Taking the smart out of smartphone
BBC News has highlighted smartphone security concerns by developing its own booby-trapped app designed to spy on users, with experts warning it is difficult to spot malicious programmes from legitimate apps.
The BBC set out to demonstrate how easy it is to create a malicious app, putting together a basic game built from standard parts of software toolkits used by developers, that also spied on its smartphone users.
Experts told the broadcaster that tech-savvy criminals have started to create malicious programmes for smartphones, which can be hard to spot as they use the same functions as normal apps.
Chris Wysopal, co-founder of security company Veracode, which helped the BBC create its app, reportedly warned smartphones are suffering from malicious programmes the same amount as PCs did in 1999.
He said such apps are ‘big business' as criminals are churning out malware that attempts to steal personal information, which can fetch high prices. Even Google and Apple have been forced to remove apps from their respective stores recently over worries they were malicious.
Wysopal reportedly said mobiles are more tempting than computers as targets because, "mobile phones are really personal devices. You might have one computer for a family but every family member has a personal device and it is with them all the time."
Another security expert, Simeon Coney from AdaptiveMobile, told the BBC smartphone crime is more financially lucrative than targeting computers.
"In the PC domain the only way a criminal can generally take money from a user is by having them click on a web link, go to a website, purchase a product and enter their credit card details. In a mobile network the device is intrinsically linked to a payment plan, to a user's credit."
In the past criminals have made money by making phone owners dial premium rate numbers, but are now focusing on applications and pilfering information.
According to the App Genome project by yet another security firm, Lookout, one third of smartphone apps reportedly try to nab a user's location, while one in ten attempt to steal their contact and address lists.
The firm has tried to map the workings of some 300,000 applications and whether they do more than expected. Interestingly, it reportedly found a large number of applications borrow code from other programmes, possibly sharing problems.