Mobile security concerns
I’m hearing more and more concerns about security concerns with regard to mobile devices. I guess this was to be expected as more people have smart phones and tablets start to replace laptops. It seems Google's executive chairman Eric Schmidt drew laughter when discussing security on the Android platform, Executive chairman dances around straight answer while talking up Android security.
Schmidt said in the distant future there would be an assumption that nothing is secure and that security will be devised on a per app basis for each user.
I’m not sure whether many people would find that situation very helpful. His view is perhaps a consequence of a recent study issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) suggesting Android devices represent a significant security threat. Of the malicious attacks documented in the study, 79 percent took place on an Android device and 19% on Symbian whilst Apple's iOS received just 0.7 percent of the recorded malware threats. One of the key sources of threats appear to be the installation of apps from insecure sites, so whilst the approval process for the Apple iTunes store occasionally causes complaints it also acts as a significant security barrier. Whilst the Google Android should have the same role it is perhaps worrying to find that recently 50 malicious apps had to be removed. There have however now been reports of threats distributed via email spam.
The Android trojan known as Stels began distributing via fake U.S. Internal Revenue Service-themed emails, using an Android crimeware kit to steal sensitive information from the device, and monetizing by making calls to premium numbers.
Apple does seem to be taking the security concerns seriously, the AppStore provides an initial check on apps, the new fingerprint authentication provides an extra level of device protections. In iOS7 we have Activation Lock so that someone who’s got hold of your device can’t disable Find My iPhone without knowing both your Apple ID and that Apple ID’s account password. The person with your lost device can’t erase data on the device, also if you designate your device as being lost it can’t be restored to reactivate it—the phone displays only a phone number and a custom message about contacting you.
Keeping the operating system up to date helps, and the adoption rate for iOS7 is very impressive.