Dodgy security puts apps users at risk

The Black Hat Security Conference in Las Vegas majored on mobile apps security – or the virtual lack of it. Whatever mobile camp you belong to does not seem to matter. John Hering and Kevin Mahaffey of Lookout, a mobile phone security firm, introduced their App Genome Project which will highlight any security threats in smartphone apps.

On the face of it, it would seem that unmoderated Google Android apps would be riskier than those for Apple iPhones which are vetted before appearing on iTunes. According to the data from Lookout, it looks like a close run thing.

It appears that 29 percent of the free Android apps can access a user’s location, compared with 33 percent on the iPhone. Only eight percent of these Android apps can access user contacts but this almost doubles to 14 percent in Apple’s case.

The balance tips the other way when studying integrated third-party code in these programs. Almost half of the free Android apps include such code while the number is 23 percent on iPhones. There was also the horror story of Jackeey Wallpaper’s Chinese exploit. His One-Piece Wallpapers app allows the Android phone’s backdrop to be changed to My Little Pony or Star Wars (whatever floats your boat).

Meanwhile the app is busy collecting your phone number, subscriber identity and voicemail password ready for packing off to a server in Shenzhen, China. The only example of an iPhone exploit was one with its roots deep in the foundations of hackerdom and the phone phreakers of yore who believed that phone calls should be free.

A 15-year old app programmer managed to get rogue code past the iTunes’ scrutineers. In an innocuously boring app which turned the iPhone into a poor version of a torch (imaginatively called Handy Light), the programmer hid code that allowed the iPhone to be used as a 3G modem which could be linked to a computer to allow free internet access.

One day there will be an exploit that makes users sit up and maybe we’ll see a cheap data encryption app integrated in mobile phone operating systems.