Feeds

Chinese app stores host malicious apps

Government scolds carriers for poor security efforts

5 things you didn’t know about cloud backup

The Chinese authorities have voiced concerns after uncovering security vulnerabilities in the application stores run by mobile operators China Mobile and China Telecom.

Regional newspaper the Guangzhou Daily reported (via Sina Tech) that according to the Ministry of Industry and Information Technology (MIIT), mobile operators' overall network security comes in at an impressive compliance rate of 98 per cent.

However, deputy director Xiong Sihao reportedly added that there are “many problems” in the app stores of the two operators, which between them have a market share of around 80 per cent.

China Unicom, which has a share of around 20 per cent, is spared in the report.

Sihao’s comments in the report also hinted that the ministry is somewhat displeased that the state-run operators are not doing more to ensure a safe environment for their users.

“Judging by the industry at present, there has not been a fundamental change in the operators’ security weaknesses, and despite some improvements there have not been any fundamental improvements,” he reportedly said.

Although there are no reliable stats, China appears to have a big problem when it comes to malicious mobile apps either finding their way onto legitimate sites such as those run by the operators, or dubious third party platforms.

Roy Ko, a consultant at the Hong Kong Computer Emergency Response Team Coordination Center, told The Register that part of the problem lies with Chinese mobile users themselves.

“In China people like to crack software and make it available for free but that is dangerous because Google Play at least has some quality control, but on the other sites you get these cracked apps alongside malicious ones,” he argued.

The most common end goal for the creators of these malicious apps is either to steal data, or make money out of premium dialler malware, although increasingly hackers are using these infection channels to turn smartphones into botnets, Ko explained.

Given the government always gets its way one way or another in the People's Republic, it probably won't be long before the operators announce new measures to vet applications on their app stores more rigorously.

With the country's number of mobile subscribers now topping one billion, and Android steaming ahead of the competition, it's pretty certain that cyber criminals will be targeting the OS via malicious apps for some time to come. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.