More than fun and games: What is your app really doing? - FOX5 Vegas - KVVU

Danger on the Net

More than fun and games: What is your app really doing?

Posted: Updated:
Nearly every mobile application contains 'permissions' Nearly every mobile application contains 'permissions'
Security expert Georgia Weidman Security expert Georgia Weidman
An example of a malicious app running on Google Earth An example of a malicious app running on Google Earth

Mobile applications are the backbone of today's smart phones, but some individual app developers may have malicious intentions.

Mobile security experts are highlighting the vulnerability at the TakeDownCon hacking conference in Las Vegas this week.

Apple alone offers more than 500,000 mobile applications, according to its web site. Likewise, the android market reports more than 10 billion downloads. 

"If anybody can send you any bit of information, there's the potential for being exploited," said information security specialist Kyle Osborn.

From games to e-mail to social networking, the risk begins before the app is on your phone.

"It asks me before I download it, if I want to accept these permissions," said security researcher Georgia Weidman, describing the app selection process.

"Permissions" can be anything from accessing your location, to the ability to send and receive text messages. Weidman used a Facebook application, marked as an "Editor's Choice" for an example.

"It wants to be able to read the phone state and identity," she said. "It doesn't seem like that big of a deal, but that gives [the developer] access to the personal identification number of the phone, which is worth as much to malware writers as a credit card number."

Weidman said it is tough to figure out a software developer's true intentions.

"It's really hard to tell the difference between a developer that just doesn't know any better, and a developer that's trying to hurt you."

Weidman demonstrated an app she created herself, specifically to showcase a phone's susceptibility.

It asked for permissions similar to that of many popular apps, and in moments, sensitive information was on full display.

"There's no indication to the user that any of this happened," Weidman noted.

And, security experts agree the problem isn't going away anytime soon.

"[There is] such a varying range of exploits across a bunch of different applications, and it's almost impossible to teach people not to get exploited."

For protection, Apple has strict guidelines on what applications are made available to customers.

The Android Market will also remove dangerous apps if they are spotted. But, sometimes the damage is already done.

One example that happened recently was the DroidDream Trojan attack, which was reportedly downloaded 50,000 times before it was removed from the market.

The best advice is to read the permissions before you download, and if they appear suspicious, then look elsewhere.

Weidman noted, for example, that there is little reason for a video game to need your GPS location.

Copyright 2011 FOX5. All rights reserved.

Powered by Frankly
Fox 5
Powered by WorldNow CNN
All content © 2018, KVVU Broadcasting Corporation, Las Vegas, NV and WorldNow. All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.