It's been an article of faith that mobile security would one day face a do-or-die scenario brought on by crackers and other miscreants. In this scenario, the percentage of those dangerous folks who understand that the real fun and profit have shifted from the desktop to the mobile sector would hit critical mass, and they would set their considerable talents toward attacking iPhones, Android devices and all the rest.
Security Vulnerabilities at All-time Highs for Mobile Devices
Mobile security recommendations for consumers and administrators.
That day seems to be arriving. PC World, for instance, says that Android 4.0 - the long-anticipated "Ice Cream Sandwich" - has significant security problems, which it lays out. Likewise, Bloomberg reports that Android, which is considered the most vulnerable of the mobile OSes, has big problems, including one that is growing more severe:
Google Inc. (GOOG)'s Android operating system for mobile devices has had an almost sixfold increase in threats such as spyware and viruses since July, according toThat may increase the perception that Apple devices are safer than smartphones and tablets that run on Android, said Juniper.
The difference between the smartphone and tablet security level of various OSes depends, to a great extent, on how applications are accepted into application marketplaces and distributed to end users. Apple's App Store relies on a highly vetted process in which it tightly controls what is allowed on its "shelves."
Google, on the other hand, doesn't exert much control on what applications are made available. Permissions on what the applications can do, such as sending user information to advertising servers, is granted by users. That procedure raises obvious questions about the level of understanding or even interest users have about the actions they are approving.
It's hard to overestimate the impact on security that application marketplaces have. The IT world has spent the better part of the past decade trying to keep unwanted code from gaining access to computing devices. The business model of app stores relies on allowing and encouraging this to happen.
However, at least one observer questions the common wisdom on the inherent lack of mobile security, though he is one with a horse in the race. At InformationWeek, Eric Zeman comments on the security situation surrounding advanced operating systems - and Google's Android in particular. At the end of the piece, however, he quotes comments made by Chris DiBona, the open source programs manager at Google. DiBona is nothing if not direct: He called security firms offering virus protection "charlatans and scammers" that are selling "bs [sic] protection."
His point is that it is difficult for viruses written for one operating system to cross to another and that pitching security software products predicated on keeping this from happening is disingenuous. Indeed, his point echoes one of the main reasons that mobility initially was considered more secure than the desktop world. The popularity of multiple operating systems, the thinking goes, is inherently safer than the "monoculture" of the Windows-dominated desktop world.
Both sides are right, even if DiBona clearly protests too much. The bottom line is that the current dynamic may need to change as crackers take more direct aim at the mobile market. The fact that there is more than one OS to beat is more of an inconvenience, not an insurmountable obstacle, to crackers. Right now, it seems, the applications and app stores may be the most enticing entry points.