16 June 2012

Mobile Apps: What’s the Threat?

With the introduction of smartphones, the mobile world has been revolutionized. One of the most popular features of the smartphone is the mobile app. So popular, in fact, that the Apple App Store reached 10 billion downloads this year, and that doesn’t even factor in downloads from Android, which also shares a significant portion of the rapidly expanding market. But with the expansion of the communication world comes more opportunity for misuse, which has many in the industry increasingly concerned about mobile-app security.

Mobile Apps


Not all Fun and Games:

Apps are those handy little tools that make life easier. Whether you want to play a game while waiting at the doctor or need to find a local restaurant, apps can help you do a variety of things. But they might also do things you don’t want them to do – like help cybercriminals steal your personal information. Though apps are the latest and greatest mobile innovation, they’re also the new frontier for hackers to exploit.

App creation has exploded in the last few years, meaning everyone – and anyone – can create an app.

The problem is that hackers can embed malware in an app, which can retrieve personal data to sell to advertisers (at best) or hack bank accounts (at worst.) Though the platforms that offer apps do have some screening, they simply don’t have the resources to investigate every app, so malicious ones can – and do –slip through the cracks.

In fact, a 2010 study by Intel Labs, Penn State, and Duke University found that 15 of the 30 popular Android apps they monitored sent users’ geo-location to remote advertisement servers. In addition, seven of the 30 sent “a unique phone (hardware) identifier, and, in some cases, the phone number and SIM card serial number to developers.” This means many apps are sharing information with third parties, often without the user knowing. The study also noted that the app licensing agreements “rarely provide privacy policies that clearly state how users’ sensitive information will be used, and users have no way of knowing where applications send the information given to them.”

Though not all the shared information is used maliciously, the risks here are enormous. For example, in July 2010 Citibank admitted its mobile banking app had a major flaw. The app saved banking info, such as account numbers and access codes, to a hidden file on the user’s phone. The file was also saved on user’s computers if they backed up their iPhone. Though the app was updated, the snafu highlighted security concerns.

And if that isn’t worrisome enough, the new crop of medical mobile apps are especially vulnerable. These apps can be used as cardiac monitors or to help diabetics time insulin injections; if hacked and functionality is disrupted, there may be real life or death consequences for users. This serious risk has recently garnered attention from the government, prompting the FDA to host a public workshop this month to discuss medical mobile-app regulation.

In the absence of concrete federal regulation, it is the consumer’s responsibility to use apps wisely. Though not every app poses a risk, users should proceed cautiously.


Tips for Mobile App Security:

If you’re an app-happy smartphone user, the following tips will help protect you against malicious apps next time you download.

Don’t give permission: Some apps have a pop-up asking if you want to share information or your location. Play it safe and deny this access.

Clear house: If some of your apps seem buggy, don’t work, or jam frequently, delete them. They may not be working for you because they’re actually working for someone else.

Download from reputable companies: Only use major platforms to download your apps because they’re more likely to have gone through some sort of screening process. Also try to download the more popular apps – in this case it’s best to stick with the tried and true.

iPhone users: Don’t jailbreak your phone – this leaves it more susceptible for others to break in, too.

Android users: Carefully consider the questions apps ask you, and decide how much information you really want to share.

Avoid banking with apps: If you absolutely must, bank with authorized apps only – and remember to update.

AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date