Phone with malware

Are Mobile Phones Really Vulnerable to Malware?

Published 30 September 2014

There are traditionalists who have not yet embraced the smartphone culture.  Those who believe the best use for a phone is to make a call. However, it is difficult to ignore the smartphone especially as it is anticipated that the number of smartphones will exceed the number of PCs in use by the end of 2014.

Users can download applications as diverse as those to help you blow out your birthday cake candles (‘Blower’ yes it exists!) to language translators and home banking applications.  Your smartphone can be a TV, film and music entertainment system. And there are applications that have word processing and spreadsheet capability.  However, the growth in smartphone applications has resulted in a lucrative market for those who develop smartphone malware.

User Permissions Issue

A recent report (by Appthority) found that whilst just 0.4 percent of mobile enterprise apps were infected with malware, 99 percent of free mobile apps for both iOS and Android demonstrated unusual behaviours such as recording unique device identifiers, locations or contact lists.  It is therefore user permissions and not the software that poses the greatest threat.  Given malware is traditionally defined as a programme that installs itself without user knowledge or consent, can suspicious mobile applications be considered as malware when the user gives permission?

Too Good to be True

In reality there is no such thing as a free application.  In granting permission you are providing information about your behaviour that has a value.  This information can cover anything from contact lists to more “traditional” information such as login and access credentials.  Once permission is granted it is easy for the collection of information to go undetected as virtually every application, legitimate or not, asks for the same kind of permissions.

Without doubt, smartphones are going to receive more attention from corporate security functions as bring your own device (BYOD) becomes more prevalent.

For more information on how Bridewell’s Cyber security services can support your organisation, get in touch with our team for a confidential conversation.