Feeds

Chinese app stores host malicious apps

Government scolds carriers for poor security efforts

The Essential Guide to IT Transformation

The Chinese authorities have voiced concerns after uncovering security vulnerabilities in the application stores run by mobile operators China Mobile and China Telecom.

Regional newspaper the Guangzhou Daily reported (via Sina Tech) that according to the Ministry of Industry and Information Technology (MIIT), mobile operators' overall network security comes in at an impressive compliance rate of 98 per cent.

However, deputy director Xiong Sihao reportedly added that there are “many problems” in the app stores of the two operators, which between them have a market share of around 80 per cent.

China Unicom, which has a share of around 20 per cent, is spared in the report.

Sihao’s comments in the report also hinted that the ministry is somewhat displeased that the state-run operators are not doing more to ensure a safe environment for their users.

“Judging by the industry at present, there has not been a fundamental change in the operators’ security weaknesses, and despite some improvements there have not been any fundamental improvements,” he reportedly said.

Although there are no reliable stats, China appears to have a big problem when it comes to malicious mobile apps either finding their way onto legitimate sites such as those run by the operators, or dubious third party platforms.

Roy Ko, a consultant at the Hong Kong Computer Emergency Response Team Coordination Center, told The Register that part of the problem lies with Chinese mobile users themselves.

“In China people like to crack software and make it available for free but that is dangerous because Google Play at least has some quality control, but on the other sites you get these cracked apps alongside malicious ones,” he argued.

The most common end goal for the creators of these malicious apps is either to steal data, or make money out of premium dialler malware, although increasingly hackers are using these infection channels to turn smartphones into botnets, Ko explained.

Given the government always gets its way one way or another in the People's Republic, it probably won't be long before the operators announce new measures to vet applications on their app stores more rigorously.

With the country's number of mobile subscribers now topping one billion, and Android steaming ahead of the competition, it's pretty certain that cyber criminals will be targeting the OS via malicious apps for some time to come. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.