EU cybersecurity agency Enisa publishes report on app store security

News

EU cybersecurity agency Enisa publishes report on app store security

Warwick Ashford

European Union cybersecurity agency Enisa has published a report on app store security that advocates a baseline set of five lines of defence against malware.

 

 

Popular app stores such as Google Android Market and Apple App Store are used to deliver hundreds of thousands of software applications to mobile devices, but are increasingly attracting the attention of cybercriminals.

Research by security firm G Data shows that malware for smartphones and tablets is up 273% in the first half of 2011, compared with the same period in 2010.

Authors of the Enisa report, Marnix Dekker and Giles Hogben, say that using malicious apps attackers can easily tap into the vast amount of private data processed on smartphones.

They say this data includes confidential business e-mails, location data, phone calls and SMS, but smartphone users are hardly aware of the threat.

The report identifies five lines of defence that must be in place to secure app stores from malware. These are: application review, reputation, kill-switches, device security and jails.

"This report provides a very practical and technical analysis of malware threats for app stores in less than 20 pages," said Raoul Chiesa, an Italian ethical hacker and cybersecurity expert.

Enisa has made an excellent choice of security techniques, he said, and the recommendations are ready to use.

While recognising the differences between the various smartphone models and app stores, Enisa recommends an industry-wide approach to addressing insecure and malicious apps.

"This paper is a blueprint for how to maintain this head-start and address security across app stores," said Udo Helmbrecht, executive director of Enisa.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy