Security vulnerabilities and spyware are now a serious problem for smart-phone users.
In July, for example, Citigroup announced that its mobile banking program for iPhone inappropriately saved confidential information–including the user’s account numbers and their PIN–unencrypted in a hidden file that could be accessed by other programs running on the user’s iPhone. The account numbers and PIN were also copied to the user’s desktop computer when the iPhone was synched.
Things are somewhat better on Google’s Android platform thanks to the operating system’s underlying security model. iPhone applications are given full access to every app’s data. But Android applications must specify which “permissions” they need. Permissions can include the ability to access the entries in the user’s address book, to determine the location of a device using the GPS, and to make phone calls. Permissions are located in a special file and shown when the application is installed; they are also visible in the Android Application control panel. Android currently supports 114 different permissions, which you can see on the developer website.
Android’s permissions system doesn’t prevent apps from stealing your data, or performing other malicious actions–it simply makes it easier to find the apps that are engaged in this practice. But it’s becoming increasingly clear that this isn’t always enough.
This past July, for example, researchers discovered that a free “wallpaper” program for Android called Jackeey collected personal information including the user’s phone numbers, voice-mail information, and carrier data, and sent it to a website in China. Then in August it was found that a free game called Tap Snake is actually a tool for covertly monitoring a person’s location. Tap Snake runs as a background service and sends the location of a phone to a website; the person who installed the game on that phone could then monitor the phone’s location with another program called GPS Spy.
Tap Snake doesn’t violate the Android security model: the program requires the ability to run as a service, monitor GPS position, and communicate over the Internet. But there are two problems with the Android security model. The first is granularity: although Android programs are required to tell the user which permissions they use, that doesn’t explain what the apps actually do with these permissions. The second problem is engagement: the model requires that somebody use this information and take responsibility for the user’s security.
A review of a few Android apps highlights this issue. A few weeks ago I was recommended an application called Rare Black Wallpapers as a way of saving battery power. I noted that the app required the ability to modify or delete SD card contents, full Internet access, and the ability to read my phone’s state and identity. Surprised, I e-mailed Hero Planet, the company that delivers this application, and asked them why these permissions were needed. Hero Planet never answered, so I uninstalled the program.
Likewise the program Salamander eBook Reader for Android requires permissions to determine your physical position, get full Internet access, and read the phone’s state and identity. I e-mailed Feel Social, the publisher, but got no response. Feel Social’s website looks like it has been abandoned and nobody answered the company’s phone when I called. But the app is still in the Google Marketplace; what is that app doing with my GPS information and full network access? I uninstalled it as well.
Another program that requires more permissions than I thought appropriate is Documents to Go, a program that lets me read Microsoft Office files with my Android phone. This program requires not just the ability to read and write to the phone’s SD card, but also full Internet access, and the ability to read the phone state and identity. It also starts automatically when the phone boots. I e-mailed DataViz, the program’s creator, and this time I got a response.