The Dark Side of Phone Apps

June 4, 2010 -

The Wall Street Journal looks into the "dark side of phone apps" in a new report about the lack of app vetting in Google's Android and Apple's iPhone app stores. While they don't cite too many examples, save some questionable banking apps that Apple banned, the paper solicits the opinions of nameless FBI and security professionals who are "concerned" about malicious software making its way into these stores and in turn on consumers' phones.

As more companies, government agencies and regular consumers use wireless devices to engage in commerce and share private information, the "bad guys" are finding new and creative ways to steal from them and profit from it.

The paper, speaking to "someone familiar with the matter," reports that the FBI's Cyber Division has begun working on these kinds of cases - specifically apps designed to compromise banking on cellphones, as well as mobile "malware" used for "espionage by foreign nations." The FBI has a standing policy that bars its employees from downloading apps on FBI-issued smartphones. The Air Force has a similar policy.

While there is some oversight for most app stores - Google's Android app store has no formal review process. The company has said in the past that it relies on its customers to report malware or other questionable apps first. While some security experts believe Google's Android Market is particularly vulnerable, Google says that it has "put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there's no evidence for claims that its store poses a greater risk than others."

Apple, on the other hand, vets all of its applications before they appear in its App Store, but security on that front can use some improvement too, according to some experts. The most publicized incident happened in July 2008, when Apple pulled the game called Aurora Feint from its store after it was found to be uploading users' contact lists to the game maker's servers. Apple claims that it " takes security very seriously," and that it has "a very thorough approval process and review every app." The company also claims to check the identities of every developer.

Still the iPhone isn't a perfect and safe platform - we'll leave you this scary quote from the WSJ story to think about:

Since 2008, security experts have identified at least 36 security holes in the phone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.

Source: WSJ

Posted in

 
Forgot your password?
Username :
Password :

Poll

Did you get a new video game for Christmas?:

Shout box

You're not permitted to post shouts.
Matthew WilsonI meant from a organizational pov end users get it in contract, but any site that would want to use it for 2 factor would have to pay alot of money12/27/2014 - 5:35pm
IanCSMS is expensive? In what country? I get something stupid a month on my contract. I think it might even be unlimited.12/27/2014 - 5:32pm
Matthew WilsonI am still amazed that 2 factor authentication has not become the norm yet. I get sms is expensive, but Google authanacator api is free for any website to use.12/27/2014 - 5:11pm
PHX Corphttp://techcrunch.com/2014/12/27/anonymous-leaked-a-massive-list-of-passwords-and-credit-card-numbers/ Guys change your passwords: Anonymous Leaked A Massive List Of Passwords And Credit Card Numbers12/27/2014 - 3:25pm
Matthew WilsonThis is impressive video editing. basketball tricks with a basketball. https://www.youtube.com/watch?v=OhCQeFX9GSg#t=18112/27/2014 - 2:01pm
MaskedPixelanteDude was at the center of a pretty serious plagiarism scandal back in 2011, and it was widely known he ripped off other musical pieces well before that.12/27/2014 - 9:33am
Kajex@Masked Right, because his work actually composing music for several Metroid games necessitated plagiarism.12/27/2014 - 9:04am
MaskedPixelanteI can't believe Kenji Yamamoto got another job. Then again, his job on Smash was "musical arrangment", so copying other people's work is right up his alley.12/26/2014 - 9:31pm
Matthew Wilsonthe company that hosts it is a cyber security firm, and from what I understand it is the data they they see just shown publicly.12/26/2014 - 8:22pm
Wonderkarpa question about that website, Matthew...how does it know its a cyberattack or not12/26/2014 - 8:06pm
Matthew Wilsonfor those intreasted in seeing cyber attacks in real time check out this site. http://map.ipviking.com/12/26/2014 - 7:51pm
PHX Corp@MP you can add me on XBL and Nintendo Network if you want, I go under TrustyGem(Same gamertag as on Steam)12/26/2014 - 2:01pm
CMinerI blame North Korea.12/25/2014 - 11:49pm
MechaTama31For the last few weeks, the GP site fails to load about 2/3 of the times I try.12/25/2014 - 11:13pm
MaskedPixelanteOK, is GP having trouble loading for anyone but me?12/25/2014 - 9:21pm
Matthew Wilsonits a bunch of script kiddies. ddosing is one of the easiest thing to do,and most companies can not stop it sadly.12/25/2014 - 5:05pm
MaskedPixelanteI like Nintendo as much as the next person, they're pretty much the only company putting out the games I want to play, but that was pretty embarassing to have NNID go down due to overuse.12/25/2014 - 4:35pm
MaskedPixelanteSee? It's NOT a repeat of last year's fiasco.12/25/2014 - 4:22pm
PHX CorpLizard squad is responsible for The XBL/PSN shutdown https://www.youtube.com/watch?v=QSpZvsoWvig12/25/2014 - 4:17pm
IanCOh shut up bitching about Nintendo. At least they advised people to downloading updates before the big day. Sony/MS? Not a peep.12/25/2014 - 3:50pm
 

Be Heard - Contact Your Politician