There's an App for That

Tuesday, March 15, 2011

Ron Baklarz


At the recent RSA Conference, two dynamic individuals from Lookout Mobile Security, CTO Kevin Mahaffrey and Principal Engineer Tim Wyatt, gave a riveting talk on their "App Genome Project". 

As of February 2011, the App Genome Project "has analyzed more than 500,000 Android and iOS applications. The App Genome Project was created as an ongoing effort to provide insight into mobile market dynamics, gain insight into how mobile apps access personal data and sensitive capabilities on mobile devices, and identify security threats in the wild."

In addition to providing detailed comparisons between Android and iOS apps such as market share, costs, access to personal data, etc. the report analyzes statistics relating to alternative app sites and sites for jailbreaker apps. 

They found that: "85% of the apps in one alternative iOS market were pirated versions of paid apps available in the Apple App Store" and "Nearly all apps in another iOS market are unique to jailbroken devices."

The obvious issue is that the apps downloaded from these "untrusted" sources can contain malicious code.  I strongly recommend that you check out the Lookout Mobile Security website and familiarize yourself with their findings as an on-going part of your mobile security program.

Additionally, there are some recent developments in apps that will cause fits for the security and law enforcement communities:

Spoofcard© is an iPhone app that allows a caller to disguise their actual telephone number via a toll free access number and a PIN. The user selects a fictitious user name and any 10 digit phone number of their choosing which then is displayed on caller ID systems and call logs.

The app also has additional features that allow the user to alter his or her voice and to record phone calls. The iPhone app is free and the company makes money by selling minutes.

Whisper Systems has an Android app, RedPhone, "that provides end-to-end encryption for your calls; securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to."

They also have a companion app, TextSecure, a "drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as normal.

All text messages sent or received with TextSecure are stored in an encrypted database on your phone, and text messages are encrypted during transmission when communicating with someone else also using TextSecure."

Stick around - this app thing is getting interesting!

Ron Baklarz is the Chief Information Security Officer for Amtrak, and will be presenting at the Cyber Security Strategies Summit May 10-12 at the Kellog Conference Center in Washington D.C.
Possibly Related Articles:
PDAs/Smart Phones
RSA malware Mobile Devices Jailbreaking Cyber Security Strategies Summit Application Market App Genome Project
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.