Fifteen years ago buying ringtones and swapping .3 megapixel photos was cutting edge, now global revenues from mobile virtual goods and premium subscriptions is projected to stretch to $4.7 billion USD by 2016, according to Juniper Research’s “Virtual Goods – Real Revenues on Mobile” study released this month.
Juniper defines virtual goods, as intangible, digital items which cost little to produce and are often sold in bulk at low prices, typically for about $1 USD each. Many virtual goods are digital depictions of physical goods – like the berries in Farmville for example – and Juniper says in-game items are a major source of virtual good revenue for many sites.
The kicker for consumers will be determining if the digital downloads are safe, or carry a bonus malware payload.
In my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, I explain why the surge in mobile revenue feeds the mobile crime rate:
The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?
Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.
As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:
Size of opportunity: There are now more than five billion connections worldwide and analysts predict this will surpass the six billion mark in 2012. More than 500 million of these phones today are smartphones that enable the rich features companies and crooks need to drive revenue, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media. As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.
Cost of investment drops: As industry pressures condense the number of mobile platforms, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.
Risk – From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe. Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.
Risk – From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks, security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made. Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.
We’ve already begun to see the damage. Android (Google) has had at least two embarrassing episodes with their mobile apps – see my blogs More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected. And as more users go outside the ‘tested apps in walled gardens’ like Apple’s and the ones carriers provide, the insertion of malicious code into apps will increase.
The bottom line: There is no substitute for strong security protection on your device. There are a number of mobile security suites available to compare these TopTenReviews has created an excellent mobile security software comparison chart for consumers. Be sure you install one.