Apple and Google Mobile Security Pits Get Deeper

Last Updated Jul 30, 2010 4:22 PM EDT

For those interested in secure mobile data platforms, there has been a steady stream of discouraging news from this year's DEF CON security conference. Whether eavesdropping on GSM phone calls, a Google Android phone app that snags sensitive data and sends it to China, or the 14 percent of free Apple (AAPL) iPhone apps designed to gain access to a user's contact data, it's a discouraging roundup.

Combine with other news on the mobile security front, and you've got to wonder whether relying on smartphones is yet a smart move for consumers or corporations. There are too many holes that -- probably sooner than later -- will turn into some consumer security meltdown that will take a lot of trust and commerce with it.

The most glaring example was the Android wallpaper app from Jackeey Wallpaper that collects the device phone number, subscriber identifier, and voicemail number, packs it up, and sends it to some web site whose owner is in Shenzhen, China. Mobile security firm Lookout found the problem. Although Lookout says that that nothing malicious appears to have been done, it's questionable behavior.

This should be no comfort to the iPhone crowd. Not only do a lot of iPhone apps have access to users' contact data -- often with the consumers having no idea -- but there are some other problems that make the device a disaster waiting to happen. According to a number of security and iPhone developer sources, the device saves virtually everything someone enters on the keyboard for upwards of a year. According to Jonathan Zdziarski, consultant and author of iPhone Forensics, the data includes "usernames, passwords, search terms, and historical fragments of typed communication."

In theory, Apple would block any app that used the necessary internal API calls to gain access to the cache. However, a hacker could in theory find a security exploit and weave it into the code in such a way that it wouldn't be obvious to Apple. Last month, the Handy Light app, approved by Apple, turned out to offer stealth tethering on AT&T (T) without paying the carrier's $20-a-month fee.

Do I think that mobile is a big component of high tech's future? Absolutely. But it's already starting to sound like a bad day before the invention of antivirus software.

Related:

Phone image: RGBStock.com user leocub, site standard license. Photo editing: Erik Sherman.
  • Erik Sherman On Twitter» On Facebook»

    Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.