Feeds

Chinese app stores host malicious apps

Government scolds carriers for poor security efforts

Beginner's guide to SSL certificates

The Chinese authorities have voiced concerns after uncovering security vulnerabilities in the application stores run by mobile operators China Mobile and China Telecom.

Regional newspaper the Guangzhou Daily reported (via Sina Tech) that according to the Ministry of Industry and Information Technology (MIIT), mobile operators' overall network security comes in at an impressive compliance rate of 98 per cent.

However, deputy director Xiong Sihao reportedly added that there are “many problems” in the app stores of the two operators, which between them have a market share of around 80 per cent.

China Unicom, which has a share of around 20 per cent, is spared in the report.

Sihao’s comments in the report also hinted that the ministry is somewhat displeased that the state-run operators are not doing more to ensure a safe environment for their users.

“Judging by the industry at present, there has not been a fundamental change in the operators’ security weaknesses, and despite some improvements there have not been any fundamental improvements,” he reportedly said.

Although there are no reliable stats, China appears to have a big problem when it comes to malicious mobile apps either finding their way onto legitimate sites such as those run by the operators, or dubious third party platforms.

Roy Ko, a consultant at the Hong Kong Computer Emergency Response Team Coordination Center, told The Register that part of the problem lies with Chinese mobile users themselves.

“In China people like to crack software and make it available for free but that is dangerous because Google Play at least has some quality control, but on the other sites you get these cracked apps alongside malicious ones,” he argued.

The most common end goal for the creators of these malicious apps is either to steal data, or make money out of premium dialler malware, although increasingly hackers are using these infection channels to turn smartphones into botnets, Ko explained.

Given the government always gets its way one way or another in the People's Republic, it probably won't be long before the operators announce new measures to vet applications on their app stores more rigorously.

With the country's number of mobile subscribers now topping one billion, and Android steaming ahead of the competition, it's pretty certain that cyber criminals will be targeting the OS via malicious apps for some time to come. ®

Internet Security Threat Report 2014

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.