My 3/20/11 Missoulian column
Part One is here: Malware Attacks On Phones Increase
Last week, I covered how the fast growing popularity of smartphones has made them targets of malware. Criminal programmers are now following the money – and security vulnerabilities – to the smartphone market (as they always have for PCs and laptops) to steal personal information and make money by fraud.
Mobile malware reached the mainstream news on March 1st, when Google revealed it knew of Apps in the Android store that had hidden malware and had been downloaded hundreds of thousands of times. The malware that was installed on smartphones running Android – under the hood of what appeared to be legitimate Apps – was capable of stealing personal information and installing other malware.
So Google removed the Apps from the store and announced their findings and new software patches on their mobile phone blog. And Google announced something else: they initiated a “remote kill” for those Apps. See An Update on Android Market Security – Official Google Mobile Blog.
Somewhere at Google, an engineer clicked a mouse and sent out an electronic signal that erased those Apps on user’s smartphones and patched them against further malware.
The blowback was interesting. Some Android users were happy that Google took the initiative and accessed their smartphones and deleted the Apps. Other users were angry that Google was able to do that on their smartphones, and did so without asking, too.
Some Android owners said that Google was becoming more like Apple: controlling their personal devices and their software. And those remarks bring to light a fundamental difference in the way Google and Apple smartphone apps work.
Google went with an open source platform and an open market for Android Apps; anyone can learn programming and distribute an App. At Apple, a programmer needs to apply to distribute Apps, and each App is checked for quality and malware by Apple engineers before being included in the store.
For the most part, the only malware that affects iPhones is some that only works on iPhones that have been “jailbroken.” That means the phone has been opened up to run non-officially Apple approved Apps.
Worst case, Apple has acknowledged it has (but has never used) the same kind of Google App “kill switch” for official Apps in their App Store.
But a larger idea in the world of software and malware is this: is open source software and open App markets and resulting freedom worth the risks? Or is a closed system like Apple safer, but at the same time more restrictive?
We’ll hear more of both sides of the story as more malware surfaces in the coming years; it’s inevitable.
This week in Mac Q & A: Is There Malware Around for the iPhone?