Tuesday, November 25, 2014

Clickbait Alert: The Latest Smartphone Security Alert

This is exactly the kind of security warning that trends towards "Clickbait":

Smartphone security alert: 87% of iPhone and 97% of Android top 100 apps hacked

First of all, there's the number, then there's the terminology.

What do we mean by 'hacked'? Was there a data breach? Was the Apple or Google app store hacked?


The report from ArXan, "State of Mobile App Security, Apps Under Attack", Volume 3 – November 2014 has this to say:
The 2014 State of Mobile App Security analysis followed the same methodology as last year’s research, which included identifying and reviewing hacked versions of top iOS and Android apps from thirdparty sites outside of official Apple and Google app stores.
Users know, even if they ignore, that installing apps from third party sources is risky.
While it is important to know that such a high percentage of apps that are distributed outside of the app store have been infected with Malware, the report does not show any compromise of the app store or these companies' infrastructure. However, other research linked in the article, available here, deals with those issues.

The Register had this to say:
As a specialist in application protection, Arxan has an obvious vested interest in talking up the threat from poorly protected mobile apps. However, that's not to say it isn't onto something. The recent discovery of the WireLurker iOS malware provides evidence that the issue of tampered apps is a real and present danger.
So, I guess, important to know. Perhaps this becomes a reason companies should avoid putting out branded apps, or for sectors that deal with private information - should employ technology (such as ArXan's) which helps to tamper proof the code.

Bottom line: 87% of reports that the sky is falling - need to define the term "sky".

No comments: