I just came across an interesting post on the ESET Threat Blog (ESET being the antivirus vendor who are responsible for NOD32) about smartphone apps and the risk they potentially pose in a world when we install all sorts of applications, including those that deal with important and sensitive information, on the same device.
In particular, General Hayden remarks that ‘In the popular culture, the availability of 10,000 applications for my smart phone is viewed as an unalloyed good. It is not — since each represents a potential vulnerability. But if we want to shift the popular culture, we need a broader flow of information to corporations and individuals to educate them on the threat. To do that we need to recalibrate what is truly secret.’
Yes, each app that you install on your smartphone is a potential vulnerability. It is precisely for that reason you should be making decisions about what you installed based upon rational thought processes. There are some things that the reward is not great enough to warrant the amount of risk taken. For example, you might choose not to drive 120 MPH (193 KPH) because the cost of potentially getting isn’t worth the benefit of arriving sooner, or perhaps even the benefit of the fun of driving so fast. If you do choose to drive that fast where it is not permitted, and you do get caught, you may discover that the consequences are so extreme you wish you hadn’t have taken the chance.
When it comes to installing software on your smartphone, take a good look at what you may be risking. Do you do online banking or shopping with your smartphone? Do you have business contacts? Contact for friends? How about access to an email account with private emails? All of the information may be compromised if the wrong app is installed. After you identify what assets you have and their value, then consider the app you are installing. What is the benefit it poses to you? Is it worth potentially risking your information for a funny picture or a game you might play a couple of times a year and can probably play online, rather than installing it on your smartphone?
It’s an interesting read — and should remind everyone using an app-capable mobile device that it is a powerful computer, and with that comes a certain degree of risk. While the major smartphone software platforms have a higher level of technical separation between apps running on the same device than you typically get with a desktop PC, we should still be thinking about what apps are sharing ‘the floor’ with others, especially those which deal with more sensitive information, like mobile banking.