Strides in technology have allowed people-on-the-go to utilize their mobile devices in unprecedented ways. Mobile devices are quickly becoming computing devices allowing users to read their email and surf the internet, update their phone book, listen to their favorite music, tune in to their favorite TV shows and movies, send text and instant messages to their friends, check their banking statements, and pay bills. Consumers can now utilize their mobile devices in the same way that they use their desktops.
And with the addition of apps, the experience has been greatly enhanced. Each mobile user can customize their device to access programs, features, and services that fit their own particular interests, needs and lifestyles. There are some great things that can be said about the introduction of apps into the mobile platform, but while using apps can have its benefits; buyers should be made aware of everything that apps are capable of.
App stores and their applications provide unlimited access to a number of customized products and services, but what its users may not realize is that these apps can also provide unlimited access of their data, making them vulnerable to phishing schemes, malware and other cyber attacks. Your phone app could be spying on you; tracking, accessing and stealing your private information.
App stores make no guarantees about the safety or quality of their apps, said Veracode security researcher, Tyler Shields. Shields introduced a spyware program at the SchmooCon convention earlier this year that demonstrated the capability of intercepting data sent to a BlackBerry device. The goal, stated Shield on the Veracode website, was to demonstrate how BlackBerry applications can access and leak sensitive information using only RIM-provided API's. This included recorded text messages, email and web traffic. According to Shields, malicious mobile apps that gain access and steal data from your iPhone, BlackBerry, Android, or other type of smartphones are a growing concern.
"Without fail, no one thinks for a moment about what goes on behind the scenes of these app stores," Shields said. "The owners of the app stores have a great choke point for enforcing security, but they don't want to slow down the number of apps being sold. If you read the fine print, it's download at your own risk."
While most people are consciously aware of the threats posed to their desktop and laptop computers and take great steps to protect them, they may not consider the accessibility of their mobile device. "The Spyware Trojan approach targeting mobile devices will be the future of crime," said Shields.
There are extremely technical approaches like the OS attacks, but that stuff is much harder to do. From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward."
Security experts are especially concerned about the new threat of Banker Trojans, fake mobile banking applications have that have become available for mobile devices. The banking applications which may look legitimate, may fraudulently access your online banking information.
Shields said BlackBerry users can protect themselves by configuring their default application permissions to be more restrictive, avoid granting "trusted application" status and corporations can configure their IT policies to restrict their users from installing third-party applications.