Q&A: Clamping down on rogue apps
With app markets taking off, how can we curb the rise of malicious applications?
Rogue applications have been something of a bother for consumers and vendors alike in 2011.
Google had to deal with a tonne of malicious applications finding their way onto the Android Market earlier this year.
Pesky crooks are trying to get their hands on smartphone users' data and money, uploading their dirty apps onto marketplaces and just waiting for consumers to fall into their traps.
There are a number of organisations trying to protect users, of course. Premium rate regulator Phonepayplus is one such body, looking out for apps that sneakily get users to pay for premium rate services without them knowing it.
The regulator launched a consultation yesterday, calling for greater transparency on app stores, so users know what they will be charged for.
We caught up with Phonepayplus's CEO, Paul Whiteing, to talk about what kinds of rogue applications the organisation has seen and what can be done to mitigate their proliferation.
How many rogue apps have you spotted so far charging users when they shouldn't be?
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
We've only seen two so far. But the reason we've put the consultation out is that we have started to see one or two problems and we'd like to move quite quickly to prevent it from becoming more widespread.
Where were these rogue apps found and what were they doing?
One of them was found on the Android Market. The other one was on an independent app store.
In one case, we were looking at something that was charging quite a significant amount, people being charged 4.50 straight away.
In the other one, we were looking at something [an adult application] that was potentially very serious because at the very start of this being discovered, people were actually being charged 1.50 a day without their knowledge.
With that one, you have to remember people who buy adult services tend to have a lower propensity to complain, as in doing so you have to admit you've bought an adult service.
Are there problems with Google's Android model and its security?
Yes, but that's the nature of open source. But it's probably worth saying that Google is just as concerned as we are. We've fully communicated with them about it and they are taking action themselves.
We feel not everybody is informing the consumer...
Google is proactive in dealing with anything they find out about. We've engaged with them where we think there are problems and they've taken action to remove stuff and I think that's what they're planning to continue to do.
What do you think will come out of your consultation?
What we hope is that the 80-90 per cent of the premium rate payment industry that goes along doing its job in trying to keep consumer confidence will know exactly how they can do that through apps.
We consult because of two reasons. One because we obviously understand the market, but there will always be something we'll miss that we'd like to quality control with people. And secondly because we think it's useful to get everybody's view before we go ahead and make a decision.
How are you helping in hunting down rogue apps in the first place?
We have a monitoring team that does searches. Based on what we already know, they will go on app stores and do searches on things.
They can usually discover coding within an application, that would do things like send hidden messages from your phone that could look as though it's yours.
How much should we be educating the end user given many problems arise from people accepting permissions when they shouldn't?
People need to make an informed choice. If that's their choice that they like to pay for an app, or they don't mind if their information is shared, that's great.
We would rather they make that choice having been fully informed. That's where this consultation is coming from because we feel not everybody is informing the consumer.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.