security mobile Archives ⋆ Mobile Commerce Press

Tag: security mobile

Smartphone users may be more trusting in mobile security than it deserves

Lucy | March 3, 2016

According to a recent study, Android device users are taking quite a casual attitude toward their vulnerabilities.

Proofpoint, a cyber and mobile security firm, has now released a report that has shown that users of Android devices had willingly downloaded more than two billion apps containing malicious code in 2015.

Those findings with regards to the downloading of malicious mobile apps were published in the Human Factor Report.

That report provides a closer view of the most recent cyber and mobile security trends throughout social media, mobile apps and email. Among the top findings of this report, one that is drawing a considerable amount of attention is the fact that malicious mobile applications are affecting the United States the most, with China in second place. The findings also pointed out that many of the problems with malicious apps come from downloads that are occurring in marketplaces outside of official channels.

These marketplaces are posing a considerable mobile security threat that device users seem to be ignoring.

mobile security trust The researchers from Proofpoint discovered rogue app stores that were giving mobile device users the opportunity to download “free” clones of popular apps for both Android and iOS devices but that contained malicious code. In many circumstances, the games were clones of premium apps that were being offered for free, or included those that had been banned from the official Apple iTunes Store, luring people to these rogue marketplaces with their offer of something that was certainly too good to be true.

In order to be able to download those mobile apps, the users would have had to bypass a number of cyber security warnings along the way. Despite that fact, and the fact that downloading from those marketplaces increases the risk of downloading a malicious app by four times, many people are continuing with this activity.

The mobile security issues presented by these malicious apps can include anything from the sharing of personal information and data to revealing passwords to third parties. Downloads from those marketplaces surged during the fourth quarter of last year. Among the malicious apps that were indeed downloaded, data was communicated to 57 different countries. Of the data that was transmitted, 19 percent went to China.

Mobile apps using Baido code are leaking personal info

Lucy | February 29, 2016

Thousands of applications running on this code have been found to be collecting and sharing private data.

According to researchers at Citizen Lab in Canada, there are currently thousands of popular mobile apps that are running code created by Baidu, the internet giant from China, and the code has been causing those applications to collect the personal information of the users and transmit it to the company.

The researchers pointed out that a great deal of that personal information would be very easy to intercept.

It is estimated that the mobile apps using Baidu’s code have had hundreds of millions of downloads. The researchers have traced the issue back to problems in the software development kit (SDK) by Baido for creating Android applications. The mobile security threat applies to the Baidu browser as well as the apps that were created by the company and other firms that employ the same SDK in their app development. That said, while it was primarily Android applications that were affected, the Windows browser from Baidu was also among them.

The same researchers said that comparable types of security issues were present in the Alibaba UC Browser mobile app.

Mobile Apps The UC Browser from Alibaba and another popular mobile browser that is broadly downloaded and used in the largest internet market on the planet have also both been affected with unsecured personal data transmission.

That said, while Alibaba has already moved forward and has repaired the vulnerabilities, Baidu had yet to have completed that task at the time of the writing of this article. The company was, however, in the process of making the repairs to the holes in the kit’s encryption. Still, it admitted that it would not cease to collect data for commercial use. Some of the data collected by Baidu will also be shared with third parties. Still, the company said that it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”

Among the unencrypted information collected through the Baidu code based mobile apps are the search terms that have been used by the user, his or her website visits, and his or her location. This, according to the Citizen Lab chief researcher, Jeffrey Knockel.