What now, after the Android Market scare?

No screening process is going to be foolproof, but we can all take steps to make our devices safer

By Kenneth van Wyk, Computerworld |  Security, Android, Android Market

I truly hate to say it, but it was inevitable that we'd see some maliciously inclined apps get introduced to the public through the Android Market or the Apple App Store.

As I described in my August 2010 column , it is exceedingly difficult to ensure the security of apps in a public store. As consumers, we seem to expect perfection, but that's just not realistic.

The recent spate of malware-infested apps found in the Android Market illustrates the point. Mistakes are going to happen, even if our app providers undertake reasonable precautions in guarding their stores.

And I should make it clear that I'm referring here to deliberate malicious behavior in the app software, not inadvertent mistakes made by application developers. Some of those inadvertent mistakes can be found via static code review of the apps themselves, and the store provider in its screening process may well detect some as well.

The question that we should be asking, then, is this: What do we have to protect us from apps containing deliberate malicious "features" such as Trojan horses that seek to steal sensitive information from us.

Let's consider both the store processes and the underlying security architectures briefly here. And let's compare Android and iOS in these considerations.

As for the stores, Apple of course is famous for having an app screening and approval process for all the apps in its App Store. Although not much is publicly known about that process, Apple does publish a set of guidelines for application developers to conform to (Note: You must be logged into the Apple Developer site to access the linked URL). Every iOS developer should read and be deeply familiar with those guidelines, of course, but they are hardly specific to security. In fact, the term "security" does not appear even once in the guidelines.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness