Smartphone Apps And the Growing Security Risks
Smartphones are relatively safe to use. For example, less than 2 percent of companies have reported a "serious incident" happening through their employees' smartphones, according to a survey conducted at the RSA Conference, an annual convention for people in the information security field.
But that could soon change, security experts warn. As the smartphone market increases, so does the risk of infected apps. In fact, according to several security firms, users would be surprised at what dangers are already lurking.
Because our location, contacts and even banking information are on the phone, it carries a lot of information about each and every one of us. As more consumers adopt smartphones and start using broadband more extensively the dangers will increase - because the audience looks more appealing to 'bad guys' and there are more opportunities to introduce malicious code.
Lookout Mobile Security pointed out how threats are being downloaded to smartphones in multiple ways. They come from app stores, marketplaces or other download sites. The new open model of apps enables any developer to distribute their app, which can provide ample opportunity for a "bad actor" to distribute malware. Threats can also come through the web browser and other mechanisms such as SMS.
In studying 300,000 smartphone apps, Lookout found a number of those apps are accessing more data than users expect or want. For example, an app to change the phone's background sent the phone number to a computer server owned by a Chinese software developer.
As smartphone use increases, the security risks increase as well, said a Lookout spokesperson. Consumers have more bandwidth, are downloading more apps, and consuming more data than ever before. They are shopping, engaging in payments and using social networks, all from their phones. In the process they are entering private data onto their mobile phones . As the value of data on the phone increases, hackers take notice and will try to take advantage.
According to Dror Shalev, CTO of DroidSecurity, the following types of mobile practices have proven to be high-risk and should be avoided:
- Conducting online banking activities via unofficial apps
- Downloading apps from untrusted sources
- Using 3rd party open source libraries, apps and components that may harbor bugs and malicious code
- Allowing strangers to borrow their phones
- Letting others, including family members (kids in particular) play with their smartphones as they can download apps with malicious content
- Clicking on suspicious content coming through text messages, which might ask for your personal information, passwords or ask you to take urgent actions
- Installing apps that do not come with positive user feedback or ratings