Alcatel-Lucent and AirTight Networks are offering designs that address the ever growing trend that is bring-your-own-device (BYOD) which is putting more and more pressure on networks.

With the recent boom in popularity of smartphones and more recently the tablet PC, employees and C-level executives are expecting to be able to access the company networks on their devices.

Cause and Effect

Despite the increase in employee productivity the BYOD trend has brought with it, it has been cause IT administrators a great number of headaches as they are having to look back at all of the security measures in place and the bandwidth which these devices will require.

The IT administrators now have to find a way of keeping the networks secure whilst granting employee’s access via the mobile devices and controlling the effect this will have on the speeds of the network. Networking companies are developing systems designed to aid IT administrators manage mobile device access, one of which is Extreme Networks and their Intelligent Mobile Edge product.

Alcatel-Lucent’s take on BYOD

Alcatel-Lucent is adding to the market with its offering of its Converged Network Solution. The application allows the networks to track what device is connected to the network and who is using the device, plus the applications that are being used. The application has been designed to identify which applications require a higher quality of connection than other dependent on business criticality.

“Our solution helps enterprises keep their employees satisfied and productive, while reducing the capacity-sapping impact of personal services and devices on their networks,”

Stephane Robineau, vice president and general manager of Alcatel-Lucent Enterprise Network Business, said in a statement.

“As importantly, by building application fluency capabilities into the network, we are also making it possible for enterprises to ensure that employees who need guaranteed service quality for bandwidth-heavy applications, like video conferencing, can get it when they need it.”

Whilst the application allows the management of mobile devices on the network it also makes the use of external services such as cloud computing much easier.

Part of Alcatel-Lucents solution is the OmniSwitch 6450 Ethernet LAN switch, a 1GbE device that offers network access and can include 10GbE uplinks. This device will be made available between April and the end of June.

AirTight’s take on BYOD

AirTight has introduced a device “fingerprinting” capability into its Spectragaurd Enterprise Wireless Prevention Services (WIPS) and AirTight Cloud Services. The new fingerprinting capability was designed to enable easy identification for mobile devices on a network and check that they meet with the requirements of corporate policies.

“AirTight uses correlation of information from over-the-air and on-the-wire packets,” Parekh said in a statement. “This method produces accurate information about all smart devices (including iPhones, iPads, Androids and BlackBerrys) connected to the network to enable automatic classification and policy enforcement of ‘approved’ versus ‘unapproved’ devices.”

Along with the device fingerprinting AirTight also have a workflow designed to simplify BYOD management (patent-pending), mobile device quarantine, hotspot authorisation, Wi-Fi device pinpointing on premise, BYOD management API that integrates with mobile device management (MDM) systems and produces BYOD reports that can be emailed to any inbox required.

As the BYOD trend gains more momentum the pressure put on IT departments is increasing as is the number of businesses that are adapting their IT systems to accommodate this is up to 60 percent, according to a report from Avande. Nearly 90 percent of business leaders understand that employees use personal devices for work, 65 percent of C-level executives have acknowledged that BYOD is a high priority for their companies.

“Despite the notion that business leaders are resisting the shift, we found that companies are investing in staff and resources to enable the consumerisation of IT and have many of the resources that are needed today,” said Tyson Hartman (Avanade CTO) when they released the report.

It would seem that the BYOD trend will continue to bring new innovations and issues as things progress.

Warning about the security risks that are coming to light between Twitter and mobile malware that Symantec discovered after researchers said they have noticed an increase in the number of cyber criminals utilising the micro blogging system to lure in victims.

In a post made on Symantec’s blog, employee Joji Hamada says that Twitter is becoming an increasingly popular way to lure people to Android.Opfake malware.
“Users can potentially end up infecting their mobile devices with Android.Opfake by searching for tweets on subjects such as software, mobile devices, pornography or even dieting topics, to name a few,” Hamada wrote. “Android.Opfake is not hosted on the Android Market (Play Store) and these tweets lead to malicious Websites developed for the Opfake application.”

Twitter is a hotbed for scams:

Hamada said, that the Tweets used usually contain short links that are in Russian with the odd bit of English mixed into them. If the user clicks on one of these links they are asked to install code which is made to look legitimate. Additionally despite there being these tell tale signs of malicious links there are also tactics used by the individual which are harder to pick up on without having to follow the link and seeing what happens.

In the blog post, Hamada gives examples of malicious tweets.

Malicious Tweets:

Hamada goes on to outline some of the other characteristics of malicious tweets, but he also does warn that they not all consistent and will vary on some level. One of the key things to watch for is that the tweets are being sent out at a constant rate with no variation in what is tweeted and that the account has no followers. Having said that, there will be profiles that look like they are owned by honest people because it contains content in the profile, has followers and a more common account name but it is in actual fact linking to malicious code.
Symantec found that the malware operations are running constantly across a large number of accounts and in most cases they are performed simultaneously. Bringing to our attention Hamada mentions a operation that had been running for 8 hours before it was stopped, within this time 130,000 tweets had been made across 100 accounts (more than 160 tweets per hour per account).

“There were other minor operations taking place as well,” he said in the blog post. “However, I was unable to confirm the number involved.”
Hamada, praising Twitter in the way it responds to the findings of Symantec, which alerts them on malicious tweets. Symantec has suggested that Twitter shuts down these accounts while users are still able to report accounts for spam.

“Cyber-criminals mix their game around, thereby making it difficult to recognize all bad tweets and most of all: they are persistent,” he wrote.
Hamada notes that Twitter provides advice on how to keep accounts secure.

“Smartphones have allowed users to access the Internet anytime, anywhere and perform tasks that were only possible using computers,” Hamada wrote. “While the convenience provides so many great advantages, cyber-criminals are also taking this opportunity to accomplish their bad deeds. So be wary when using mobile devices. For tweets in particular, be selective when deciding which links in the tweets to click on.

Trusted tweets?

You may want to only trust tweets you are familiar with. Tweets are similar to email. You wouldn’t open an email from an unknown sender and then click on the included link, would you? This usually means bad news and the same goes for tweets.”
Having followed the Android.Opfake malware Hamada said that while the developers are currently targeting the Android and Symbian smartphones, they are also looking to target the Apple IPhone and the iOS operating system.

“We have come across a couple of Opfake Websites that, while hosting malicious apps that Symantec detects as Android.Opfake, are also designed to perform social engineering attacks on iPhone users,” Hamada wrote. “The iPhone is designed to prevent the installation of applications outside of the Apple App Store. This makes life difficult for bad guys attempting to fool users into installing malicious apps in a similar manner to Android and Symbian devices. To get around this, the Opfake gang has developed a social engineering trick that does not require apps to scam site visitors.”

To read Juji Hamada blog post click here.

GFI Software commissioned a survey on how 200 small-to-medium businesses (SMBs) feel the volume of spam received has changed. The overall response that they got was that the volume of spam is still increasing or at least remaining the same.

The more concerning fact of this is that 40 percent of UK Businesses have gone through data breaches due to spam and the files and links they contain.

From the 200 businesses that took part in the survey 86 percent of IT decision makers said that the level of spam they have been receiving over the past year has only gone up or remained around the same level. The survey revealed the 46 percent of SMBs rely upon anti-spam features of their antivirus to stop the spam from getting through to their inboxes but 70 percent of the total number of business that took the survey said the protection is minimal at best. Over 20 percent use anti-spam gateway devices in conjunction with their mail servers, a fifth use specialist software, and a small 7.5 percent use cloud solutions to combat spam.
92 percent of people in the North West of region of the UK complain about spam more than any other, the South West and Wales are on the lower end of the scale with just 66 percent. The area that has been most affected by Spam and breaches relating to it is London with 56 percent who took the survey having under gone a compromise due to spam.

Phil Bousfield, general manager of GFI Software’s Infrastructure Business Unit said:

“This research shows that the spam problem is not going away, and in fact, the delivery of malicious links and files makes it more dangerous than ever before…Businesses need to respond by taking advantage of all the latest spam-fighting technologies available to them.”

Multi-layered approach to spam defence:

A multi-layered approach to spam defence is the strongest way to combat it with Antivirus components play an effective part of it despite not being the best when running on its own.

“The increasing volume of email-borne threats – coupled with an organisation’s need to balance security and infrastructure costs – is a growing burden on IT administrators looking to find the optimum and most cost-effective approach to email security,” added Bousfield. “Cloud-based anti-spam solutions are increasingly being deployed by businesses to bolster their existing email defence and stop spam from even entering the network.”

Predictions made by Kaspersky one of the leading security companies say that three quarters of the mobile malware released will be aimed at the Android Operating System.

The large numbers of smartphones has become the lure for malware authors thanks to the way Google are leaving the Android market open to all authors and the lower costs of internet access.

Kaspersky Report:

Kaspersky aren’t the only ones the notice this rise in malware for Android as Jupiter Networks have noticed this and noted a 3000 percent rise in the period of last year.

After discovering the first SMS Trojan for Android in July 2012, Kaspersky added Android to its ever expanding security suit in February 2011 when 89 pieces of malware for android was in circulation. These 89 pieces only counted for a little over 4 percent of mobile malware at the time, as there was 61 percent targeting J2ME (Java 2 Micro Edition), Symbian was targeted by a more acceptable 23.4 percent and the Windows platform only 5.6 percent, which in retrospect for a Windows platform is a very small amount to deal with.

Huge Growth – Android The Target:

Since February 2011 the landscape of mobile malware has significantly change to the point that there are now 340 families and over 9000 types of malware for mobile and a massive 75 percent of that is aimed solely at the Android platform. In comparison to J2ME’s previous figures only 18.6 percent is now targeting the plat form.

Despite the ever growing numbers of mobile malware the threat is still quite small when it is compared to the desktop operating systems as Kaspersky have said that they are finding on average 6.7million new virus signatures in a single day and 70000 malicious and unwanted programs.
It is expected the amount of Android malware will continue to grow over the year with attacks becoming more intelligent as the market of mobile operating systems continues to grow ever closer to the desktop environment.

At the RSA conference on Wednesday, the Cyber Security Veterans behind CrowdStrike will be demonstrating that the types of attacks that currently target computers are moving towards smartphones.

George Kurtz (Former chief technical officer) and Dmitri Alperovitch (McAfee Vice President, Threat Research) have come across a method that allows them to take over smart phones through the use of booby-trapped text messages.

“The reality is that those attacks are probably already in the wild and no one has discovered them,” Alperovitch, the author of reports on cyber-espionage operations Aurora, Night Dragon, and Shady Rat, told AFP.

It is possible that hackers can send a text message which contains a link that would automatically download and install software. This link could be disguised in a number of ways but the most popular would most likely be one purporting to be their bank or a popular online shopping website.

Security For Smartphones

“We can monitor and record all calls, get all inbound and outbound SMS messages… basically take over the phone,” Kurtz said.

“Imagine sitting in a board meeting and someone accesses your phone and listens remotely.”

Hackers could use the GPS and WiFi systems that are installed on the smart phone to track the user’s locations which can then open up more possibilities for the actions they can take.

The method of getting computer users to click the thing that the hacker wants them to has become a well practiced art and has been used for many years to install malicious software with the users knowledge. But when it comes to the smart phone there has been a lack of attention where this method is concerned as the biggest focus has been on the makers of “apps” or “rogue apps” that program in tasks that are designed to steal personal data.

“When we look around we see people worried about malicious apps,” Kurtz said. “We think the real issue is vulnerability in those phones.”

Up until recently Kurtz and Alperovitch have been running a new CrowdStrick in what they called “stealth-mode” but this have now recived the backing from global private equity firm Warburg Pincus worth $26 million.

“Most companies are focused on detecting malware, and there are millions of pieces of that, with new ones coming all the time,” Kurtz said.

“It really is akin to focusing on the bullets in the gun as opposed to the shooter…We think most companies have an adversary problem, not a malware problem.”

The idea behind CrowdStrike is that it is a building tool to be able to find out how they are getting into the systems and what they are trying to accomplish.

“You can’t know how best to fight a war without knowing who the enemy is, and it is the same thing in cyber space,” Alperovitch said. CrowdStrike plans to have a product on the market in the second half of the year.

“At the end of the day it is another guy sitting at a keyboard somewhere going after your data,” Alperovitch said. “You don’t have a malware problem, you have a people problem.”

Thanks to their new integrated security platform: Security Intelligence and Risk Management (SIRM) HP are looking to give enterprises a better view of what is happening across their more traditional mobile and cloud environments. They claim that through the use of this new SIRM service, businesses will be able to apply more flexible and adaptive security defences that are based around organisational risk that are unique to the business sector they work in.

Getting into the Security Race:

As HP aim to play a bigger role in the security market, they have come to realise that many organisations are under more and more pressure to ensure that their security systems can keep up with the ever increasing pace that is coming and many are struggling.

The rapid increase in popularity of Smart Phones, Tablet PC’s, Cloud based applications and storage is making organisations extend their infrastructure outside of their boundaries of security to protect the new areas that employees are working in, as the term bring your own device (BYOD) is becoming more well known.

Believing that its Security Intelligence and Risk Management can bridge the gap between the IT operations and security HP say that it is “helping organisations to move beyond a bolted-on, single-purpose product strategy.” The key significance of SIRM is that due to HP’s acquisition of ArcSight, Fortify and TippingPoint, to form the HP Security Products group last year, the system integrates the products that came with the purchases.

As an example, HP says that the HP EnterpriseView tool provides a dashboard to C-level Executives with a ‘heat-map’ the shows a prioritised view of risks across the enterprise. The view provides security executives with the ability to actively address high risks and deploy adaptive defences as rapidly as possible.

Along with EnterpriseView, HP Application Security Monitor (AppSM) is able to provide visibility into application security and increases the rate at which monitoring can be setup by reducing the requirement and cost of producing custom programming required.

HP Mobile Application Security protects the mobile applications through the use of line-of-code precision which identifies any potential security vulnerabilities on both the Android and Apple iOS.

The Risk of Cloud:

The risks that are associated with the use of cloud technology have also been taken into account by HP with their offering of HP Cloud Connections Partner Programme; this gives the management the ability to track user activity in Software-as-a-Service environments
To top it all off the HP compliance stack helps ensure physical, virtual and cloud systems meet compliance requirements of its customers.

The enterprise-class systems from HP don’t come with a cheap price tag given the nature of them.

HP EnterpriseView (Starting at): £157,569

HP AppSM (Per Applications Server): £3,151

With Google Wallet being pretty new to most people as a method of making payments, there was always going to be talk about how security would have to be top notch to allay any fears people may have about using a mobile device to facilitate payments considering fears over security online in general.

And with this in mind Google have responded to a report that Google Wallet as a service was indeed of serious concern for people who used “rooted” Android devices.

Developers found PIN flaw:

It appears that a team of developers found a flaw that allowed Android smartphones to have their PIN protection overridden, this is the system that is aimed at protecting payments, once this protection was broken, it would allow anyone to access the account within the phone.

Google issued the statement saying they “strongly discouraged” rooted android device owners from using Google Wallet on their devices.

Prepaid credit card issue also:

In a separate issue, it was claimed that prepaid credit via credit cards set up on stolen phones that had the screenlock protection turned off could be easily accessed by simply clearing the data and reinstalling the Google Wallet App, again Google responded by warning people of the issue and temporarily disabling their prepaid cards provision, and is said to be now looking forward to a compete fix to the problem.

So make sure that you get that screenlock on and if you are a bit slap happy with stuff like this and lose your phone a lot, just dont put too much credit on.

In the statement by Google they also remind you that in the event of you losing your phone — you can call them on (855-492-5538) and have the app disabled.

Google statement:

We strongly encourage anyone who loses or wants to sell or give away their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.

We have recently covered a possible link between the delayed release of the Samsung Galaxy Nexus and NFC issues between Google and Verizon related to security and general competition.

And we have discussed the Google Wallet NFC technology way back when we started in June this year, so here is an update on the Google Wallet security issue.

Thanks to a recent research paper from Viaforensics, we can report that recent research seems to suggest that despite everyone’s hatred of Verizon for delaying the US release of the Samsung Galaxy Nexus, they may have had their reasons and perhaps Google may need to buck their ideas up when it comes to the security of their new NFC mobile payment technology.

Google do not have the best track record for security in their App marketplace:

This comes after many issues that relate to security and Malware found on apps in their own Android marketplace.

So, should Google be trusted with more of our credit card details? Or should they just stick to providing information for free and making shed loads from adverts and stop selling actual products and services?…of course this is a joke.

Google Wallet does not encrypt credit card details safely:

So what could be the problem with Google Wallet?

*Note that these tests were done on a “rooted” device.

The report suggests that Google Wallet does a really good job in storing passwords safely, but with no encryption on the credit card number, balance and other info, the report does hint that things could be improved here.

However on top of this, the additional findings by ViaForensics in a report titled “Forensic security analysis of Google Wallet” suggests that further data stored in the SQLite databases in an unencrypted way includes:

[arrowlist]

• Name on the card
• Card limit
• Expiration date
• Transaction dates and location
• The last four digits of your card

[/arrowlist]

Oh yes, that just about covers it.

And so it seems, like pretty much everything that you need to steal a persons details, in order to do fraudulent purchases will be available in this database, unencrypted, to be used with “relative” ease.

The testing on a rooted phone did mean that the researcher had root or privileged control of the phone. And the actual credit card number was not accessible at this level as it is stored in the NXP chip.

*I must stress I am not a mobile security expert but do want to point out that there are differences between a rooted device and a non rooted device with increased difficulties associated with the non rooted device which was not the subject of these tests.

Image of credit card recoverable from cache:

The research method uncovered an option to create a recoverable PNG image of the credit card which had some of the details from the researchers card within the image and could have been used, according to the report, for social engineering attacks.

Most of the files were pictures of blank cards however one of the cards had been updated to reflect some of my credit card information. While this was an initial and small finding, before I could complete this article Google pushed out an update to Google Wallet and the card image no longer contained the data. While very little data was exposed, the most problematic was the card expiration date which is a key piece information needed for Card Not Present (“CNP”) transactions.

In summary the researcher concluded by saying:

While Google Wallet does a decent job securing your full credit cards numbers (it is not insecurely stored and a PIN is needed to access the cards to authorize payments), the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card).

Scary stuff, or a report based on unlikely events?

On Friday, Seoul Central District Prosecutors’ Office reached the decision not to pursue claims that Daum (Korean internet search specialist) and Google, actively collected illegal data of smartphone users.

Yonhap News reports that the legal challenge did uncover that Google and Daum were collecting location data, but this was only the position of the user and not any further details about them.

This comes as news from the US shows that Carrier IQ could be reporting information back to companies who want to learn about a smartphone or device users specific actions including messaging and keystrokes.

Admob was the accused platform:

It was thought that Admob was the platform that could have been reporting user data back to Google. Earlier in the year the offices of Google were raided by Seoul police in order to secure hard drives and learn more about how the Admob platform was being used.

GPS coordinates OK but not personal information:

One prosecutor admitted that it would be tough to use a smartphones IP address as people moved around suggesting that it was OK to obtain location data through GPS but nothing more than this.

Deeper murky waters:

In news related to the relationship between Daum and Google, it has become apparent that Daum was also separately cleared of capturing data this Friday, after law enforcers also raided their offices in May.

Google also have other pressing issues with the Korean law agencies, as they are accused of blocking and banning search rivals from including third-party applications on Android handsets.

After an earlier report about the UK Ministry of defence creating a series of videos aimed to educating forces staff on the dangers of updating to Facebook and Tweeting information that could be intercepted by “the enemy” and general nasty folk.

Symantec have produced a report focusing on the corporate sectors potential exposure to negative social media coordinated by their own staff and how to mitigate the consequences.

Symantec are World famous for supplying security, storage and systems management solutions have recently released their social media protection poll for 2011.

The real cost of social media disasters:

The survey is the cumulative result of research that was conducted during April 2011 by Applied Research.

They surveyed IT and C-level professionals responsible for networks, computers, and technology resources at small, medium, and large enterprises.

These were defined as being the following:

(small – 1,000-2,400, medium – 2,500-4,999, and large 5,000+ employees).

Survey Scope:

With 1,225 respondents in 33 countries in North America, Asia Pacific, Latin America and Europe, the Middle East and Africa (EMEA)

The survey was done to assess how companies were currently protecting their assets and themselves from potentially negative consequences of information sharing via social media outlets.

9 Social media “incidents” a year:

The poll has highlighted that one bad tweet can cost a company up to $4 million in lost revenue as a result of a bad tweet that has leaked sensitive information.

As usual when it is information you wished no one knew about you can guarantee it is just what people want to share!

And with nine “social media incidents” a year on average at the organisations surveyed, the result of these incidents meant that 94% of those surveyed suffered considerable loss at the hands of loose tweets and facebook updates related to sensitive information. The findings make for interesting reading for any business who is looking to ensure that social media is not used negatively when shining a light on their own organisation for marketing gains.

Top 3 social media incidents:

The survey found that the top three social-media incidents included:

[arrowlist]

• The loss or exposure of confidential information (41 percent).
• Employees sharing too much information in public forums (46 percent).
• Increased exposure to litigation (37 percent).

[/arrowlist]

And the impact of social media incidents included:

Over 90% of the survey respondents who had social media incidents suffered negative effects as a result, these included:

[arrowlist]

• Reduced stock price (average cost: $1,038,401 USD).
• Litigation costs (average cost: $650,361 USD).
• Direct financial costs (average cost: $641,993 USD.
• Damaged brand reputation/loss of customer trust (average cost: $638,496 USD).
• Lost revenue (average cost: $619,360 USD).

[/arrowlist]

Greg Muscarella, senior director of product management for Symantec’s Information Management Group reported is quoted saying:

“Employee education and training on the proper use of social media for business purposes is just as important as having the technology pieces in place,”

I would argue with that and say that businesses should look at specialist social media agencies to organise what gets out in the blogosphere and how to aggregate and syndicate all that content in a wise and effective manner.

Obviously Symantec are in the business of selling their services and solutions so they actually suggest businesses should look at investing in the following areas of data management and law:

[arrowlist]

• Employee training
• Legal policies
• Archiving solutions
• Data loss prevention

[/arrowlist]

It seems that since our last post about the Google android app marketplace allowing malware to be downloaded, the same thing has happened yet again in a matter of days.

We are naming and shaming the apps here and also asking questions over what Google intends to do in the future to stop the Android app marketplace being infiltrated by malware infected apps that have nasty/dubious elements contained within them.

The apps that have recently been removed include:

[arrowlist]

• Bubble Buster
• Scientific Calculator
• Quick FallDown
• Best Compass & Leveler Note:

[/arrowlist]

Caution – beware of similar sounding illegitimate apps named closely after established safe apps!

Just a note of caution here, the developer who appears to be doing much of the nasty work is called “Mobnet” and was behind the first wave of the DroidDream virus back in March and he has seemingly resorted to tactics such as releasing a similar closely sounding app to a legitimate one, just to add to confusion and concern for unsuspecting Android app users.

In this case there is a legitimate application with the package name something similar to that of Best Compass & Leveler.

The nasty Trojanized application simply but sneakily capitalizes the application package name (i.e. com.gb.CompassLeveler), while the legitimate application does not (i.e. com.gb.compassleveler).

Not the easiest to spot when you have no warning I must say!

Stark warning for Android users:

A leading security firm has said stealing bank details by fraudulent app submissions and subsequent download and use would be almost trivial to accomplish on the Android market.

I have to say if this is true, and I assume this essentially has to be true as Google Android simply do not check whatsoever once you submit the app (tested by my myself and available here: Mobile News App) then the security fears of Android users like myself are fully justified, this is not good at all Google.

The mobile inquirer app was available within seconds of publishing via a third party developer, now I do not develop apps myself but assume that if we already have malware already getting into the marketplace, then this policy of safe until proven otherwise is seriously flawed.

It is a major gripe of mine since moving from an iPhone 3G to a fantastic Samsung S2. As a user of Apple most of my life (well 10 + years anyway) I have enjoyed not having to worry about issues related to security, and I enjoyed the same privilege using my iPhone, blissfully.

While I do not worry too much about the Android marketplace currently as I am relatively switched on with security, the truth is anyone can become a victim if developers of malware are copying names of legitimate apps, seriously Google take note now.

Your thoughts on security in the Android app marketplace

What are you thoughts on this, is the Android marketplace rife for developers of dodgy apps, and will it eventually lead to a major security risk with people losing their credit card and bank details to these developers, all because Google will not put in place some kind of safety screening system?

Or is the openness of the marketplace something to embrace and the pains of having occasional malware of whatever variety appearing now and again just a fact of life for which we all simply need to take more precaution over….I do not think so at all personally…time for a system to be put in place…but open to discussion as always!

Will Android become the new Windows – Hell on earth?

As a recent Android convert (right now iPhones are over rated) I am relatively pleased with the Android market….however:

Talking to the European head of a leading News aggregation app News Republic the other day, I curiously quizzed him about his developers producing apps for both markets, and his response was along the lines of:

Android better to develop for:

“Android is much easier to develop for as Google allow you much more freedom of creativity and choice in getting apps approved.”

– Great news.

News republic app for iPhone and Android is a fantastic app by the way – tailor your own news and stop messing about going to all the rest!

But freedom can come at a price, and it seems this lack of control could be costing Android its reputation as a safe place to download apps to your mobile.

Quality of Apps:

Another slight issue I have with the Android marketplace as opposed to Apples is the quality of the apps:

I have only had my New Samsung S2 for two weeks now but the apps I now have are generally not as slick as the iPhone ones I was used to, yes the big ones are cool, and work better as my device is superior in almost every way, but the plethora of apps to choose from is woefully average and I can only put that down to a very weak editorial policy for new apps on Google’s Android marketplace.

i.e anything goes on Android until its an issue!…Very dangerous.

15,000 affected Android devices due to malicious Trojan apps:

F-Secure are reporting that a rogue Android developer has altered an essentially harmless app into one that covertly allows a simple mobile botnet to do the following:

“The added code will connect to a server and send details about the infected handset to the malware authors,”

With 25 apps found on the Android marketplace recently all containing a variant of the DroidDream trojan, Google have since rid their marketplace of these offenders but reports are that more infected apps have made their way into the Android app market yet again.

I am not a fear driven person but this does have me concerned.

The issues I have here are this:

For many years I chose macs to work on, mainly because over ten years ago I produced dance music on computers and Macs were the most stable operating systems to work with, I had no internet until early 2000’s and since then have no real idea what Trojans, Malware, etc really are at all as I stuck with my Apple mac, hearing reports from PC users but smuggly thinking; glad that is not a concern of mine….and for this I thank Apple and the hackers who have thought better than plaguing OSX (mainly, I hear due to market penetration being too small, and not that OSX is so robust, it is apparently not)

So anyway I thank Apple for keeping the iPhones app marketplace free of nonsense and danger.

But Google need to watch out; one major bad press release about how plagued the Android marketplace is could mean slow or immediate disaster for the Android O/S and related manufacturers, as people will simply not put up with something they used to feel they had no choice in (which PC operating system to use, Apple or Windows, with people sticking to familiarity over safety for many reasons in the past.)

in 2011 though a clear choice has emerged between Apple or Android.

If this then shifts to “Safe and unsafe” I know who will start winning the SmartPhone was yet again.

Sensitive information kept on your phone:

With so much sensitive information being stored on your phones memory, we do worry massively about these kind of issues not getting resolved and feel that Google need to step up their game immediately with regards to security and how they manage their own marketplace.

Creative freedom = security issues?

Google needs to more closely monitor its Android app marketplace before it turns into a junk yard and has users worried about downloading anything other than the supposedly trusted, well know apps, this would be a disaster for what many feel is Androids major plus point, more creative freedom.

So here are the graphical stats for Apple’s app market with a lovely looking illustration by 500K apps:

What are your thoughts on Google V Apple in terms of their marketplace for apps?

Do you have first hand experience of both markets, if so, which do you prefer? And is security a concern of yours while using Smart Phone applications?