App stores: A security time bomb?

Mobile malware

ANALYSIS In the last week we saw Apple celebrating its 10 billion App Store downloads milestone.

The success of app stores has been fairly startling in recent years, altering the paradigm of how people use their web connections.

But with the rise of these virtual emporiums, more of which are set to pop up soon, has come an increase in security dangers threatening end users.

So should users be panicking about what they're downloading and is there even much to be concerned about?

The threats

Users could encounter a variety of threats on app stores. Some are bundled in with other apps, such as wallpapers.

This throws up another challenge for vendors as they try to split malicious apps from the legitimate ones.

Spyware-type applications have been spotted as well, where SMS messages were sent to unintended recipients.

More traditional, PC-like attacks are another danger. Symantec researchers recently spotted a piece of malicious kit that stole data and reported back to a command and control centre.

The app was monitoring SMS messages and was capable of receiving instructions from the command and control centre as well.

Other dirty apps have forced the user to call premium rate numbers, so the crooks get some of their target's funds.

Not so serious?

Despite the range of threats out there, users should not feel overly perturbed. Not just yet, anyway.

The fact that no precise figures have been given on how many malicious apps are present on the likes of the Apple App Store and Google's Android Market, indicates hackers have not yet identified them as fine places to acquire funds and data illicitly.

Compared to the amount and range of malware targeting PCs, malicious apps pale in comparison.

Greg Day, director of security strategy for McAfee in Europe, the Middle East and Africa (EMEA), said the security firm had not seen any more than 1,000 mobile threats in total, whereas there are 60,000 PC threats emerging a day.

However, he claimed it was "blatant" that apps will increasingly be used as a basis for attacks.

"What we've seen happen over the last year is a lot of testing can I do it, what can I do it with?" Day told IT PRO.

"The question is, at what point does that floodgate open and this becomes mainstream?"

Smarter businesses will prepare now for when mobile app threats really start to escalate, according to Day.

Orla Cox, security operations manager at Symantec, said her company had also only seen "a very small amount of threats."

But Cox said she expects certain kinds of app attacks to continue to rise, such as the aforementioned premium phone dialler danger.

She also pointed to the Android Market, indicating many of the threats Symantec has spotted had come out of the Google offering, rather than the Apple App Store.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.