Feeds

Safe as Windows: Smartphones' security nightmare

Apple, Android and the PC experience

Using blade systems to cut costs and sharpen efficiencies

Open ... And Shut These days, smartphones are a bit like Dr Seuss' mythical "thneed," doing anything and everything – including (gasp!) making phone calls. Unless you're on AT&T, of course, with its penchant for dropping calls. Ironically, however, we're fast approaching the time when users may care far more about PC-era issues like viruses and other malware, rather than whether they can call home.

Research in Motion's BlackBerry users had a rude awakening last week when RIM's cloud service failed for several consecutive days, turning millions of smartphones into phones that weren't so smart, but still delivered voice traffic, as Noise to Signal cartoonist Rob Cottingham humorously depicts in the cartoon (below) from his website, which he let us use.

The problem is that we no longer rely on our mobile phones for calling friends or family. Not primarily. Over the past few years usage patterns for mobile phones have shifted, with data traffic growing at a torrid pace even as voice traffic stagnates or declines. After all, a 2011 Wireless Intelligence study revealed that apps claimed 667 minutes of users' time per month, compared to 671 minutes for messaging and a mere 531 minutes for voice calling.

Sure, people still complain about dropped calls, but an OccupyTelcos movement would spring up overnight if email/IM/apps/etc were dropped, given how much more of our time we're spending with our mobile devices, whether at work or play.

Given the importance of our mobile devices, we should expect them to become ground zero for more malware, which may put a damper on Android's growth.

Android, after all, is still the Wild West of mobile. Carriers used to control what got on to phones, but now it is Google and Apple that do so, through their respective app stores.

Google is pretty laid-back about what it allows into the Android Marketplace and, hence, onto users' phones. This is particularly troublesome given that Android now tops Apple with 44 per cent of all mobile app downloads. In March of this year, Google torched 21 malware apps. By June, it had to remove 26 more.

Expect more of the same on a regular basis, given Google's laissez-faire approach to its Marketplace.

I'm generally in favour of more openness, not less, and actually would prefer a much more open app distribution mechanism than an app store can provide, for many of the same reasons that venture capitalist Fred Wilson gives.

But this means we'll need to get much more serious about mobile security. Google knows this is an issue, and has been improving Android to make it much more hack-resistant through address space layout randomization (ASLR) and other techniques. But this is just the beginning, not the end.

Third-party applications have hit the market to help people protect their mobile devices, and security giants like McAfee are helping to grow the market. But so far most products are either geared toward enterprises, which have less and less control over the devices employees use, or toward consumers, which have mostly ignored the need to secure their devices.

In short, we have the makings of a serious mobile security problem, particularly for Android users, just as Android seems set to become the Windows of the mobile world, in all the good and bad senses that brand implies. Apple users will likely remain mostly safe, wrapped in the all-encompassing embrace of Apple's closed ecosystem, but will trade freedom for security. Android users, meanwhile, trade security for freedom.

Welcome to the new world of mobile, same as the old world of desktop? ®

Matt Asay is senior vice president of business development at Strobe, a startup that offers an open source framework for building mobile apps. He was formerly chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfresco's general manager for the Americas and vice president of business development, and he helped put Novell on its open source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open...and Shut, appears twice a week on The Register.

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Google Nest, ARM, Samsung pull out Thread to strangle ZigBee
But there's a flaw in Google's IP-based IoT system
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.