Feeds

Chinese app stores host malicious apps

Government scolds carriers for poor security efforts

Choosing a cloud hosting partner with confidence

The Chinese authorities have voiced concerns after uncovering security vulnerabilities in the application stores run by mobile operators China Mobile and China Telecom.

Regional newspaper the Guangzhou Daily reported (via Sina Tech) that according to the Ministry of Industry and Information Technology (MIIT), mobile operators' overall network security comes in at an impressive compliance rate of 98 per cent.

However, deputy director Xiong Sihao reportedly added that there are “many problems” in the app stores of the two operators, which between them have a market share of around 80 per cent.

China Unicom, which has a share of around 20 per cent, is spared in the report.

Sihao’s comments in the report also hinted that the ministry is somewhat displeased that the state-run operators are not doing more to ensure a safe environment for their users.

“Judging by the industry at present, there has not been a fundamental change in the operators’ security weaknesses, and despite some improvements there have not been any fundamental improvements,” he reportedly said.

Although there are no reliable stats, China appears to have a big problem when it comes to malicious mobile apps either finding their way onto legitimate sites such as those run by the operators, or dubious third party platforms.

Roy Ko, a consultant at the Hong Kong Computer Emergency Response Team Coordination Center, told The Register that part of the problem lies with Chinese mobile users themselves.

“In China people like to crack software and make it available for free but that is dangerous because Google Play at least has some quality control, but on the other sites you get these cracked apps alongside malicious ones,” he argued.

The most common end goal for the creators of these malicious apps is either to steal data, or make money out of premium dialler malware, although increasingly hackers are using these infection channels to turn smartphones into botnets, Ko explained.

Given the government always gets its way one way or another in the People's Republic, it probably won't be long before the operators announce new measures to vet applications on their app stores more rigorously.

With the country's number of mobile subscribers now topping one billion, and Android steaming ahead of the competition, it's pretty certain that cyber criminals will be targeting the OS via malicious apps for some time to come. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.