Mobile Security: Keep Smartphone Malware Threats In Perspective
May 17, 2011
Juniper Networks claims mobile malware threats have jumped 250 percent. To address the threat, Juniper and BullGuard have developed BullGuard Mobile Security 10 for Android, Symbian, Windows Phone 7 and Blackberry devices, with Apple iOS support coming soon. For VARs and MSPs, mobile device management (MDM) — including security — are real opportunities. But just be careful of all the Fear, Uncertainty and Doubt (FUD) in the market. Here’s why.
No doubt, vendors from McAfee and to Google have been addressing malware. Juniper Networks‘ Global Threat Center says 61 percent of mobile malware involves spyware. Juniper Global Threat Center believes malware will be distributed — unknowingly — through malicious software in app stores. That’s something we’ve seen already, like the Google DroidDream fiasco.
But Juniper has to be careful not to turn its warnings into alarmism. For instance, Juniper says:
The Center’s analysis of the Android Market shows that one out of every 20 applications requested permissions that could allow a call to be placed without the smartphone user’s knowledge or interaction. The study also reveals that numerous applications on the market contained malicious spyware, with Google Android malware samples growing 400 percent from June 2010 to January 2011.
Security: Important But Don’t Panic
My personal opinion: Juniper’s claims go a bit too far. Here’s why: As a previous Android user, I downloaded a lot of nifty tweaks, modifications and other 3rd party software that interacted or interfaced with the ‘phone’ functions of my phone, and it could be something as innocuous as your address book, or something as complex as a home screen replacement.
When starting apps that access personal information, you’re alerted to allow the app accesses that sensitive data. So here’s a tip: If you download a game that shouldn’t have access to your phone features, and it requests permissions to that information, it should be a red flag. No thank you. Permission denied. Delete time.
What about all those tweaks I downloaded? How can they be trusted? Frankly, they can’t. But VARs should use their best discretion (like you do with most things in life). A high-quality app — with a developer team and a support site — isn’t likely to infect your customers’ devices.
Percentages Vs. Real Numbers
Juniper also claims “numerous applications on the market contained malicious spyware.” My personal opinion: That’s conjecture at best. According to AppBrain.com, there’s just under 200,000 applications on the Android Marketplace. Here’s a hypothetical example: If malware instances jump from 10 apps to 50 apps, that’s a 400 percent increase — a big statistic but still small in terms of actual malware apps in real numbers.
Also, I believe the malware apps are not targeted attacks. Instead they involve malicious developers who are ‘fishing.’ (At the time of writing this, the biggest number I could find was 21 malicious apps that were officially eliminated by Google and a paltry handful of odd Chinese apps that Sophos found SMS malware in. Google has also removed these.)
Naturally, Juniper recommends that all smartphone users install a security solution on their device while making sure you know the origination of your apps. The latter sounds like good old fashioned common sense, as does the reminder from Juniper and BullGuard that Android Marketplace apps are not vetted like iPhone and Symbian apps are. Android users and VARs should always take extra care. Naturally, Juniper and BullGuard recommend BullGaurd’s Mobile Security 10 solution.
Some Basic First Steps for VARs
No doubt, there are clear opportunities for VARs to profit from mobile device management and mobile security. But I haven’t tested the Juniper and BullGuard solution and I have some basic recommendations before you even go out and test third-party solutions.
If your customers use smart phones for online banking, e-mail, social networking and other sensitive tasks, make sure the devices have activated their lock features, encryption and a remote-wipe solution. Do customers need antivirus software running on their phones? I’m not so sure. Identity protection starts with being smart, whether it’s at home with a paper shredder, or on the Internet using PayPal instead of your credit card. Apply the same scrutiny to the apps your customers download.
I’m not advocating that your customers take zero security measures. In large corporations or SMBs, managing and securing mobile devices is a requirement, and tools exist to ensure security standards are maintained.
Juniper and Bullguard are educating VARs about potential mobile security risks. But solutions providers should keep the statistics in perspective. Instead of sounding the alarm, take the time to truly investigate how your customers are using their smartphones. Then, pinpoint managed security and mobile device management solutions that may fit their needs.
Sign up for The VAR Guy’s Weekly Newsletter, Webcasts and Resource Center. Follow The VAR Guy via RSS, Facebook and Twitter. Follow experts at VARtweet. Read The VAR Guy’s editorial disclosures here.
About the Author
You May Also Like