inside North Phila Game Stop03/05/2015 - 6:55pm
WonderkarpThe Shutup was a quick interjection saying "HEY! EVERYBODY SHUT UP AND LOOK AT THIS!" and I got the Critical Condition from a Local news site. I linked TMZ.03/05/2015 - 6:49pm
Andrew EisenThey call me The Jaws of Life.03/05/2015 - 6:48pm
Goth_SkunkThat's terrible. Now that it's been noted, can we return to Andrew's amazing steel-tearing teeth?03/05/2015 - 6:42pm
Andrew EisenWell, sucks that that happened and I'm glad he's alright (nothing in the article you linked says he's in critical condition) but there's no need for anyone to shut up.03/05/2015 - 6:41pm
WonderkarpEVERYBODY SHUT UP! Harrison Ford is in Critical Condition After A Plane Crash!! D: http://www.tmz.com/2015/03/05/harrison-ford-plane-crash-landing-golf-course-santa-monica/03/05/2015 - 6:38pm
Goth_SkunkIt ruined my joke about your billionaire lifestyle affording you state-of-the-art dentistry. I longed to see you fill your mouth with steel-tearing jaws.03/05/2015 - 6:32pm
Andrew EisenYep, typos happen. Even on the invoices I send for my freelance work. Yeah, that's always super embarrassing.03/05/2015 - 6:29pm
 

Be Heard - Contact Your Politician