Security Group Urges Better Protection at App Stores
How safe is your smartphone from malicious attack? Not safe enough. And that's not entirely your fault.
Via gateways such as the iPhone's App Store and the Android Market, the companies that control our smartphone operating systems get to say what software goes onto your phones and tablets. That's good business for the companies, since they get a cut of every program sold. In theory, these restricted gateways should also protect us from malicious programs.
But the European security organization Enisa doesn't think they're doing enough. A recent paper on Appstore security noted that in 2010, diallerware (malware that calls or texts without your knowledge, running up your phone bill for the criminals' profit) was found in the Windows Mobile Marketplace. In 2011, malware disguised as a popular app turned up in the Android Market and infected thousands of smartphones.
To fix the problem, Enisa has recommended five lines of defense that app stores should adopt to protect their users:
- App review: The stores need to review the apps before letting users download them.
- 2. Reputation mechanism: They should display the reputation of not only the apps but the apps' developers.
- 3. App revocation (aka kill-switch): The company running the app store should be able to remotely remove apps that have proven to be malicious.
- 4. Device security: Phones and tablets should install new apps in a protected sandbox, where it has limited access to the device. The sandbox could monitor the app to judge whether it is safe.
- 5. Jails (or walled gardens): Phones and tablets should only accept apps from the app stores.
Those are good recommendations. But if you're an Android user, you probably don't what to wait for Google to get its act together. To play it safe, scan your apps before you install them. Trend Micro's Mobile Security will do this for you without your even having to think about it. The program is available as a separate product, but it also comes with Titanium Maximum Security, giving you Windows and Android protection for one price.