Security Blog

Your source for information security news and views.
Tags >> mobile security

The evolution of mobile apps has become a viral topic among technologists. Developers are rapidly transitioning their skills from PC based programming back to the minimalist programming seen in the early stages of computing where resources were limited. There are already an estimated 350,000 apps on the Android market and more than a half-million in the iOS App Store. With these mobile app environments growing so quickly, PC companies are struggling to keep up and searching for a beneficial solution.

Enterprises have been exploring the idea of virtualization of applications to allow functionality on various platforms for a long time now. Much of this development can already be seen today on mobile devices and PCs that run Java environments to power universal applications. What they are really searching for is a solution that allows for universal operation of applications that use little to no system resources. If these apps can run on less powerful smartphones then they should have potentially amazing capability on PC platforms.

Well now this solution is within reach. Bluestacks is currently developing technology that will allow Android apps to be run on a PC. Though this seems great for integrating our bulky yet powerful desktop and laptops in with our mobile devices, it should also be raising some red flags. 

According to research published by Juniper Networks, mobile malware on the Android operating system went up 400% in the six months prior to 2011. Thats should be a frightening statistic! Why would we ever want to allow these applications to run on our PCs?! As if our PCs didn't already have enough malware to defend against, we are going to add mobile malware into the equation.

The technology will be virtualized so there is an assumed level of security associated with such technologies. This security is usually provided through the use of a hypervisor to manage communications between software and hardware and also between the hosted operating systems themselves however, the technology pitched by Bluestacks seems like it will stray from this model. 

"End users don't have to toggle between operating systems. They can simply click on an icon for an Android application, for instance, to launch and use it." Rosen Sharma, president and CEO of Bluestacks said.

From a security standpoint, we find this methodology very risky. We expect to see malware propagating through this new attack vector very soon, you can count on it. "This will be the number one attack vector within a year!" Ken Kousky, president and CEO of IP3 Inc. said.



Mobile devices continue to become our main source of productivity throughout our lives. Making phone calls and checking email are one thing but now we can browse full web pages and even edit documents. Mobile apps make our lives easier and…well…more mobile.

In todays world it is hard to find a task that cannot be completed in the palm of your hand. We can now conduct entire business meetings from an iPad, monitor our servers remotely through our smartphones, and take care of our banking and finances all while on the run. This could be a fatal mistake if we are not careful. We need to slow down for a minute and consider some serious security implications of our mobile actions.

Physical security of these devices is key when talking about mobile security. As smartphones get smaller and smaller and our technology keeps up with Moore's Law, we must keep in mind that these devices now become more susceptible to theft. Just think of how easy it is to slip your phone into your pocket, this task is just as easy for criminals.

You may think that your smartphone doesn't carry very important information. This is a huge mistake in the mindset of security. Soon our smartphones will carry more than just our contacts, photos and web access. They will be our main form of identification, our car key, our credit card, and our login token. Google and Apple have already began work on this theory of eliminating passwords and using our mobile phones for complete authentication.

Failing to protect your mobile devices could also soon be hazardous to your health. As medial records continue to transition from paper to digital form we will soon be seeing all of our medical information flashing across our smartphone screens. This is not something you can afford to lose or have maliciously altered. 

Mobile apps still don't stop there. We all know that the banking industry has already taken a huge turn towards mobility. But have you heard you can even file your taxes on your smartphone? Intuit reports that as of February 2011 350,000 downloads of its SnapTax application are already in use by iPhone and Android customers. Thats right, you can even file your taxes on your smartphone. No more trips to the library or even to your computer. 

So what if you lose your phone or it gets stolen? There are options to secure yourself. These options include a growing list of mobile encryption programs. You may also want to check out Apple's Find My iPhone app as well as the beta third party Android version Mobile Defense. These apps, and many like them, are like LoJack for your mobile devices. Lost devices can be located, wiped and protected all from remote locations using these innovative security apps.

These topics barely break the surface of mobile security. Physical security is one small aspect of securing your smartphone. Stay tuned for more information on mobile app security including Cloud computing and how it will affect your smartphone security.