Top Tips to Avoid Malicious Apps

November 28, 2011

17.7 billion mobile apps are estimated to be downloaded in 2011 (a 115% increase from 2010). By 2012, mobile apps are projected to generate more than $15 billion in app store revenues from end-users alone, according to “Forecast: Mobile Application Stores, Worldwide, 2008-2015,” by Gartner.

“As the application market continues to boom, users should be more cautious that they know what they’re installing,” said Lawrence Pingree, Gartner analyst. “For example, they should only install applications from trusted sources and ensure that permissions match up with the respective application’s core features. Anti-malware protection will also go a long way in helping to ensure the user’s mobile device has the latest protection.”

To help consumers stay safer when selecting mobile apps to download, McAfee has just released their Top Five Tips to Avoid Bad Apps.

These include:

  1. Although smartphone malware is remains a relatively low threat compared to malware targeting PCs; being aware that it exists is the first step toward protecting yourself and your data.
  2. Always research any app and its publisher and check the ratings before downloading – you’re safer if you install apps that are broadly used or are recommended by friends or colleagues.
  3. Purchase from a well-known reputable app store market. For Android users, avoid installation of non-market applications by de-selecting the “Unknown sources” option in the Applications Settings menu on your device. If the option is not listed, it means your mobile service provider has already done this for the user.
  4. When installing an app, pay attention to the list of permissions it wants to access the hardware and software on your device, like your contacts, camera and location. If it wants permissions for things the app doesn’t need, don’t install that app! For example, an alarm clock app shouldn’t need to access your contacts or have the ability to transmit that data from your device.
  5. Install antivirus software on your phone. Always install an antivirus program when you get a new mobile device – before you add any other apps.

“Maliciously modified apps have started to become more prevalent,” said Vincent Weafer, senior vice president, McAfee Labs. “Based on McAfee detections, we’ve seen approximately 200 malicious apps versus tens of thousands of good apps. However, with mobile devices becoming a targeted platform for malware, it’s becoming more common for cybercriminals to attempt to corrupt a legitimate app. The best advice for users is to be careful, protect the mobile device and the mobile apps that reside on the device.”

These are tips to live by.

To learn more about mobile threats, see my blogs It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected.

Linda

Advertisements

Virtual Goods and Subscriptions for Mobile Devices Nearly $5B by 2016?

November 6, 2011

Fifteen years ago buying ringtones and swapping .3 megapixel photos was cutting edge, now global revenues from mobile virtual goods and premium subscriptions is projected to stretch to $4.7 billion USD by 2016, according to Juniper Research’s “Virtual Goods – Real Revenues on Mobile” study released this month.

Juniper defines virtual goods, as intangible, digital items which cost little to produce and are often sold in bulk at low prices, typically for about $1 USD each. Many virtual goods are digital depictions of physical goods – like the berries in Farmville for example – and Juniper says in-game items are a major source of virtual good revenue for many sites.

The kicker for consumers will be determining if the digital downloads are safe, or carry a bonus malware payload.

In my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, I explain why the surge in mobile revenue feeds the mobile crime rate:

The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?

Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.

As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:

Size of opportunity: There are now more than five billion connections worldwide and analysts predict this will surpass the six billion mark in 2012. More than 500 million of these phones today are smartphones that enable the rich features companies and crooks need to drive revenue, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media.  As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.

Cost of investment drops: As industry pressures condense the number of mobile platforms, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.

Risk – From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe. Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.

Risk – From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks,  security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made.  Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

We’ve already begun to see the damage. Android (Google) has had at least two embarrassing episodes with their mobile apps – see my blogs More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected. And as more users go outside the ‘tested apps in walled gardens’ like Apple’s and the ones carriers provide, the insertion of malicious code into apps will increase.

The bottom line: There is no substitute for strong security protection on your device.  There are a number of mobile security suites available to compare these TopTenReviews has created an excellent mobile security software comparison chart for consumers. Be sure you install one.

Linda


Great Infographic with Sobering Stats on Mobile Malware and User Ignorance

September 12, 2011

Over half (53%) of smartphone users say they are unaware that there is security software available for smartphones according to research by security company BullGuard, a shocking data point when mobile malware is skyrocketing.

In just the first six months of 2011, malware aimed at the most vulnerable platform, Android, has grown by 400% according to BullGuard, but that isn’t to say that Symbian, Apple or Windows Mobile users are safe.

The company has just released a new infographic titled Mobile Malware: – The Growing Threat of Smartphone Hackers & What You Need to Know’ that gives a great overview of the landscape of mobile malware, the lack of awareness about mobile threats among consumers, and what to expect for the second half of this year and into 2012 (the news isn’t great).

By the time you’ve finished scanning through the infographic, you may just be persuaded to install the mobile security software smartphones now desperately need.

Linda


Smartphone Users Are Mostly Young, Minorities, or Wealthy; This Needs to be Reflected in How We Teach Net Literacy

July 19, 2011

If you don’t have a smartphone, chances are you are older, white, less affluent, and don’t have a college degree according to new research by the Pew Research Center Internet & American Life Project. No longer primarily a status symbol, smartphones have become the primary internet access point for millions of users, but there are large differences between who uses these phones, and how they use them.

It turns out the phone you use says a lot about you, for example, you are likely to have a smartphone if:

  • You’re younger than 50 – more than half of 18-29-year-olds own smartphones, followed by 45% of 30-to-49-year-olds. For those over 50 there is a steep cliff; only 24% of 50-to-64-year-olds use a smartphone.
  • You earn over $75k – nearly 60% of American’s who earn over 75k own smartphones. The percentage drops to about 37% among those earning between $50 -$74k annually. Note: smartphone penetration is slightly higher (40%) in the next-lowest income bracket, those earning $30 – $49k annually; this may be due to this group using their smartphone more often as their primary internet connection.
  • You’re a college grad – nearly half (48%) of college grads own smartphones, compared to 38% of those with some college education, 27% of high school grads, and 18% of those with less than a high school diploma.
  • You live in an urban or suburban area – geography matters; 38% of both suburban and urban residents own smartphones compared to 21% of rural residents.
  • You aren’t white – 44% of both blacks and Hispanics have smartphones; nearly 50% higher than the 30% smartphone ownership rate found among whites.

How you use your phone also says a lot about you. You are more likely to use your smartphone as your primary means of connecting to the internet if:

  • You’re younger than 30 – 42% of 18-to-29-year-olds say they most often use their smartphone for web access, which is twice as often as 30-to-49-year-olds (21%) and more than four times as often as smartphone owners 50 and older (10%).
  • You are in the lowest income bracket – 40% of smartphone owners with a household income less than $30,000 a year use their phone as their primary internet access, compared to 29% of those earning between $30 – $49k  and 17% of smartphone owners with household income more than $50k
  • You belong to an ethnic minority – 38% of black and Latino smartphone owners primarily use their phones for web access, more than double the 17% of white smartphone owners who do so.
  • You are less educated – 33% of smartphone owners with only a high school diploma primarily use their phones for web access compared to 27% of smartphone owners with some college education, and 13% of smartphone owners with a college degree.

These findings have significant implications for how we teach and implement online safety, security, privacy and digital citizenship.

Beyond simply being interesting stats, the picture painted by the data has significant bearing on how companies need to display their privacy settings and terms of use, how proposed legislation is developed, the importance of mobile security tools, and how online safety, security, privacy, digital literacy and ethics are taught at school and implemented in homes.

For companies:

  • How are you going to ensure that mobile only users can easily read your terms of use and privacy policies, and select their safety settings? The small screen experience needs to be optimized to give users easy control.
  • If the least wealthy are the most likely to use the phone as their primary access, how does the cost of mobile security apps impact their ability to protect their devices, their identities, and their sensitive information? They will need free, or very low cost, mobile security apps. Should these be offered as a bundle in their service? How will you drive awareness of this need?

For Regulators:

  • Writing legislative proposals about internet safety, security, privacy or education that does not fully cover mobile internet experiences and risks is unacceptably shortsighted. Even when using the same technologies and services as computers, mobile devices bring their own set of risks and opportunities into play and these must be addressed simultaneously.

For parents:

For Schools:

  • Blocking technology is not the answer, yet far too many schools still think this is the best course of action. We need to teach students to be capable digital citizens on all internet devices to be prepared for the workforce environment they will step into. You must figure out how to embrace and incorporate technology.
  • Recognizing that the way youth use technologies, the amount of time they spend on technologies, and the economic divide in the use and access of technologies is critical in effectively incorporating technology as a learning tool – particularly for minority youth. To learn more, see my blog Minority Youth Spend 13 Hours A day With Media – 4 ½ More than White Youth – What Does this Mean for Their Future?
  • Kids can readily use technologies, but that does not mean they understand the real risks or consequences that can accompany these tools. It is absurd that teaching internet safety/security/privacy/digital literacy/ethics is not mandatory in every school. To help you address this shortfall, the LOOKBOTHWAYS FOUNDATION has begun creating the K-12 NetSkills4Life curriculum, made freely available to schools, families, organizations and the public. The first two online interactive lessons for 6th graders are in place, and we will be rolling out more lessons for all grades as quickly as we can and funding is available.

Linda


More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware

March 8, 2011

Twenty-one mobile applications from a single publisher have been pulled from the Android Market after Google learned they were exploiting consumers according to a new Washington Post article. Google has also remotely removed these apps from user’s devices, but that does not remove any malicious code that has already been downloaded.

These applications were apparently not only stealing consumer’s information, they left a back door open on consumer’s phones so they could download malware without the user’s knowledge.

According to Mashable, between  50k and 200k Android users downloaded these applications, which Mashable says “are particularly insidious because they look just like knockoff versions of already popular apps. For example, there’s an app called simply “Chess.” The user would download what he’d assume to be a chess game, only to be presented with a very different sort of app.”

To learn more about malicious and unethical applications offered through various marketplaces, see my blogs:

Mobile malware is expected to explode in 2011, and it’s time to protect yourself with mobile security software. See my posts:

The bottom line? Just because an app is offered doesn’t mean it’s been tested and guaranteed safe – case in point, if it weren’t for the diligence of the Android Police, the malicious apps on Android Marketplace would still be exploiting consumers.

Here’s a list of the malicious apps:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

Linda