Tuesday, March 1, 2011

Smartphone Apps Not Secure Says Lieberman CEO

A while ago there was some research that mobile apps are sharing user data, as we reported about (here). Well apparently research by a US university undergraduate has now revealed that Android apps are sending user credentials and the CEO of Lieberman Software has a thing or two to say about it.

Apparently Dan Wallach’s research has determined that numerous Android applications, along with an approved Facebook app, are shooting out all data other than the password, “in the clear, ”

The CEO of Lieberman Software, Phil Lieberman says…” This is absolutely typical of open source software, since there is little incentive for the software developer to use secure protocols unless the destination system requires this.”

Lieberman Software specialises in security solutions and privileged identity management, and Phil further states…“This is the biggest issue with open source software. Whilst the economic imperative to go open source is clearly very strong, companies that use open source, such as Android, which is based on Linux code, also need to ensure their software is robust on the security front, and this process costs money.”

Lieberman goes further and says that this is an “early warning shot” about new platforms such as Android and Windows Phone 7 and the use of cloud computing, and it’s no surprise that apps are insecure.

Other smartphone platforms such as iOS for the iPhone, iPod Touch and Apple iPad, and the BlackBerry platform have vetting procedures for their apps to ensure 3rd-party apps aren’t delivered without assurances of being robust from a security perspective the article by Lieberman reports.

However, Lieberman sums it up by saying that there’s no guarantee that smartphone apps are as secure as desktop apps, ” for the simple reason that few smartphone users in a corporate environment have access to smartphone app security checking.”

Lieberman finalised by adding…“I suspect you will find many other examples of smartphone apps that have a security hole in them. The sad fact is that, until smartphone-transmitted someone’s credentials are ransacked to commit a serious cybercrime, we don’t get to hear about this until it’s too late.”

However, back in December 2010 a lawsuit came to light that includes iOS in the data sharing scandal as we reported (here), so perhaps iOS isn’t as secure as one would think even though it is a closed platform unlike Android.