The HP study focused purely on custom business apps, but there’s no reason to believe the issue doesn’t extend to commercial apps you find in the Apple App Store or Google Play. Many apps have access to data or permission to perform functions they shouldn’t.
If you want to play a game like Angry Birds, there’s no reason that it needs to have access to your contacts, and A a weather app probably doesn’t need to be able to send email on your behalf. The security risks in apps go beyond permissions, though. There are issues in how the apps integrate with core functions of the mobile operating system, as well as how they interact with and share information with one another.
In the HP study, 97 percent of the apps contained some sort of privacy issue. HP also found that 86 percent of the apps lack basic security defenses, and 75 percent fail to properly encrypt data. Assuming similar percentages across the hundreds of thousands of consumer apps in the app stores, it’s likely that you have a few security or privacy concerns floating around your smartphone or tablet.
But this isn’t about malicious apps designed to steal your data. It’s mostly a function of lazy coding. Developers write apps that access everything because it’s easier than writing more specific code, and it also paves the way for any future enhancements that might actually need it.
In a BYOD scenario these security and privacy risks are exaggerated for both the employer and the employee. In most cases, the line between business and personal is not clearly defined, and apps can easily blur that line and put both company and personal data at risk. The problem is exacerbated by the fact that apps are impulse purchases for many users, thanks to low prices and easy installation.
The mobile operating systems have improved in terms notifying users about the permissions an app is requesting and providing the user with more control to allow or block access to specific functions. But the system still puts too much burden on the user, both to know those controls exist and how to use them, as well as to understand the implications and security concerns of the apps.
The better solution is for developers to build security and privacy into the apps from square one. Developers should be aware of the potential implications of how their apps access data and interact with other apps, and design them to be secure by default.
Via: Network World
Malware that avoided detection and made its way onto the official Google Play store has been downloaded at least 2 million times, a security firm warned today.
Google was notified of the outbreak by Lookout and all affected rogue apps have been removed from the Android store. As many as 9 million could have downloaded the dirty code.
Lookout found 32 applications contained code from the “BadNews” software development kit, which masqueraded as a standard advertising network SDK.
But it was particularly aggressive, sending phone number and device IDs to their command and control servers, and prompting users to install applications, including AlphaSMS, a “well-known premium rate SMS fraud malware”, which can cost users plenty of money.
“It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network,” the company wrote in a blog post.
“However, based on our analysis of the backend code behind a number of these purported ad networks there is little doubt that BadNews is a fraudulent monetisation SDK.”
“Further, it is clear that a substantial amount of code in BadNews has previously appeared in other families associated with Eastern European toll fraud.”
Lookout identified three C&C servers, in Russia, Ukraine and Germany.
It’s another big outbreak of Android malware, which has been spreading rapidly in recent years. NQ Mobile reported earlier this week that mobile malware jumped 163 percent in 2012, with almost all threats aimed at Android.
Governments appear to be using mobile Trojans too. China was this month implicated in attacks on Tibetan activists, which sought to get malicious kit on Android devices.
Source: Tech Week Europe
Whatever made the Hackulous team shut down Installous yesterday is surely giving a push to other even easier alternatives for side-loading (and, as is often the case pirating) iOS apps.
Two of them are getting quite a lot of attention since Installous shut down – Zeusmos and Kuaiyong. In fact the Zeusmos website is currently down and huge spike in interest could be one of the explanations.
Both services don’t require jailbreak and, of course, you can’t get them from the App Store. The installation process is reportedly quite easy, needing you to just visit a website and hit an Install button, though we cannot confirm that ourselves. Then your Installous replacement will appear on your home screen.
If anything happen to those two, surely another four will pop up in their place. It seems that even Apple will be unable to stop piracy, no matter how hard it tries and how tight a grip over the iOS ecosystem it holds.
The Pew Research Center’s Internet & American Life Project obtained readings on some of the most popular cell phone activities among adults in nationally representative phone surveys in the spring and summer.
It’s no secret that the use of cell phones has become so common place, that people, like myself, use them to do just about everything throughout the day. Because cell phones now have the capabilities to accomplish these tasks.
So naturally the number of people who own a cell phone has increased and so has the number of people that use their devices to do much more than make phone calls. Cell phones have become a portal for an ever-growing list of activities. Fully 85% of American adults own and use their cell phones in various ways.
These results come from two Pew Internet tracking surveys:
- • One was conducted between August 7-September 6. 2012 with 3,014 American adults (ages 18+). Among them were 2,581 the cell phone owners and the margin of error in the survey for findings among cell owners is plus or minus 2.1 percentage points.
• The second survey was conducted between March 15-April 3, 2012 among 2,254 adults, including 1,954 cell owners, and has a margin of error of plus or minus 2.4 percentage points.
Both surveys were conducted on landline and cell phones and in English and Spanish.
Read the full Report Here (PDF)
Breakdown of survey chart:
2010: 76% of users
Now: 82% of users
2007: 58% of users
Now: 80% of users
Accessing the Internet:
2008: 25% of users
Now: 56% of users
Send and Receive Email:
2007: 19% of users
Now: 50% of users
2007: 18% of users
Now: 44% of users
2009: 22% of users
Now: 43% of users
Look for Health Information:
2010: 17% of users
Now: 31% of users
Check Bank Account:
2011: 18% of users
Now: 29% of users
Today Japanese police arrested five Android developers for embedding a virus into their Android apps.
It is well known that there are plenty of ‘High-Risk’ applications in the Google Play store as well as on third party Android marketplaces. According to Japanese police they initially suspected only 90,000 infections from these apps, but they found that these guys collected 10 million separate pieces of information from their series of apps. According to Google Play, some apps have been downloaded 270,000 times.
The developers technique to get people to download their virus-ridden software was they simply took names of popular games, and added “The Movie” to the end. So, for instance, “Angry Birds: The Movie.”.
Just another case of Android malware and viruses being distributed on Android devices. Hopefully the new ‘Bulit-in Malware App Scanner’ introduced in Android’s latest OS will help to fix this problem.
German researchers analyzed a sample of 13,000 Android applications and found that more than 1,000 contained serious flaws in their SSL implementations.
The researchers from Leibniz University in Hannover and Philipps University of Marburg published this paper (PDF), showing their findings. They found that 17 percent of the SSL-using apps in their sample suffered from implementations that potentially made them vulnerable to man-in-the-middle MITM attacks.
The researchers claim they were “able to capture credentials from American Express, Diners Club PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary e-mail accounts, and IBM Sametime”.
In addition, since virus software also uses SSL, “We were able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.”
This issue has come about because of developers misusing the SSL settings the Android API offers.
Examples given by the researchers including apps that are instructed to trust all certificates presented to them. (There were 21 of 100 apps selected for a MITM test) of that 20 of the MITM-tested apps were configured to accepts certificates regardless of its associated hostname (for example, an app connecting to PayPal would accept a certificate from another domain). Other issues included SSL stripping and “lazy” SSL implementations by developers.
The researchers also noted that a number of apps provided insufficient feedback to users, for example, failing to tell the user whether or not it was using SSL to transmit user credentials.
Today the Blackberry Touch (or Monaco) was seen in some hands-on photos. It is great looking device and it is running the not yet released Blackberry OS 6.1. There was also the leaked OS 220.127.116.11 and with that there are a few BB 6.1 applications that can be downloaded now:
•BlackBerry App World v18.104.22.168
•BlackBerry Radio v22.214.171.124
•BlackBerry Podcasts v126.96.36.199
•BlackBerry News v188.8.131.52
•Facebook for BlackBerry v184.108.40.206
•Visual Voice Mail v220.127.116.11
The known specs for the Blackberry Touch:
Dimensions: Sleek, thin profile – 11.5mm thick (120 x 62 x 11.5 mm)
Monza / GSM: TBA…
Monaco / CDMA: Qualcomm 1.2GHz Processor
Monza / GSM: TBA…
Monaco / CDMA: Dual band CDMA, EV-DO Rev A, RX Diversity ; Quad band EDGE / Single Band UMTS
Display: 3.7″ – 800×480 resolution, 15:9 aspect ration, 253 DPI
Camera: 5 MP – Flash – Image Stabilization – HD Video Recording (720p)
Navigation: Capacitive touch + BlackBerry navigation keys + optical navigation module. One convenience key
Memory: 4GB storage + 768MB RAM + up to 32GB MicroSD
WiFi/GPS: Wi-Fi 802.11 b/g/n + GPS + Bluetooth 2.1 EDR + Mobile HotSpot
Connectivity: Micro USB – Bluetooth – NFC
Sensors: Magnetometer – Accelerometer – Proximity
Software: Enhanced BlackBerry SW v.6.1, BlackBerry Evolution 6, Open GL ES 2.0, APIs for magnetometer and augmented reality apps
Via Crackberry and BGR
Posted with WordPress for BlackBerry: Mark’s Torch 9800