With the increasing demand for instant information, cell phone apps have become the instant answer providers. Cell phone apps have even started invade schools. I attended a seminar at my school, Kennesaw State University, on the 10 must have apps to graduate. So now, not only can apps be used for games and social reasons, but they are also used as helpful tools for students at all levels of education. All of this made me wonder….how safe is it to download all these apps? Well, I came across this article in PC World which address some of my concerns.
Mobile security firm Lookout embarrassed Android by revealing that a popular wallpaper app was sending sensitive user data to a mysterious Website in China.
The discovery, on its face, looks like an argument for Apple’s restrictive phone App Store. Certainly, the store’s approval process has an extra layer of security that the Android Market does not, even if it means that some desirable apps aren’t allowed because Apple says so. Still, the advantage for Apple is not so clear-cut.
First, a little background: The Android wallpaper app comes from Jackeey Wallpaper, includes popular brands such as My Little Pony and Star Wars, and was downloaded between 1.1 million and 4.6 million times, VentureBeat reports. Jackeey Wallpaper apps collected browsing history, text messages, SIM card numbers, subscriber identification, and voicemail passwords, and sent the data to www.imnet.us, a domain registered in Shenzhen, China.
Ostensibly, an iPhone App Store reviewer would see this kind of activity in an app and disapprove, but it doesn’t always work that way. Last December, Nicholas Seriot, a Swiss iPhone developer, described a proof-of-concept app that could mine contact information, GPS locations, web searches and everything you type except for passwords. Apple would normally reject an app like that, but a malicious developer could try fooling reviewers with changes at runtime, or other delayed trickery.
Android has a different way of protecting users. When you download an Android app, it tells you what kinds of information will be accessed, so if a video game announces it will read your text messages, users can see that and determine something shady is going on. Apple, by comparison, guards the apps themselves more closely, but doesn’t tell users what kind of data is accessed.
But Android’s system isn’t perfect either, as shown by Lookout. Jackeey Wallpaper apps, when downloaded, only say they’re collecting “phone info,” which doesn’t really mean anything.
Both the iPhone and Android also face issues with third-party software, Lookout explained. Third-party code is generally used for advertising or analytics, but can access data in ways that users or even developers who implement the code don’t know about. Apple recently banned the collection of iPhone data by third-parties for analytics or advertising, but that was intended more to stop groups like Flurry from spilling the beans on new Apple products.
Lookout did commend both Android and the iPhone for keeping blatant malware out of their stores. Their message in the end was a word of caution to developers and users about the software they use. So I don’t think there’s a huge cause for alarm, nor do I think Apple’s app security approach is indisputably safer than Android’s, or vice versa.