Feeds

Safe as Windows: Smartphones' security nightmare

Apple, Android and the PC experience

High performance access to file storage

Open ... And Shut These days, smartphones are a bit like Dr Seuss' mythical "thneed," doing anything and everything – including (gasp!) making phone calls. Unless you're on AT&T, of course, with its penchant for dropping calls. Ironically, however, we're fast approaching the time when users may care far more about PC-era issues like viruses and other malware, rather than whether they can call home.

Research in Motion's BlackBerry users had a rude awakening last week when RIM's cloud service failed for several consecutive days, turning millions of smartphones into phones that weren't so smart, but still delivered voice traffic, as Noise to Signal cartoonist Rob Cottingham humorously depicts in the cartoon (below) from his website, which he let us use.

The problem is that we no longer rely on our mobile phones for calling friends or family. Not primarily. Over the past few years usage patterns for mobile phones have shifted, with data traffic growing at a torrid pace even as voice traffic stagnates or declines. After all, a 2011 Wireless Intelligence study revealed that apps claimed 667 minutes of users' time per month, compared to 671 minutes for messaging and a mere 531 minutes for voice calling.

Sure, people still complain about dropped calls, but an OccupyTelcos movement would spring up overnight if email/IM/apps/etc were dropped, given how much more of our time we're spending with our mobile devices, whether at work or play.

Given the importance of our mobile devices, we should expect them to become ground zero for more malware, which may put a damper on Android's growth.

Android, after all, is still the Wild West of mobile. Carriers used to control what got on to phones, but now it is Google and Apple that do so, through their respective app stores.

Google is pretty laid-back about what it allows into the Android Marketplace and, hence, onto users' phones. This is particularly troublesome given that Android now tops Apple with 44 per cent of all mobile app downloads. In March of this year, Google torched 21 malware apps. By June, it had to remove 26 more.

Expect more of the same on a regular basis, given Google's laissez-faire approach to its Marketplace.

I'm generally in favour of more openness, not less, and actually would prefer a much more open app distribution mechanism than an app store can provide, for many of the same reasons that venture capitalist Fred Wilson gives.

But this means we'll need to get much more serious about mobile security. Google knows this is an issue, and has been improving Android to make it much more hack-resistant through address space layout randomization (ASLR) and other techniques. But this is just the beginning, not the end.

Third-party applications have hit the market to help people protect their mobile devices, and security giants like McAfee are helping to grow the market. But so far most products are either geared toward enterprises, which have less and less control over the devices employees use, or toward consumers, which have mostly ignored the need to secure their devices.

In short, we have the makings of a serious mobile security problem, particularly for Android users, just as Android seems set to become the Windows of the mobile world, in all the good and bad senses that brand implies. Apple users will likely remain mostly safe, wrapped in the all-encompassing embrace of Apple's closed ecosystem, but will trade freedom for security. Android users, meanwhile, trade security for freedom.

Welcome to the new world of mobile, same as the old world of desktop? ®

Matt Asay is senior vice president of business development at Strobe, a startup that offers an open source framework for building mobile apps. He was formerly chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfresco's general manager for the Americas and vice president of business development, and he helped put Novell on its open source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open...and Shut, appears twice a week on The Register.

SANS - Survey on application security programs

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.