Feeds

Safe as Windows: Smartphones' security nightmare

Apple, Android and the PC experience

Boost IT visibility and business value

Open ... And Shut These days, smartphones are a bit like Dr Seuss' mythical "thneed," doing anything and everything – including (gasp!) making phone calls. Unless you're on AT&T, of course, with its penchant for dropping calls. Ironically, however, we're fast approaching the time when users may care far more about PC-era issues like viruses and other malware, rather than whether they can call home.

Research in Motion's BlackBerry users had a rude awakening last week when RIM's cloud service failed for several consecutive days, turning millions of smartphones into phones that weren't so smart, but still delivered voice traffic, as Noise to Signal cartoonist Rob Cottingham humorously depicts in the cartoon (below) from his website, which he let us use.

The problem is that we no longer rely on our mobile phones for calling friends or family. Not primarily. Over the past few years usage patterns for mobile phones have shifted, with data traffic growing at a torrid pace even as voice traffic stagnates or declines. After all, a 2011 Wireless Intelligence study revealed that apps claimed 667 minutes of users' time per month, compared to 671 minutes for messaging and a mere 531 minutes for voice calling.

Sure, people still complain about dropped calls, but an OccupyTelcos movement would spring up overnight if email/IM/apps/etc were dropped, given how much more of our time we're spending with our mobile devices, whether at work or play.

Given the importance of our mobile devices, we should expect them to become ground zero for more malware, which may put a damper on Android's growth.

Android, after all, is still the Wild West of mobile. Carriers used to control what got on to phones, but now it is Google and Apple that do so, through their respective app stores.

Google is pretty laid-back about what it allows into the Android Marketplace and, hence, onto users' phones. This is particularly troublesome given that Android now tops Apple with 44 per cent of all mobile app downloads. In March of this year, Google torched 21 malware apps. By June, it had to remove 26 more.

Expect more of the same on a regular basis, given Google's laissez-faire approach to its Marketplace.

I'm generally in favour of more openness, not less, and actually would prefer a much more open app distribution mechanism than an app store can provide, for many of the same reasons that venture capitalist Fred Wilson gives.

But this means we'll need to get much more serious about mobile security. Google knows this is an issue, and has been improving Android to make it much more hack-resistant through address space layout randomization (ASLR) and other techniques. But this is just the beginning, not the end.

Third-party applications have hit the market to help people protect their mobile devices, and security giants like McAfee are helping to grow the market. But so far most products are either geared toward enterprises, which have less and less control over the devices employees use, or toward consumers, which have mostly ignored the need to secure their devices.

In short, we have the makings of a serious mobile security problem, particularly for Android users, just as Android seems set to become the Windows of the mobile world, in all the good and bad senses that brand implies. Apple users will likely remain mostly safe, wrapped in the all-encompassing embrace of Apple's closed ecosystem, but will trade freedom for security. Android users, meanwhile, trade security for freedom.

Welcome to the new world of mobile, same as the old world of desktop? ®

Matt Asay is senior vice president of business development at Strobe, a startup that offers an open source framework for building mobile apps. He was formerly chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfresco's general manager for the Americas and vice president of business development, and he helped put Novell on its open source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open...and Shut, appears twice a week on The Register.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
EE network whacked by 'PDP authentication failure' blunder
Carrier is 'aware' of cockup, working on a fix NOW
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.