This week the mobile enterprise reports on the state of security -- from mobile apps that leak information to new guidelines that aim to protect users.
Mobile Apps Share Identifying Information
How much information do you actively send via mobile apps without giving permission? According to a Wall Street Journal Study, of 101 popular mobile applications for both Android and Apple’s iOS platform, more than half transmitted a phone’s unique identifier to third parties without users’ permission, and 47 of the apps sent the phone’s location to third parties in some way.
Assisted by the consulting firm Electric Alchemy, researchers used an iPhone 3G and a Samsung Captivate (one of Samsung’s Galaxy S Android smartphones) to test applications.
Among the applications sharing the most user information with third parties were TextPlus 4 (an instant messaging client that reportedly discloses users ages, genders, and ZIP codes to multiple ad networks) along with Paper Toss, Grindr, and the music-streaming service Pandora. The study found that the most commonly-disclosed information was a mobile device’s unique ID number, rather than direct information about a user, which is commonly assumed.
More Malware Attacks in 2010
Speaking of information leaks, malware specifically targeting mobile devices increased in 2010, rising 33%. The spike in attacks was likely a result of hackers capitalizing on popularity of smartphones and the fact that far too many users haphazardly access and share data from their mobile companions.
In a report by mobile security software vendor AdaptiveMobile, results also showed that most attacks were fairly simple in design and execution. While this is interesting in retrospect, it mostly forecasts a volatile 2011 as security experts expect that hackers will become more sophisticated in their attempts with more complex scams aimed to exploit multiple smartphone features and weaknesses to steal data and spread more malware.
Mobile Marketing Petitions for New Guidelines
The Mobile Marketing Association (MMA) recently called for guidelines to better protect smartphone users from intrusive tracking technologies. In an effort to help marketers and phone users navigate the mobile landscape, and to show that they are actively engaged in protecting consumers from malware attacks, MMA plans to develop guidelines that would cover multiple types of marketing on mobile phones, including text messages, email and voice calls.
Having last updated its code of conduct in 2008, MMA’s current guidelines do not contain specific provisions for protecting privacy in mobile apps, making new revisions overdue.