It probably won’t be an exaggeration to say that we, users of mobile devices, have personal relationships with our mobile devices. Facebook, Twitter, NYTimes, Kindle, Duolingo, Quizlet, Pandora Radio, Food Network in the Kitchen, Flashlight are just a few mobile business apps that thousands of people use on a day-to-day basis. Business mobile apps like iBillable Hours App, Construction Daily Log, Job Estimate and Repair Order, HR App, Trade Show Leads Collection are examples of apps that assist us in our work.
On the other hand, it is mind-boggling how much information about us hold our mobile friends: our contact lists, credit and debit card numbers, legal documents, personal photos, past and future doctor appointments, our likes and dislikes, strengths and weaknesses – everything that if placed in wrong hands will make us extremely vulnerable.
How can our personal information get endangered? Even though the most popular app stores like Google Play Store and Apple App Store check all mobile business apps uploaded into their stores, from time to time their security gets breached by malicious applications. “It has been said that iOS (the operating system for iPhone and iPad) is inherently more secure than the Android operating system. There is some merit to these claims, but…there are a great many risks…, ” says Marble Security in Marble Labs Mobile Threat Report, June 2014. “
Thus, for example, in August 2014, Apple App Store approved an app infected with malware into its store. Fortunately, that app had been developed by a group of researchers from Georgia Tech to test the potential security breaches of Apple store. That app was “masqueraded as a news reader that would phone home to reprogram itself into malware. Once configured remotely, the software was able to do things like send texts, e-mails, post Tweets, take pictures, dial phone numbers, and even reboot the system,” reports Josh Lowensohn in Researchers slip malware onto Apple’s App Store, again, the article based on the MIT Technology Review. This experiment showed that Apple App Store might not be as infallible as it seems to be.
As for Google Play Store, in April 2013, “a form of malware called BadNews was downloaded several million times from the Google Play store. This malware impersonated an ad network and leaked personal information from affected phones to a designated offshore server. It also prompted users to install a Trojan application (AlphaSMS) which produces expensive text charges, ” writes Scott Matteson in Malware in the Google Play Store: Enemy inside the gates. How could that happen? Doesn’t Google check all mobile business apps uploaded to its store? Yes, it does, but in this case the malware was added to the app after it was approved by Google.
When we were writing this blog post, our research revealed that both Google Play Store and Apple App Store overall very effectively protect their users from malware, adware, and spyware. However, iOS owners sometimes jailbreak their mobile devices, thus exposing themselves to numerous app-threats from less secure marketplaces. In addition, an iOS device is also capable of downloading mobile business apps from enterprise app marketplaces, through testing mobile business apps … and through test programs which can allow a limited number of users to install mobile business apps from a website with a single click,” states Marble Security in Marble Labs Mobile Threat Report, June 2014. ” As for even non-rooted Android devices, “they can download mobile business apps from a myriad of app stores including Google Play, Amazon, 1Mobile, Appia, App Brain, AppsFire, AppsZoom, Android Pit, Baidu, Brophone, CNET, Handango, Handster, Insyde Market, Mobango, Mobile9, Nexva, Opera Mobile App Store, Soc.io, and Yandex, ” continues Marble Security.
How can we, mobile users, protect ourselves from app-based threats? First of all, as we said above, we should download mobile business apps from such trusted marketplaces as Apple App Store and Google Play Store and never jailbreak our iOS devices. Second, we should install mobile business apps of only reputable app developers like Snappii and check out the developer’s website, reviews, and ratings before downloading any app. Last but not least, we should download a free or paid mobile security application, Lookout for instance, that can protect against these threats in real time.
If you’d like to read more on this topic, please check out Mobile Threads, Made to Measure or Cyber security in the Golden State.