I know this isn’t completely about BlackBerry devices, in fact it’s mainly pertains to Android devices, but I felt it was important to know about nonetheless. A big thanks goes out to Brittany and Dan of SMobile for taking the time to speak with us today about SMobile and the Android devices. ***The reason for the post is a press release about the risk potential of the Android Market and a new patent-pending spyware detection technology.***
As you know as one of our readers, we follow SMobile very closely for their strides in mobile security. They performed an analysis of the Android Market and the over 48,000 applications available in the market, and have posted the results. The Android system is the first completely free and open platform very similar to that of Unix and Linux. It’s fast, it’s open, and there are thousands of applications available. So why would this be a concern? As our technology advances, so do the skills of developers who work vigilantly on spyware and viruses targeting systems. With BlackBerry, the most current threats to the BlackBerry devices are spyware which have to be installed on the device by you or someone else. You cannot get spyware by just surfing the web or by an email. You have to download and install them, but currently there are no viruses written for BlackBerry devices. There are different types of malicious software or malware out there. The main ones to be concerned about are spyware, viruses, and worms.
Spyware is extremely malicious. It hides in the phone, and if you remember the last time I did a comparison of the free LookOut application against SMobile, I conveyed how if there’s not an icon and you didn’t know what to look for, the names of the malware blend in with actual apps on your phone. I read the whitepaper that was done, and it’s clearly a concern.
Here’s the mainpoints to consider:
“The Android Market offers the ability for developers to create any application they choose with the community regulating whether the application is appropriate and safe, as opposed to relying on a formal screening process.” What this means: “The Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market’s consumers. This presents the opportunity to easily defraud innocent consumers for financial gain.”
Now Apple still does not allow the ability to have true anti-virus/anti-spyware applications in their market. But at least with the Android system being open, it does allow you to use such applications on your phone. But is it a concern? There’s already been an app to prove yes in the Android Market. A bank phishing app which has been removed since was on the market. A supposed banking app created by Droid09 claimed you could conduct your banking off the application on the device. All you had to do was give the app your user account information. It only facilitated a web browser to your banking institution, and whatever was done with the information provided is still unknown.
Here’s where it gets serious. I know many of us install apps, whether it be our BlackBerry or Android. And when you install it asks for permission to work. We set those permissions, and many of us don’t think about it. Some will ask for GPS, contact information, etc. Remember that you define the permissions. Many of the Android applications are asking for permissions that could be very integrating, but also could be accessible for someone who has created a malware application.
Here’s an excerpt that was really frightening:
To date, metadata collection has netted information from 48,694 applications in the Android market, roughly 68% of all applications that are available for download. It is noted that one in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes. One out of every twenty applications has the ability to place a call to any number without interaction or authority from the user.More frighteningly, 29 applications were found to request the exact same permissions as applications that are known to be spyware and have been categorized and detected as such by SMobile’s solution. A full eight applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable. 383 applications were found to have the ability to read or use the authentication credentials from another service or application. Finally, 3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the user’s interaction or authorization.”
***The press release had the following points:
- 20 percent of applications in the Android market grant a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as Identity Theft, mobile banking fraud and corporate espionage; 5 percent of applications have the ability to place a call to any number, without requiring user intervention;
- Dozens of application have the identical type of access to sensitive information as known spyware
- 2 percent of market submissions can allow an application to send unknown premium SMS messages without user intervention.***
I asked Dan what advice he had for our readers. He stated: “Please be careful when surfing online on your device and downloading application. You protect your personal computer with security software, you need the same alertness regarding your mobile device.”
1. Treat your smartphone as you do your pc, use a trusted and reliable security software application.
2. Use caution when downloading applications and pay attention to the permissions they request.
I’ve heard fellow geeks say they wipe their Android device weekly just in case. With a good security application and sound logic regarding your actions, you needn’t go that far.
I asked Dan what symptoms one should be looking for, but he said that with Spyware there is no warning till your information has been placed at risk. Real spyware has no symptoms and signs. And with the great options out there, there’s no need for placing yourself at risk. I admit, technology is advancing and we should be prepared. Enjoy your device but take care of it as well. SMobile Systems has the software that updates as often as you want.
***In the press release SMobile announced that they have incorporated a new patent-pending spyware detection technology into its Security Shield solution. This new technology is revolutionary as it analyzes an entire device in seconds and immediately identifies and mitigates known and unknown spyware threats. It does all this with no impact to the user experience or how the device performs. Security Shield was the first commercially available mobile security solution available for the Android operating system. So with it being so quick, Dan explained seconds fast, it matches the speed of the phone.***
The way that the SMobile Shield works for BlackBerry is that you have it installed. You can choose to have different sections of your phone scanned, from the apps to the card, files, sd card, etc. Yes, some apps can involve your microsd card, and it’s memory just like a thumb drive. When you scan, the Shield will detect any malicious ware and will give you the opportunity to delete it. The device will restart and all is well. And it updates to stay current with the newest and latest threats. Your phone is an investment, don’t leave it open.
SMobile Systems has been the leading mobile security software developer out there, from businesses and government to the consumer and family. Their goal is provide the upmost reliable security for your mobile device and information. They also have a global security center where you can keep up on the latest and newest threats out there. And yes, Mobistealth is one of the many spyware it is able to detect. I keep SMobile Security Shield on my BlackBerry as I’ve seen it work in action. The way technology keeps advancing, nothing surprises me but sometimes that’s a good thing.
I know from the comparison I did that spyware is real and of course the best advice is to password protect your phone, don’t let anyone have access to install apps on it, and when you install software pay attention to the permissions it’s requesting. If it doesn’t seem right, it probably isn’t. What are your thoughts on security on your phone? How do you feel about the BlackBerry and Android phones? Share your opinion, we’re curious to know how many of us feel it’s important.
[via: SMobile Global Threat Center]