Android Apps and the Open Source Platform at a Greater Risk of Attacks than iOS (Part 2 in a series title “Mobile App Security Should be a Top Priority”)

27 11 2012

Android apps are targeted because the Android ecosystem is open and therefore easier to exploit. The attacks use a form of hacking dubbed “spear phishing”.  There are currently three known phishing attacks that have affected the Android community.

One of the attacks is known as Loozfon, and in one instance, appears to a user as a work-from-home opportunity. A user receives a text or an email on his Android device and when he opens the link, Loozfon sends the malware through to the phone. The goal of the Loozfon attack is to steal contact information from a user’s device.

The second piece of malware is called FinFisher. FinFisher operates in the same way as Loozfon does, by sending a text message or email to a user’s phone. The message to the user appears as a system update but instead of updating the operating system, FinFisher allows the hacker to remotely control the user’s phone. Some hackers simply create applications masquerading as games and let the app install the malware once a user downloads and opens the game.

Clearly, all of the attacks can be very damaging – by compromising users’ personal data – and are designed to deceive consumers into downloading them. Because the attacks can be used to extract data such as transaction details or credit card numbers, it is imperative that everyone in the mobile application and platform pipeline be aware of, and works hard to combat, the potential of cybercriminal attacks.


The new enterprise challenge in 2011: Android Botox?

7 02 2011

In 2011 Google will become, or remain depending on whether you believe Canalys or Nielsen, the dominant smartphone operating system. Although noteworthy on its own, the point that really interests me is that this will likely be achieved by growth in the enterprise and not consumer market.

As pointed out in a previous post, the popularity of the Blackberry device is gradually receding and opening up space for the iPhone and Android handsets. Jason Perlow of ZDNET points out in a recent column that, in the short term at least, that large, medium and small IT environments will find executives and employees asking for iPhones and iPad. But this is set to change, especially in large organizations.

This is for two main reasons. Firstly, there are the logistical challenges of deploying and developing applications on Android versus the iPhone. Secondly, the ability to partition personal data from corporate data will be essential in the “bring your own” culture which we see growing amongst our own customers.

The mobile enterprise market is clearly a key focus of 2011, having seen both AT&T and T-Mobile USA staking their claims in this space in recent interviews.

So, in 2011 will we be seeing the  “Android Botox”? Let me know in the comments below.