Tag: mobile security

100% of Android applications compromised, according to Metaforic

All of the most popular mobile applications for the Android platform may have been hacked, according to Infosecurity, an online resource for security information. This possibility is being echoed by Metaforic, a leading mobile security provider, which suggests that the likelihood of a person downloading a compromised application has risen exponentially over the past few years. Metaforic notes that as more compromised applications become available, they could create a serious security threat against major enterprises and even government agencies.

Lack of standards and wide variety of development practices seed potential threats

Application development has changed over the years and developers have adopted myriad practices in order to conduct their tasks. Because there are so many ways to create a mobile application, there is limited standardization that exists to protect the integrity of these applications and ensure they live up to a certain expectation. Metaforic notes that most, if not all, applications becoming compromised because of app repackaging. Repackaging refers to programs that are part of applications that automatically install software across a wide variety of platforms.

Few consumers take steps to protect their mobile devices

Another issue that is causing significant problems in the mobile security sector is the fact that very few people actually protect their smart phones and mobile devices. The vast majority of consumers do not have any kind of security software installed on their devices, leaving them at risk of having their device infected by malware or exploited in other ways. While most mobile devices have some form of internal security, third party software is often needed to completely ensure the security of a smart phone or tablet.

Metaforic advises consumers to find ways to protect themselves

Many of the compromised applications available for the Android platform are likely dormant in some fashion. That is to say that the threats associated with these applications have not yet been activated. Indeed, these threats may never actually take form, but given the fact that so many applications have been compromised — in many cases long before they have actually reached the app market — it may be prudent for consumers to find new ways to protect themselves.

This proposed regulation would allow smartphone users to ask apps to delete their information.

U.S. Representative Hank Johnson (D-Georgia) has proposed mobile security legislation that would make it possible for smartphone users to be able to request that apps cease the collection of their personal data, and that they delete information that has been previously collected about them.

The American lawmaker has released a discussion draft for the change to the current law.

The release was made regarding the Application Privacy, Protection, and Security Act. This proposed bill would require mobile security measures to be taken by all apps, in that they must provide their users with notice about the data that they collect, and they must receive consent from those users before they will be permitted to collect any personal information.

This mobile security proposal would also allow the users to control the information being collected or held.

Beyond simply requiring permission to collect the personal information in the first place, this mobile security measure would also make it possible for users of apps to be able to tell the developer that they will no longer be using the app and that they wish the collection of their information to stop. This would mean that the developers would not only need to cease the collection of the data, and would also have to delete any personal data that has already been collected “to the extent practicable”, said the discussion draft.

Rep. Johnson used the AppRights.us website in order to solicit ideas for the mobile security and privacy bill that he wanted to propose. The website was initially launched in July 2012. He explained in a statement that “Because the majority of the feedback that we received on AppRights expressed strong support for user control, transparency, and security, we incorporated these principles into the bill.”

He also added that “Many of you also told us that simple mechanisms are important to protecting your privacy on mobile devices.” He went on to say that after he had heard the concerns that were raised, he was able to write provisions that would address them in a way that would provide increased mobile security, without threatening the integrity or functionality of the “apps that you love.”