Dark Side Arises for Phone Apps
Security Concerns Prompt Warnings
By SPENCER E. ANTE
As smartphones and the applications that run on them take off, businesses and consumers are beginning to confront a budding dark side of the wireless Web.
Online stores run by Apple Inc., Google Inc. and others now offer more than 250,000 applications such as games and financial tools. The apps have been a key selling point for devices like Apple's iPhone. But concerns are growing among security researchers and government officials that efforts to keep out malicious software aren't keeping up with the apps craze.
Motorola's Droid phone
In one incident, Google pulled dozens of unauthorized mobile-banking apps from its Android Market in December. The apps, priced at $1.50, were made by a developer named "09Droid" and claimed to offer access to accounts at many of the world's banks. Google said it pulled the apps because they violated its trademark policy.
The apps were more useless than malicious, but could have been updated to capture customers' banking credentials, said John Hering, chief executive of Lookout, a mobile security provider. "It is becoming easier for the bad guys to use the app stores," Mr. Hering said.
Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn't have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. "We check reactively," said a Google spokesman. "There is no manual bottleneck."
As more companies, governments and consumers use wireless gadgets to conduct commerce and share private information, computer bad guys are beginning to target them, according to government officials and security researchers.
"Mobile phones are a huge source of vulnerability," said Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division. "We are definitely seeing an increase in criminal activity."
The FBI's Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores, Mr. Snow said. The cases involve apps designed to compromise banking on cellphones, as well as mobile "malware" used for espionage by foreign nations, said a person familiar with the matter. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones.