Warnings that the personal data of millions of Android users could be at risk of intercept by criminals has sparked a wider debate about the risks posed by mobile computing – and what measures consumers must take to mitigate the risk.
Advancing that discussion Scott Alexander-Bown, head of Android at Mubaloo, commented: “Anything that highlights the need to focus on security is welcome because we see this as a neglected area of development. Security should be a top priority when considering app development.
“I believe this report focuses on Android because Android apps are easier to analyze and reverse engineer. The security findings of this study, in relation to SSL, actually apply to all platforms. It would just be harder for an academic paper to proof this across iOS, Blackberry, HTML and Windows apps.
“In relation to the reports' recommendations, visual security feedback is a great idea. You rely on the developer of the app to have implemented a verified secure connection, so if Google built into Android a way of showing the user that the request was secure, this would give people confidence and knowledge that the app being used is secure. This principle should be considered across platforms, this is not Android specific.
“Man-in-the-middle attacks rely on an attacker being in a position to intercept messages. This is not like a virus, you have to be targeted by someone in a public place. If you only use 3G or a verified WiFi hotspot, you are much less likely to suffer from a man-in-the-middle attack.
“Use some of the common sense approaches you use on the web in relation to apps. Pay attention to the permissions the application uses (i.e. if you are downloading a live wall paper and the app needs access to your contacts list, that should raise alarm bells).”