Speaking personally, the fallout from Mobile World Congress sits at three levels. There’s the fact that I missed a complete night’s sleep due to a crazy early takeoff slot, Vodafone’s mWomen initiative to “empower” women in developing nations with mobiles — and the lack of discussion surrounding standards, interoperability and, above all, security on the fast emerging set of new devices currently spawning across a whole host of different operating systems.
Specifically, Android and security comes to mind.
Not just malware-related security concerns, but also concerns over defects found in the kernel, the need to categorise and classify these faults (if they do indeed exist) — and the resulting corollary in terms of what kind of security backdoors these defects might leave open.
Taking on open source technology to commercial deployment and rollout will typically mean locking down dynamic libraries so that they are presented statically, which in turn allows them to be certifiable so that they can be given a warranty.
So Android’s developer pages specify plenty of info on security risks and concerns saying that, “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user.”
Yet at the same time, AVG’s Droid Security reports that, “The ‘ADRD’ trojan targets Android users and is part of a Chinese multi-platform network Xiaxia.com. AVG reports that a similar threat from the same botnet also exists targeting other smartphone platforms such as Symbian S60.”
Droid Security also specifies that as the ADRD trojan infects a device, it registers itself to sensors of network activity, alarms and various other OS events. “Once fully installed, the trojan feeds back the phone’s unique IMEI/IMSI number, with each infected smartphone becoming part of the botnet.”
There’s also an app called Lookout that allows a user to track the location of lost phones — and Trend Micro appears to be pretty vocal on this subject too.
One final note, Lookout is also responsible for the App Genome Project, which is described as, “The largest mobile application dataset ever created in an ongoing effort to map and study mobile applications.”
There’s more to discuss here, much more. But our takeaway thought must surely be to question just how real this threat will be — and will other more cash rich markets such as iOS, BlackBerry and Windows Phone 7 always be more attractive to would be malicious hackers.