Feeds

Safe as Windows: Smartphones' security nightmare

Apple, Android and the PC experience

High performance access to file storage

Open ... And Shut These days, smartphones are a bit like Dr Seuss' mythical "thneed," doing anything and everything – including (gasp!) making phone calls. Unless you're on AT&T, of course, with its penchant for dropping calls. Ironically, however, we're fast approaching the time when users may care far more about PC-era issues like viruses and other malware, rather than whether they can call home.

Research in Motion's BlackBerry users had a rude awakening last week when RIM's cloud service failed for several consecutive days, turning millions of smartphones into phones that weren't so smart, but still delivered voice traffic, as Noise to Signal cartoonist Rob Cottingham humorously depicts in the cartoon (below) from his website, which he let us use.

The problem is that we no longer rely on our mobile phones for calling friends or family. Not primarily. Over the past few years usage patterns for mobile phones have shifted, with data traffic growing at a torrid pace even as voice traffic stagnates or declines. After all, a 2011 Wireless Intelligence study revealed that apps claimed 667 minutes of users' time per month, compared to 671 minutes for messaging and a mere 531 minutes for voice calling.

Sure, people still complain about dropped calls, but an OccupyTelcos movement would spring up overnight if email/IM/apps/etc were dropped, given how much more of our time we're spending with our mobile devices, whether at work or play.

Given the importance of our mobile devices, we should expect them to become ground zero for more malware, which may put a damper on Android's growth.

Android, after all, is still the Wild West of mobile. Carriers used to control what got on to phones, but now it is Google and Apple that do so, through their respective app stores.

Google is pretty laid-back about what it allows into the Android Marketplace and, hence, onto users' phones. This is particularly troublesome given that Android now tops Apple with 44 per cent of all mobile app downloads. In March of this year, Google torched 21 malware apps. By June, it had to remove 26 more.

Expect more of the same on a regular basis, given Google's laissez-faire approach to its Marketplace.

I'm generally in favour of more openness, not less, and actually would prefer a much more open app distribution mechanism than an app store can provide, for many of the same reasons that venture capitalist Fred Wilson gives.

But this means we'll need to get much more serious about mobile security. Google knows this is an issue, and has been improving Android to make it much more hack-resistant through address space layout randomization (ASLR) and other techniques. But this is just the beginning, not the end.

Third-party applications have hit the market to help people protect their mobile devices, and security giants like McAfee are helping to grow the market. But so far most products are either geared toward enterprises, which have less and less control over the devices employees use, or toward consumers, which have mostly ignored the need to secure their devices.

In short, we have the makings of a serious mobile security problem, particularly for Android users, just as Android seems set to become the Windows of the mobile world, in all the good and bad senses that brand implies. Apple users will likely remain mostly safe, wrapped in the all-encompassing embrace of Apple's closed ecosystem, but will trade freedom for security. Android users, meanwhile, trade security for freedom.

Welcome to the new world of mobile, same as the old world of desktop? ®

Matt Asay is senior vice president of business development at Strobe, a startup that offers an open source framework for building mobile apps. He was formerly chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfresco's general manager for the Americas and vice president of business development, and he helped put Novell on its open source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open...and Shut, appears twice a week on The Register.

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.