Thursday, August 11, 2011

Somewhere Between "Holy Crap" And "It Could Be Worse"

Mobile apps are still not secure when it comes to storing certain personal information, according to a new study from security firm ViaForensics.
Dissecting a variety of apps for Apple's iOS and Google's Android, ViaForensics found that 76 percent of them store user names in cleartext without encryption, while 10 percent store passwords in the same way, making such data more vulnerable. Running a series of tests from November 2010 through June 2011, the security firm checked out apps from several categories, including financial, social networking, productivity, and retail.
I was happy to see they scored based on actual and potential.  It separated the apps that were a clear threat from the ones that were not encrypted but contained low risk data.  It paints a more accurate picture of the threat users face from not understanding how their phones work.  It would be great to see the heads of these companies make a good faith effort to establish a privacy standard.  We must draw clear lines of liability between user and creator.  Impartial and clearly defined standards of what data is stored, the level of security used to protect it, and how valuable that data is would go a long way.  There is a big difference between your SSN or current location and your Angry Birds high score.


The study itself is a very friendly read.  The overview says that more than 2/3 of the apps scored a warn or fail.  The lapses ranged from minor to account numbers.  Though some of the lapses are surely innocent our privacy should be overseen by those who know how exploitable unexpected types of information can be.  Here's hoping the good guys win the race and set the bar high.


We should put Wired on the case.  They've been doing some astonishing work over there, let them take a crack at this.  

No comments:

Post a Comment