The small snitch we carry with us
Mobile applications are small practical solutions that allow us to manage many aspects of our everyday life, and we can take them with us everywhere. As mobile apps have become a full fledged industry of its own, and with the large adoption of smartphones and the easy access to mobile broadband, the use of mobile phones for software applications is changing the way we see our handheld devices. Making them less and less just telephones and more and more computers. But with the promises that such applications bring come many concerns related to the security of all the personal data we usually keep in our phones. Some of these concerns are very similar to those that have faced the personal computers and internet revolution.
Mobile apps were originally confined to an elite of business users offering a solution to nomad executives for productivity and information retrieval. But with the democratization of smartphones and the exponential growth of both mobile operating systems and processor horsepower, the community of developers found in the mobile platforms a challenging and fruitful playground. Mobile software products that were long limited to corporate use such as emails, calendar, and stock market information are now reaching out to almost anything where the demand is, including GPS tracking, mobile games, banking, and even e-commerce.
The fact is that the popularity of mobile applications has led to a real boom of their use, both in number and variety, creating a tsunami of information on the internet and blogosphere. Mobile apps have become so popular that apps have become the main media used by mobile users for online usage.
As any other application, mobile Apps have the ability to access and memorize data. To make it easier for the user, many mobile applications have direct access to all the personal data recorded on a mobile phone, including contacts, location and call logs. So far, developers were more concerned about the constraints related to the limited resources a smartphone has compared to a computer. But today smartphones have evolved. Computing and storage capacity are less and less of a constraint and the users’ attention is shifting from performance to data security.
A mobile phone contains a lot of sensitive information, including personal details, financial data, and communications content. This information is not only transparent to any application installed on a handheld device but it can also be leaked to external servers without any control from the users.
Conscient of this issue, software editors such as MobileScope have designed solutions to give users transparency and control over this data capture and transfer. Such solutions can not only give more transparency on what information is actually shared and transferred to third parties but also provide real time alerts when such an event occurs.
Solutions such as MobileScope are more than ever relevant after the latest findings on mobile applications leaking information such as Path. An application that could copy the entire address book to a remote server without the knowledge or consent of the end users. A problem that was not an exception limited to Path, since many successful applications had the same issues, including Gowalla and foursquare.
Moreover, the issues with personal data handling and security has been known to mobile platform editors for years. But not only did it take them a lot of time to respond to these issues but the actual measures put in place are still not sufficient. Today most apps that run on smartphones must ask for permission to access personal information, location, or transmit data via the Internet. However, this permission is often inherited by embedded libraries which can lead to serious potential privacy and security vulnerabilities. In addition to these security issues many of these applications or the libraries they are using suffer from poor craftsmanship and are very demanding on the battery.
Most mobile platforms editors are failing to enforce efficient safeguards for the mobile applications available on their marketplace. The recent security issues on mobile applications, the multiplication of poorly designed applications on apps’ marketplaces and the exponential adoption curve of smartphones and mobile applications are just some of the symptoms for the lack of regulations for that young industry. As this was the case for the early development phases of computer and internet engineering, the mobile software industry would greatly benefit from a stronger implication of an industry consortium to regulate app development and put the guidelines for development operations.
The mobile software industry main challenge today is giving the control over the data back to the end user, and countering malicious behavior. Only with best practices and quality control can mobile applications development to ensure its sustainability and build upon its success.